IE Flaw Gives Hackers Access To User Files
snydeq writes "Microsoft warned that a flaw in IE gives attackers access to files stored on a PC under certain conditions. 'Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location,' Microsoft said in a security advisory. The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."
If they grab the windows search index file then they'd have a map to everything else?
get \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (vista)
or \All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (xp)
and http://www.simplecarver.com/tool.php?toolname=Windows Search Index Extractor
Unfortunately, the thread asking for Webkit in Steam at http://forums.steampowered.com/forums/showthread.php?t=861863 demonstrates how clueless the average gamer is about standards etc.
Some choice quotations:
"ie is fine"
"I'd rather not have steam bloated with redundant tech right now."
"Also W3C != Web Standards, and IE aren't the only ones not complying with the "standards", Firefox didn't comply with all W3C published recommendations either.(Don't know if that's still the case) [...] Microsoft is a business, and they don't want to take the blame because of a third parties inabillity to properly design websites. That is their design goal, and as the W3C isn't enforcable, as it's not considered a standard"
"It works, it is secure and it isn't that slow"
"IE is fine, and so was Windows 98."
"there is nothing wrong with the day-to-day performance of Trident."