Slashdot Mirror


New URI Browser Flaws Worse Than First Thought

narramissic writes "URI (Uniform Resource Identifier) bugs have become a hot topic over the past month, since researcher Thor Larholm showed how a browser could be tricked into sending malformed data to Firefox. Now, security researchers Billy Rios and Nathan McFeters say they've discovered a number of ways attackers could misuse the URI protocol handler technology to steal data from a victim's computer. 'It is possible through the URI to actually steal content form the user's machine and upload that content to a remote server of the attacker's choice,' said McFetters, a senior security advisor for Ernst & Young Global Ltd. 'This is all through functionality that the application provides.'"

6 of 149 comments (clear)

  1. Re:News? by ozmanjusri · · Score: 5, Funny
    Actually it's nothing but a change in the ancient URL/URI trick where you trick the user into believing a link sends him somewhere else (akin to something like this: www.microsoft.com.

    Thanks dude!

    I installed that update to XP, and now my computer runs like a dream. Microsoft finally got it right!

    --
    "I've got more toys than Teruhisa Kitahara."
  2. Whew... by Spy+der+Mann · · Score: 4, Funny

    Good thing I use Firefox and not that "URI browser". I feel safe.

  3. Re:News? by Opportunist · · Score: 3, Funny

    You should check out their new browser too, at IE7.com. It's really amazing! I don't know what they did, but even the exploits that should work on Internet Explorer 7 don't!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Re:Web 2.0 developers have betrayed us all by MrNaz · · Score: 4, Funny

    Yea, that'd be pointless. Blue wins hands down.

    --
    I hate printers.
  5. Re:News? by tygerstripes · · Score: 3, Funny

    You installed Gentoo in less than 48 hours? Christ, how times change...

    --
    Meta will eat itself
  6. Damn! by rdrd · · Score: 2, Funny

    I just pressed on that "slashdot://it.slashdot.org" link !!!