Slashdot Mirror
IE Flaw Exposes Users To Spoof-Based Attacks
Sotos wrote to mention a C|Net article discussing a new spoof-based attack on Internet Explorer. From the article: " The problem lies in the way Microsoft has implemented a JavaScript component in its Web browser, security researcher Amit Klein wrote in a research document. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used, he wrote. The vulnerability could be exploited with specially crafted code. An attacker could spoof a legitimate Web site, access data from the Web browser's cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web site, according to Klein's write-up. " Secunia has an alert up on the spoof.
XMLHttpRequest? Never heard of it.
It is the thingy that powers AJAX
Am I wrong or haven't we seen this story before?
Than add another 100+ comments on your comments on how many comments we have and we'll have even more comments.....
...and then theres the comments on the comments on the comments....
...no...it will never end....especially after the dup story is posted tomorrow.
$7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
"Yea, but it hasn't even been exploited yet! It doesn't count unless it's been exploited, right?"
"I bet there will be a fix out within 24 hours! Exploits don't count if they are fixed quickly, right?"
"I don't care if they find a thousand exploits; I still won't use IE!"
Oh, wait . . . I thought the article was about another Firefox exploit. Nevermind.
Firefox? I'm using Webwhale, which is much better!
I'll start with the securia site.
Internet Explorer: Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical...Currently, 20 out of 86 Secunia advisories, is marked as "Unpatched" in the Secunia database.
FireFox: Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical...Currently, 3 out of 24 Secunia advisories, is marked as "Unpatched" in the Secunia database.
"In the game of life, someone always has to lose. To me, if life were fair, that someone would always be Oklahoma." -DKR
That's not security by obsurity. That's "at least give us a chance to fix it before you tell the crackers." The Mozilla guys tell exactly the same tale.
There's no chance a spoof attack would ever wo.df&^3478adf@$%%
/*User dead*/
Active Ingredient: Triclosan
Other Ingredients: Water, Magnesium and/or Sodium Dodecylbenzenesulfaonate, ammoniym laureth sulfate, Sodium xylenessulfonate, SD alcohol 3-A, Laurel polyglucose, Laurylamidoproptlamine oxide, Magnesium sulfate, Sodium bisulfate, fragrance, Prntasodium pentetate, DNDN Hydantoine, D&C Orange No 4.
See, see, Triclosan is what powers AJAX!
Unstable Apps: Our Android Apps Don't Suck
I guess you never read the story on ZDnet about a month ago, and MS was "looking into it". Apparently this does work and yet MS dropped the ball again, nothing knew, just expected sooner.