Home   Contest   Full RSS Feeds   About   Contact

CompuWorld

Subscribe To RSS Feeds

Translate To:


[code via DI]

Flash Updates

Subscribe By MailE-Mail Address:

Making Of

MP3

Tips Tricks Hacks

Optimize uTorrent Settings
Fantastic FREEBIES
Hacking Tips To Be Safe
Get Back 'Folder Options'
Capture Screenshots In Windows Media Player
Best Anti Virus
Checking Processor Speed
Computer Keeps Restarting
Orkut Scraps As RSS
Cheapest Data Recovery
Easy Fast Uploading
Convert Video Formats
Hidden Tool In XP
Secure Your Network
Notepad Alternative

Google Tips

Top 10 Ways To Improve Your PageRank
Search Google Without Ads
Google Advanced Search
Hidden Google Pages
10 Google Myths
FREE Stuff Via Google
FREE Torrent Files Via Google

Firefox & IE Tweaks

17 Firefox Extensions For Bloggers
Fullscreen in Firefox
20 Firefox Extensions
Preview Tabs In Firefox
Firefox Search Result In New Tab
Run Google Talk In Firefox Sidebar
Speed Up Internet In FireFox
Increase Number Of Simultaneous Downloads In IE7

Vulnerabilities Found

Internet Explorer 7 Flaw
Use Google Video To Hack Password
YouTube Could Be Used To Hack Computer
Yahoo Messenger 8.0+ Vulnerability

A Note About

Parental Control
Vista Short Review
Burning Laptops
To Imporve Eye Sight, Play Games!

Reviewed

NoHeat's Rank Checker
Fake Name Generator
Grafpup 2.0 for Linux
Mac OS X vs Vista
Vista Flavors
Centrino Duo
DivShare's Power Uploader

Scary Vulnerabilities In IE7 And Firefox 2.0

This Article Is Sponored By You! | Tuesday, February 27, 2007 by Salman Siddiqui | Comments
I am now blogging on my self hosted blog CompuWorld and started another blog of mine the Senorita

This is scary. I could see my boot.ini file online? Huh. The common vulnerability makes it clear that the flaw in programming could be used for some dangerous works over the Internet.

Affected Software
Internet Explorer 7
Internet Explorer 6
Internet Explorer 5.01
FireFox 2.0.0.2
FireFox 1.5.0.9

Description
For demonstration of vulnerability in IE7 click here. For FireFox click here. This is a must see for all of the Internet users around. Using the vulnerability some diverted keystrokes which you hit to enter forms on a web page could be used to enter commands over the Internet to see your boot.ini. And this could just be the beginning.
"Both examples are Windows-specific, and require C:BOOT.INI to exist and be readable by users. The attack itself is not limited to a particular operating system, but I decided to provide a demonstration for most popular desktop OS - *nix versions that access /etc/hosts or /etc/passwd are easy to develop,” Zalewski, one who found the vulnerability, stated.

“In all modern browsers, <"INPUT TYPE=FILE"> form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, “.value” parameter cannot be set or changed, and any changes to .type reset the contents of the field,” added Michal Zalewski.
Workaround Available
 User interaction is a must if both vulnerabilities are to be successfully exploited. In this context, the user would have to enter text in malformed areas on a web page, either from IE or FireFox. Zalewski explained that the keyboard input in unrelated locations can be selectively geared toward input fields by the attacker.

No real workaround looks to be available currently but we will keep you updated with the latest news.

Microsoft on one side was shouting that there IE7 is free of vulnerabilities while FireFox was busy releasing patches this month. Now this kick will surely add to there wounds. Let us wait and see how they react.


Source: Softpedia
Technorati Tags: internet explorer, firefox, vulnerability in IE and firefox

Labels: , , , ,


My Mom Hates Me Blogging!Will You Help Me Show Her That I Am Good At It...Please?


==========Your Comments==========

>>>>>>>Click Here To Leave Your Precious Comments.<<<<<<<



“This Article”

Recently Published Articles

Exhaustive Windows Vista Software Compatibility List - Posted on Tuesday, February 27, 2007

Love Letter By A WEB 2.0 Nerd - Posted on Monday, February 26, 2007

IBM not ready to say Oracle's Linux compatible - Posted on Sunday, February 25, 2007

US To Retain Control Over ICANN - Posted on Saturday, February 24, 2007

Vulnerability In Versions 7.08 And Earlier Of Adob... - Posted on Wednesday, February 21, 2007

"Google Me The Movie" - Trailor Available Online - Posted on Sunday, February 18, 2007

You, Your Wife, Your Baggage and Microsoft -- Shared - Posted on Saturday, February 17, 2007

Yahoo digged, Microsoft On The Way - Posted on Saturday, February 17, 2007

Microsoft To Support "Open"ID - Posted on Tuesday, February 13, 2007

Vienna, The Vista Successor, Planned For Late 2009 - Posted on Monday, February 12, 2007

Moved

I am now blogging on my self hosted blog CompuWorld and started another blog of mine the Senorita

Money Makers

Text Link Ads
Get Paid For Blogging..Yess! Stumble & Earn
JobThread
GoalGuru
BlogsVertise
ReviewMe!
Copeac
BidVertiser
AdBrite

PPP Direct

Archives

Blogroll

Recent Comments

Full RSS Feed | Contact | Disclaimer | CSS and XHTML
© Copyright 2007 CompuWorld

I am now blogging on my self hosted blog CompuWorld and started another blog of mine the Senorita