Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43438
  • Total Topics: 16532
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2972
Total: 2975









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: amko_sa
« on: 27. May 2011., 19:10:47 »

Tnx samker for this info.

My favorite browser is Opera  ;)
Posted by: Samker
« on: 27. May 2011., 18:24:08 »



A security researcher has discovered a vulnerability in all versions of Internet Explorer, including IE9, on all versions of Windows. This vulnerability allows hackers to steal login information for any sites requiring passwords. The theft of one's credentials is achieved by taking advantage of a flaw in how Internet Explorer handles cookies. While it sounds alarming at first glance, this vulnerability does require a fair amount of interaction from a user for it to be successful - thus being another example of social engineering.

The Italian security researcher, Rosario Valotta, shared details of the attack in an interview with Reuters: http://www.reuters.com/article/2011/05/25/microsoft-security-idUSN2517397120110525
The execution of this attack is done by convincing users to drag and drop an object across the screen to successfully obtain the cookie. Valotta managed to build a successful proof of concept of this flaw by coding a Facebook game which challenges users to undress a woman. According to Valotta: "I published this game online on Facebook and in less than three days, more than 80 cookies were sent to my server. And I've only got 150 friends."

Besides tricking users with sneaky puzzles, the vulnerability has little real world applications to have a greater impact. In a statement, Microsoft spokesperson Jerry Bryant states users should not be too concerned over the findings:
Quote

Given the level of required user interaction, this issue is not one we consider high risk. In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into.


We recommend all users, not just those on Internet Explorer, to be wary of suspicious-looking applications and game requests sent by your Facebook friends.

(NW)

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023