IE Flaw Exposes Users To Spoof-Based Attacks

Sotos wrote to mention a C|Net article discussing a new spoof-based attack on Internet Explorer. From the article: " The problem lies in the way Microsoft has implemented a JavaScript component in its Web browser, security researcher Amit Klein wrote in a research document. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used, he wrote. The vulnerability could be exploited with specially crafted code. An attacker could spoof a legitimate Web site, access data from the Web browser's cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web site, according to Klein's write-up. " Secunia has an alert up on the spoof.

Re:In my line of work,

[Skiron]

The hackneyed saying; "Microsoft allowed people to use computers of which those people shouldn't be allowed NEAR a bloody computer".

Re:Spleaning of IE flaws

[John+Courtland]

Hahaha, I figured as much but it was worth it taking the time.