Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [Rival] "Huge Security Problem in Internet Explorer" (All Versions Affected)

  • Subject: [News] [Rival] "Huge Security Problem in Internet Explorer" (All Versions Affected)
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Mon, 30 Jun 2008 11:18:34 +0100
  • Newsgroups: comp.os.linux.advocacy
  • User-agent: KNode/0.10.4
Hash: SHA1

Ghostly threat to Internet Explorer users

,----[ Quote ]
| Microsoft certainly never imagined anything like this. A talk given behind 
| closed doors at the Microsoft BlueHat Security Briefing revealed a huge 
| security problem in Internet Explorer. Presenter Manuel Caballero 
| demonstrated a far-reaching espionage tool that can trap users who are merely  
| visiting a web site. His spooky summary read: "Do you believe in ghosts? 
| Imagine an invisible script that silently follows you while you surf – even 
| after changing the URL 1,000 times. And this ghost is able to see everything 
| you do, including what you are surfing and what you are typing (passwords 
| included), and even guess your next move."       
| [...]
| Eduardo Vela demonstrates that even Microsoft's new browser generations are 
| not immune to such problems. He found out that, in order to circumvent 
| protective measures when accessing location, all you need do is make a string 
| look unlike a string. He used this approach to implement a simple demo with a  
| primitive keylogger that he claims also works with IE7 and the beta versions 
| of IE8. And sure enough, after we went to his demo URL in Internet Explorer 7 
| on a test system, his code persistently followed us across many sites and 
| snooped on what we were doing. Even after we typed in a heise URL by hand and 
| went to it, his "Caballero Listener" picked up all our keyboard input and 
| displayed it in a stolen IFrame.        



Microsoft : Arrogance leads to Vulnerability

,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company's products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.

Version: GnuPG v1.4.6 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index