New URI Browser Flaws Worse Than First Thought

narramissic writes "URI (Uniform Resource Identifier) bugs have become a hot topic over the past month, since researcher Thor Larholm showed how a browser could be tricked into sending malformed data to Firefox. Now, security researchers Billy Rios and Nathan McFeters say they've discovered a number of ways attackers could misuse the URI protocol handler technology to steal data from a victim's computer. 'It is possible through the URI to actually steal content form the user's machine and upload that content to a remote server of the attacker's choice,' said McFetters, a senior security advisor for Ernst & Young Global Ltd. 'This is all through functionality that the application provides.'"

Re:News?

[ozmanjusri]

Actually it's nothing but a change in the ancient URL/URI trick where you trick the user into believing a link sends him somewhere else (akin to something like this: www.microsoft.com.

Thanks dude!

I installed that update to XP, and now my computer runs like a dream. Microsoft finally got it right!

Whew...

[Spy+der+Mann]

Good thing I use Firefox and not that "URI browser". I feel safe.

Re:News?

[Opportunist]

You should check out their new browser too, at IE7.com. It's really amazing! I don't know what they did, but even the exploits that should work on Internet Explorer 7 don't!

Re:Web 2.0 developers have betrayed us all

[MrNaz]

Yea, that'd be pointless. Blue wins hands down.

Re:News?

[tygerstripes]

You installed Gentoo in less than 48 hours? Christ, how times change...

Damn!

[rdrd]

I just pressed on that "slashdot://it.slashdot.org" link !!!