jedipi
Jun 22 2005, 02:10 AM
| | According eWeek.com, a new vulnerability was found in all the major Web browsers ( IE, Firefox, Safari).
This Spoofing Flaw can be exploited by malicious hackers to trick surfers into disclosing confidential information.
QUOTE "The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open a prompt dialog box, which appears to be from a trusted site,"
Here is the place for you to test your broswer whether vulnerable or not.
http://secunia.com/multiple_browsers_dialo...erability_test/
source:
http://www.eweek.com/article2/0,1759,1830025,00.asp |
Reply
chiiyo
Jun 22 2005, 02:53 AM
Oh dear, this sounds pretty serious. All my browsers are vulnerable... O-o. Wonder whether there'd be any patch soon?
Reply
jcguy
Jun 22 2005, 04:36 AM
Hmmn... I'm wondering, if these security flaws were not made public, would potential hackers have found out about and sicovered the flaw? Do they go about engineering and looking at the source code to disocver new flaws?
Reply
saxsux
Jun 22 2005, 11:47 AM
I honestly don't see how that is a security problem. Surely even a completely inexperienced computer user would notice the new window opening when they clicked the link. Even if they didn't, who would be stupid enough to enter bank account details into a completely unsecure javascript dialogue? To be honest, I doubt scammers will be adopting this method quite soon 
Reply
chiiyo
Jun 22 2005, 01:32 PM
Hmm, I don't know, for me the very fact that they can open a unnamed javascript window on top of a verified site is still rather disturbing. Yes, even a new computer user would notice the new window opening, but it's not the noticing the new window, it's more of if the hacker decides to exploit the vulnerability, makes his pop-up dialog box really authentic-looking, and thus gets information from not-so-experienced computer users, and then use that information. I mean, I think people like my dad or my brother, though they are not total-computer-idiots, might fall for a dialog box that seems to come from Google.com or Amazon.com asking for passwords or stuff like that.
Reply
jedipi
Jun 25 2005, 08:09 AM
I just saw this new in C|Net News.com. [quota] Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers. [/quota] Is it just because thuse they don't deem them a high risk?? Do you believe this article?? I am quite surprise, microsoft won't issue an update for IE. it makes IE is the worst browser right now. source: http://news.com.com/IE+pop-up+spoof+wont+g...ml?tag=nefd.top
Reply
HanginNerd
Jun 26 2005, 12:48 AM
Firefox's Javascrips Is Kinda Messed Upp Dont Ya Think ???? XX
Reply
geancanach
Jun 28 2005, 09:19 PM
and this is just one more reason why i have javascript disables in all my browsers. i didnt get the prompt so i assume i dont have that particul insecurity to worry about
Reply
MajesticTreeFrog
Jun 29 2005, 04:09 AM
As more such problems are discovered, programmers will learn to be more and more security savvy. Open source has the best chances though. The people who are open source tend to care about security, and having their programs work. So, it will probably get fixed in FF in the not too distant future. IE may have to wait till version 7, whenever the hell that comes out.
Reply
runefantasy
Jun 29 2005, 04:24 AM
Oof. Thanks for the example you provided. Now I know what it looks like. Good thing banks don't use JS prompts, or hackers could steal credit card information. Hope Microsoft fixes it soon (maybe 2006 when IE7 and Longhorn comes out)
Reply
Jimmy89
Jan 17 2007, 02:58 AM
QUOTE I honestly don't see how that is a security problem. Surely even a completely inexperienced computer user would notice the new window opening when they clicked the link. Even if they didn't, who would be stupid enough to enter bank account details into a completely unsecure javascript dialogue?
To be honest, I doubt scammers will be adopting this method quite soon smile.gif i have to agree! there is going to be only a handful of users that are going to do this, so really is not much of a problem. that said, whenever someone hears security flaw theres always something to be said - and a microsoft patch to go with it!
Reply
vhortex
Jan 8 2007, 07:57 AM
QUOTE(Quatrux @ Jan 6 2007, 07:39 AM)  And someone in this thread said that he is safe that he has javascript turned off, safe, but most of the sites doesn't work, to browse without javascript in my opinion these days is stupid! Of course, if you surf the web and normal pages..  i agree with you with this mate. Specially now that most websites have ajaxed themselves up. just last december, i have stumbled on 17 websites of good quality with a ajaxed floating window for login. *********** between normal pages and ajaxed ones.. i will go with the ajaxed ones.. it saves time and bandwitdh on some slow connections, that it if you are viewing some sort of heavy graphics site. *********** i was dragged here thinking this tackle about this certain pesisting bug that i have read.
Reply
saneax
Jan 8 2007, 07:39 AM
There is a much serious security flaw in the browsers, related to Adobe Plugin.. Critical vulnerability reported in Adobe Reader
Reply
issdiscovery04
Jan 7 2007, 08:28 PM
Well users of Firefox 2.0.0.1 are pretty safe from this flaw. On the other hand, internet explorer users are in for a long haul. M$ is not known for releasing frequent updates or updates that work.
Reply
Chesso
Jan 7 2007, 10:42 AM
You would have to be pretty newby to fall for that. Unless you some how co-incidentally visit sites often that do that, or your just clueless all together lol.
Reply
Similar Topics
Keywords : vulnerability, found, major, browsers
- Sign Up Bonus Promotional Code Found Here
(0)
When Does Human Life Begin?
Where is our humanity to be found? (4) When does human life begin? There has a arisen among modern Christianity this newly found
conviction that human life begins with conception. If we probe the history of Christianity we find
a difference of opinions and Thomas Aquinas, for example, followed Aristotle's developmental
view of the soul which concluded that the soul of the embryo could only be called human 40 days
after conception. This only changed after the advent of modern genetics and the discovery that our
unique genetic pattern begins at conception (sort of). What is new and peculiar is this sudde....
Browsers, In Your Opinion The Best?
(14) Since the World Wide Web was created there has been a need for software to navigate it. Since the
first Browser, Netscape, many others have followed including Microsoft's Internet Explorer, and
Mozilla Products such as Opera and Firefox. So I was wondering which Browser do you guys favor.
Currently, I have three browsers installed on each of my three machines (Two desktops, One Laptop).
These browsers include Mozilla's Firefox, Microsoft's Internet Explorer (It came with the
Machines since I run Windows), and Apple's Safari Browser which I let install wit....
Latest Yahoo! Vulnerability Appears To Be A Moving Target For Messenger
(2) I have been aware of the latest Yahoo! Jukebox and until recently Messenger exploits for about a
week. Starting on the 3rd of February, three critical vulnerabilities were posted for datagrid.dll
and mediagrid.dll which are part of the Yahoo! Jukebox offering
(http://www.securityfocus.com/bid/27578, http://www.securityfocus.com/bid/27579 ,
http://www.securityfocus.com/bid/27590) . The reason that I waited so long to post this is because
the details were inconsistent and it didn’t add up to me. The versions of Messenger that were
listed as vulnerable are absolutely a....
Looking For The Perfect Cms...
Haven't found one yet. (9) Well as some of you may know, I've been playing around with Joomla for a while. I've also
gotten really good at it! Now though, I'm finding Joomla isn't up to it in the way of
features. You have to get a component or plugin for almost everything. Seeing as Joomla 1.5 (which
is what I'm using) isn't all that old, there aren't enough extensions for it and like
none for what I want. Also, most people make them under the Creative Commons license for 1.5, and I
don't want stupid little ads all over my site. With the old version (1.0.13 I thin....
A Lot Of Infomation About Cod4 Found On The Internet
(0) here is information about cod 4 that i found on the internet QUOTE Call of Duty 4: Modern
Warfare is a first-person shooter developed by Infinity Ward and published by Activision for
Windows, Xbox 360, and PlayStation 3. It will be the eighth installment in the Call of Duty video
game series (including expansions), the first not to be set during World War II, and the first to be
rated "M" for Mature by the ESRB. It was announced on April 25, 2007 , and will be released
worldwide on November 5, 2007. Contents * 1 Story o 1.1 Setting o 1.2 P....
A Timeline Of Web Browsers [1991 - Present]
(3) Here's a chart depicting the evolution of web browsers. A very interesting look at the past and
how far we've come. http://upload.wikimedia.org/wikipedia/comm...eb_browsers.svg ....
How I Use Ie Vs. How I Use Firefox Vs. Other Browsers
(2) This posting is best viewed in Firefox. *** IE *** First, let me begin by saying that I'm not
scared of using Internet Explorer. I have done a couple of things to it to turn it into a
well-performing and relatively secure application. 1. I downloaded ToolbarCop at:
http://www.softpedia.com/progDownload/Tool...nload-8846.html Then I went on a cleaning spree,
removing all suspicious-looking browser helper objects, including plug-ins for various things such
as Acrobat Reader. All these toolbars and plug-ins do not belong in my IE, with maybe one notable
exception ....
Folder Of Frontpage?
Found A Folder (8) I got microsoft xp pro about 2 months ago and installed it then 3 days ago i noticed a folder called
microsoft fronpage even though i never installed it. it contained one folder called version3.0 which
contained a folder called bin which contained nothing. Can anybody explain this to me. N.B. I also
looked at my mates computer and it had it also and he never installed frontpage /ohmy.gif"
style="vertical-align:middle" emoid=":o" border="0" alt="ohmy.gif" />....
Police Brutatlity Is A Major Problem. Look At Discuss Please.
(0) Look at all these videos i found on Youtube based on police brutality. I realize some of these were
filmed in countries other than USA and Canada, countries where all this police brutality goes
un-noticed but i still decided to post it. I see a major problem here where power driven cops decide
that just because they have a night-stick and a taser they think they have the right to abuse
everybody else. Personally i wish the cops from the first movie that were beating on the kid and the
grandma should be tortured and than killed and they should burn in hell for ever. Pleas....
Browsers Take Much Time To Open
IE7 and FF (1) Hello guys , Hope you are all living a happy life First of all I have a P4 processor with 1 mb
ram and 120 Gb HD also my PC is loaded with programs and tweakers , My computer was working fine and
fast with windows xp professional and I was able to do whatever I want To get the idea I was
chatting with a friend , watching a youtube clip , downloading a 1 giga file while utorrent getting
150 kb downloads . My problem started a couple of days ago . I have internet explorer version 7
clean - meaning no addons or yahoo,google,ask,search bars No bars at all because these....
Help Spliting A String Into 3 Variables In C++
I have searched on the net but havent found much help (2) Hi there im new around here ^^, my original language is spanish so sorry for any wrong word i
use,... Im working on some features for my program to load a Favorite games list from a text file
but the problem I have is not parsing the file, is processing a string and spliting it into 3
variables, then I will use them to insert as items in a List View control, I just dont know what is
wrong in the following code... CODE
//------------------------------------------------------------ TCHAR* pszRomname =
NULL; TCHAR* pszTitle= NULL; TCHAR* p....
Major Flaw Found In .ani File Through All Major Ms Operating Systems
(2) I have been keeping regulars updates on trap about this and I thought the members of astahost should
know about this as well. http://www.trap17.com/forums/index.php?sho...mp;#entry316934 It is
recommend that you read al lthe post I made about this topic since the new articles theses posts are
comign from seem to be getting worse about this security risk. This flaw has been found from
Windows 98 up to vista.....
Check Out This Interesting Information I Found.
Science research. (0) QUOTE Bone, Knee, Hip and Joint Advances "Recommended. The information in this program, as well
as the entire series, is up-to-date and of interest to both general audiences and to medical
specialists." -EMR Online "Osteoporosis" - a new diagnostic device screens for signs of weakening of
the bones; "See Through Bones" - a new x-ray machine which offers doctors extremely accurate details
of bones; "Dem Bones" - lasers can now be used to stimulate bone growth; "Thinking Knee" - a new
artificial knee is computerized, meaning amputees will find walking easier; "Artifici....
One Click To Copy Script
Works in IE6 but not any other Browsers (0) As a project to "boilerplate" some text, I had this idea of making a couple of textareas in html and
having a single click on the input button copy the contents to the clipboard and then pasting the
text into another blank textarea. Several textareas would contain the different pieces of text and I
would then be able to 'assemble' the full text into the 'blank' textarea and then,
of course, copy this entire piece to the clipboard and migrate it to the final spot for copying.
Anyways, BuffaloHELP had the basic code for the javascript, but it seems that thi....
Burn Iso To Hd?
Found on the net it IS possible but none explaining HOW to do it :-( (20) Hi there, (Don't know if this is the right forum for this. And it also applies to all other
OS's I guess. Though I'm in Ubuntu LiveCD at the moment!) Got a question, I've read on
the net it IS possible to 'burn' an ISO file to a partition on the harddisk?! Though they
don't say HOW to do it. I've been searching google like all day only for this and getting
pretty desperate on this! /mellow.gif" style="vertical-align:middle" emoid=":mellow:" border="0"
alt="mellow.gif" /> Anyone in here that knows how to do this? My idea is, I have a....
Winzip ActiveX Control Remote Code Execution Vulnerability
(2) QUOTE WinZip is prone to a remote code-execution vulnerability in an ActiveX control that is
installed with the package. Exploiting this issue allows remote attackers to execute arbitrary
machine code in the context of applications using the affected ActiveX control and possibly to
compromise affected computers. WinZip versions in the 10.0 series prior to build 7245 are
vulnerable to this issue. Here is an exploit source code :
http://downloads.securityfocus.com/vulnera...-vs-MS-winzip.c used a shellcode that binds a port on
4444. ....
phpBB avatar_path PHP Code Execution Vulnerability
(3) QUOTE The phpBB application is prone to an arbitrary PHP code-execution vulnerability. If
successful, attackers can execute script code with the privileges of the webserver process.
QUOTE Vulnerable: phpBB phpBB 2.0.21 phpBB phpBB 2.0.20 phpBB phpBB 2.0.18 Not Vulnerable:
phpBB phpBB 2.0.22 So , upgrade to phpBB phpBB 2.0.22 .....
MS Windows CSRSS Vulnerability
(4) There's a vulnerability in MS Windows that may cause serious problems related with the module
csrss.exe . Here below is listed vulnerable systems: QUOTE Microsoft Windows XP Tablet PC
Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP
Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition
SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Wind....
The Best Browser For General Use
List of browsers for PC computers. (9) I was trying to get a good browser that supported both my programs and my alignment for my website.
I downloaded ALL of the big ones. Opera, IE explorer 7, Firefox, netscape and msn (lol I wasn't
getting lucky). Though I havent gone in debth I have rated them as follows: First: Opera Opera has
some features none of the rest have including mouse actions. It support both IE explorer made pages
and Firefox made ones. Its easy to switch just by going to the options pannel. The theme is easy to
change but the toolbar isn't quite what you would get from firefox. Sec....
Gartner: Vista To Be Last Major Windows Release
Era of monolithic deployments is ending, research firm says (4) QUOTE December 14, 2006 (Reuters) -- Research firm Gartner Inc. predicts that Windows Vista
will be the last big release of Microsoft Corp.'s Windows operating system. The era of
monolithic deployments of software releases is nearing an end, and Microsoft will participate in the
trend toward more flexible updates, Gartner said in a list of forecasts for 2007. Gartner also
expects that the blogging trend will peak in the first half of 2007. Given the average life span of
a blog and the growth rate of blogs, the research firm predicts the peak number of blogger....
New Game - Urban Rivals
I found it yesterday! (7) Hello everyone I found a new online game yesterday and I think its really good. Its similar to
Magic The Gathering. You play with a deck of cards and try outwit your opponent. You can also
'train' your cards to make them more powerfull and give them special powers. Its different
to magic in one major way though! There's a random number used when calculating the winner. So
although you might think your card will win, there is the chance it will still loose. As I said its
a great game so if you enjoyed Magic then you should definatley try it out. http://www....
Microsoft Xmlhttp Activex Control Code Execution Vulnerability
Extremely critical (0) Another vulnerability to XP has been found by Security research firm Secunia. QUOTE
Description: A vulnerability has been reported in Microsoft XML Core Services, which can be
exploited by malicious people to compromise a users system. The vulnerability is caused due to an
unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of
arbitrary code when a user e.g. visits a malicious website using Internet Explorer. NOTE: The
vulnerability is already being actively exploited. QUOTE Solution: Microsoft has recommended
va....
Found Some Good Blogs With Tons Of Ebooks
(2) http://www.mzworld.com Http://www.mzworld.com/ebooks List of Free E-books OS Programming
Programs etc http://www.cec.uchile.cl/~lindsey/tutorial.htm O'Reilly online
http://www.oreilly.com/openbook/ http://sysadmin.oreilly.com/ Computer books and manuals
http://www.hoganbooks.com/freebook/webbooks.html http://www.informit.com/itlibrary/
http://www.fore.com/support/manuals/home/home.htm
http://www.adobe.com/products/acrobat/webbuy/freebooks.html The Network Book
http://www.cs.columbia.edu/netbook/ Some #bookwarez.efnet.irc links http://www.e....
I Prefer Ie6 Over Other Browsers.
(6) I know most of you will say I'm crazy but I really have no complaints about IE6 and haven't
experienced any obvious bugs. My IE browser is very stable and loads pages much quicker than the
other browsers I have tried. Alright first let me show you my pc's specs maybe it might be the
answer to why it's faster than the other web browsers. My PC specs: Intel PIII 1Ghz 128MB RAM
9GB Hard Drive - 1.28GB free And now here are several browsers I have used and when I compared all
of them to Internet Explorer the speed was incomparable: Avant Browser Firefox O....
Web Browser And Taskbar Problems (web Browser Disappears)
Question about web browsers and taskbar (7) First off, I would like to say thanks for taking the time to read my thread... Er then I won't
have a second or any others, I will just get to my questions. Okay, so I recently noticed that my
web browser windows when I minimized them to the task bar just disappeared. They seemingly minimzed
to a spot that I couldn't see to the down and right of the start button. I know how to get
around this in a couple of ways if I have to... But I was just curious to see if anyone knew how to
fix it a better way? My "solutions" to fix it are: 1) If I hit ALT+TAB at the s....
Need Help In Developing Internet Application Suite
Browsers, Instant Messaging, E-Mail, etc (9) I'm working on programming an Internet Applications suite. I'm planning to make the
following: -Web Browser -Webmail/E-Mail client (is a mixture of webmail and an e-mail client like
outlook, maybe eventually offer free e-mail to users) -Instant Messaging Program -Firewall (just a
basic tool that let's you lock either incoming or outcoming traffic on specified ports, or lock
down incoming/outgoing/both traffic and put blocks on all ports.) -Quick spyware scan (just checks
for common spyware filenames/locations and checks it against file sizes/extensions and w....
Neem: A Natural Treatment That Works?
Neem trees - what scientists have found (12) One of my friends just sent me a link about the neem tree, which is the source of many cures and
treatments in India (where he's from). We started talking about dental problems, which is one of
the things that neem trees can treat, when he started telling me about the other things that
scientists are discovering. Would you believe, for example, that extracts from this tree can be up
to 100 percent effective as birth control? Or that it repels athlete's foot, psoriases, herpes,
etc.? Yeah - I wouldn't believe it either if it weren't for the fact that sci....
Some Facts I Found
These are some facts I found (13) These are some facts I found. I've published them on a different site before, but I'm the
rightsholder so I'll post them here too (little old, jan 8th 2005): ~Bored aren't you~
*Montserrat's coastline is 40 km *1KB contains 1024bytes, not 1000bytes *The Isle Of Man has 1
FM radio station *The world's largest tricycle's front wheel has a diameter of 4.67 m (15.3
ft) and the back wheels measured 2.23 m (7.3 ft) across. The trike had an overall height of 7.13 m
(23 ft 4 in). *Bill Curtis of Clacton-on-Sea, Essex, England, is acknowledged as t....
Major Website Mistakes
Improve your site! (51) I have made some of these mistakes myself so I want to pass on what is have learned to help others
create easy website for the viewers. These are not in any order. This is my first tutorial so feel
free to add comments. TY, Enjoy /biggrin.gif' border='0' style='vertical-align:middle'
alt='biggrin.gif' /> 1) URL/E-mail Names This goes on the theme of trust really. Many
small business like to set shops up on service providers like astahost, geocites,yahoo. Those sites
will usually supply you with a subdomain name like yoursite.serviceprovider.com. Ins....
Looking for vulnerability, found, major, browsers
|
*SIMILAR VIDEOS*
Searching Video's for vulnerability, found, major, browsers
|
advertisement
|
|
