Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE Flaw Exposes Users To Spoof-Based Attacks

Posted by Zonk on from the fool-me-once dept.

Sotos wrote to mention a C|Net article discussing a new spoof-based attack on Internet Explorer. From the article: " The problem lies in the way Microsoft has implemented a JavaScript component in its Web browser, security researcher Amit Klein wrote in a research document. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used, he wrote. The vulnerability could be exploited with specially crafted code. An attacker could spoof a legitimate Web site, access data from the Web browser's cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web site, according to Klein's write-up. " Secunia has an alert up on the spoof.

1 of 169 comments (clear)

  1. Re:You gotta love this part by dajobi · · Score: 5, Insightful

    That's not security by obsurity. That's "at least give us a chance to fix it before you tell the crackers." The Mozilla guys tell exactly the same tale.