IE Flaw Exposes Users To Spoof-Based Attacks

Sotos wrote to mention a C|Net article discussing a new spoof-based attack on Internet Explorer. From the article: " The problem lies in the way Microsoft has implemented a JavaScript component in its Web browser, security researcher Amit Klein wrote in a research document. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used, he wrote. The vulnerability could be exploited with specially crafted code. An attacker could spoof a legitimate Web site, access data from the Web browser's cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web site, according to Klein's write-up. " Secunia has an alert up on the spoof.

Spleaning of IE flaws

Let A=72, B=73, C=74, etc... add up the letters (case insensitive) in the word SLASHDOT. What do you get?

Re:Spleaning of IE flaws

[John+Courtland]

Hahaha, I figured as much but it was worth it taking the time.

In my line of work,

[BattleRat]

we preach that security is 80% policy, procedure and training, and 20% technology. This is a classic example where a smarter, more intelligent user base will not be compromised. Two things; the smarter user base uses Firefox and will recognize a redirection. Some people just shouldn't be allotted an IP...there should at least be a test.

Re:In my line of work,

[Skiron]

The hackneyed saying; "Microsoft allowed people to use computers of which those people shouldn't be allowed NEAR a bloody computer".

Man-in-the-middle

so-called man-in-the-middle attack

That is sooooo sexy