Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE Flaw Exposes Users To Spoof-Based Attacks

Posted by Zonk on from the fool-me-once dept.

Sotos wrote to mention a C|Net article discussing a new spoof-based attack on Internet Explorer. From the article: " The problem lies in the way Microsoft has implemented a JavaScript component in its Web browser, security researcher Amit Klein wrote in a research document. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used, he wrote. The vulnerability could be exploited with specially crafted code. An attacker could spoof a legitimate Web site, access data from the Web browser's cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web site, according to Klein's write-up. " Secunia has an alert up on the spoof.

18 of 169 comments (clear)

  1. XMLHttpRequest? What's That? by turkeywrap · · Score: 5, Funny

    XMLHttpRequest? Never heard of it.

  2. Dupe? by P0ldy · · Score: 5, Funny

    Am I wrong or haven't we seen this story before?

  3. Spoof-based? by Limburgher · · Score: 4, Funny

    So, like, Spaceballs could compromise my boxen?

    --

    You are not the customer.

  4. Re:Crank Up The Flamethrowers by eggoeater · · Score: 5, Funny

    Than add another 100+ comments on your comments on how many comments we have and we'll have even more comments.....

    ...and then theres the comments on the comments on the comments....

    ...no...it will never end....especially after the dup story is posted tomorrow.

    --
    $7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
  5. Here come the pre-packaged sound bites. . . by EraserMouseMan · · Score: 5, Funny

    "Yea, but it hasn't even been exploited yet! It doesn't count unless it's been exploited, right?"

    "I bet there will be a fix out within 24 hours! Exploits don't count if they are fixed quickly, right?"

    "I don't care if they find a thousand exploits; I still won't use IE!"


    Oh, wait . . . I thought the article was about another Firefox exploit. Nevermind.

  6. Re:Oblig by Anonymous Coward · · Score: 5, Funny

    Firefox? I'm using Webwhale, which is much better!

  7. Job security by plopez · · Score: 2, Funny

    If it wouldn't be for MS, most IT web logs would shutdown.

    All the secuity articles guarantee readers and advertisers :)

    --
    putting the 'B' in LGBTQ+
  8. Re:Misquote by sedyn · · Score: 2, Funny

    "When will people get the message?"

    In this case, hopefully before their identity is stolen.

    --
    Am I open minded towards open source, or closed minded towards closed source?
  9. But then we can't access the net by kianu7 · · Score: 3, Funny

    But if we don't use Microsoft products, how will we be able to access the internet? *confused* :)

  10. No big deal... by Stephen+Samuel · · Score: 4, Funny
    Microsoft doesn't consider spoofed customers to be a problem, so this doesn't classify as a security problem.

    :-}

    (I really do wish it was completely a joke)

    --
    Free Software: Like love, it grows best when given away.
  11. Amateurs... by tktk · · Score: 5, Funny
    I just read the page source and render the pages in my head.

    There's no chance a spoof attack would ever wo.df&^3478adf@$%%

    /*User dead*/

  12. There Goes Someone's Weekend by usacoder · · Score: 3, Funny

    Should be another quiet weekend in Redmond while Microsoft fixes this one.

  13. Re:XMLHttpRequest? What's That? by GweeDo · · Score: 5, Funny

    Active Ingredient: Triclosan
    Other Ingredients: Water, Magnesium and/or Sodium Dodecylbenzenesulfaonate, ammoniym laureth sulfate, Sodium xylenessulfonate, SD alcohol 3-A, Laurel polyglucose, Laurylamidoproptlamine oxide, Magnesium sulfate, Sodium bisulfate, fragrance, Prntasodium pentetate, DNDN Hydantoine, D&C Orange No 4.

    See, see, Triclosan is what powers AJAX!

    --
    Unstable Apps: Our Android Apps Don't Suck
  14. What is IE? Does it run on Linux? by Anonymous Coward · · Score: 0, Funny

    What is IE? Does it run on Linux? I hear a lot about it, but I can't find it in any of the debian repositories.

  15. Re:Let the IE/FF comparisons begin by Metteyya · · Score: 3, Funny

    As with IE - these are not bugs, these are features. You know, Internet Explorer enables browsing the Internet from user's computer and the other way too.

  16. Re:Crank Up The Flamethrowers by Anonymous Coward · · Score: 2, Funny

    Let me finish this discussion right here, right now:

    Nazi.

  17. WHAT?!?!? by artemis67 · · Score: 2, Funny

    IE is flawed?

    I don't believe it!!!!

  18. What;'s funny... by leshert · · Score: 2, Funny

    ...is that stories like this could be duplicates, and you'd never know it.