AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > Data Security

Data Security Viruses, Firewalls and Safe computing


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 16th April, 2010, 07:10 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,606

IE 8 Security Features Could Be Turned Against Users, Researchers Say

At Black Hat Europe, presenters show how filters designed to prevent cross-site scripting can be used to launch those very attacks

The good news is that Microsoft's Internet Explorer 8 browser offers a new set of filters designed to prevent some cross-site scripting (XSS) attacks. The bad news is that those same filters could be used to enable XSS attacks.

[Front page...]
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 19th April, 2010, 09:39 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

XSS is interesting, but you should take a look at clickjacking - which is far more scary http://www.darkreading.com/vulnerabi...t=clickjacking
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 19th April, 2010, 10:19 AM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Stone: These new clickjacking attacks can be used with the newest versions of IE, Firefox, Safari, and Chrome
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 19th April, 2010, 01:16 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

And they're very effective too.

Once upon a time clickjacking just meant that you could get a user to click on something that they might not want to click on. Now it means you can inject data into websites, extract data from websites, and discover if the user is logged into their online bank...
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
New Attack Uses Internet Explorer's Own Features Against It Security Daniel ~ Data Security 2 27th January, 2010 08:32 PM
Security researchers zero in on Twitter hackers Daniel ~ Data Security 0 10th August, 2009 05:30 PM
'Tigger' Trojan Keeps Security Researchers Hopping Daniel ~ Data Security 2 6th March, 2009 08:00 PM
Windows 7 Security Features Get Tough Daniel ~ Windows 7 2 23rd January, 2009 08:19 PM
Researchers: E-passports pose security risk Gizmo Data Security 3 7th August, 2006 12:58 AM


All times are GMT +1. The time now is 12:21 PM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0