When IE fucks up, it fucks up GOOD.

fucking microsoft and their fucking software. And fuck their millenium edition and their inability to patch ANYTHING.....

ooops - looks like I started anyways. Sorry.

You have my Yuletide sympathy.

They make it sound like they're doing people a favor. I've seen OpenSource software patched within 24 hours of a public announcement of the flaw in question.

Kiss my ass, Microsleeze ... This flaw was first reported FIVE MONTHS AGO, but the bastages didn't think it was such a big deal and let it sit untouched until it became big news in the last few days that it was a very big deal.

Exploiting an Internet Explorer Vulnerability to Phish User Information

Overview

It was bound to happen. I was recently intrigued by the possibility of utilizing Google Desktop for remote data retrieval of personal user data (such as credit cards and passwords) through the use of a malicious web page. Now, thanks to a severe design flaw in Internet Explorer, I managed to show it's possible to covertly run searches on visitors to a web site by exploiting this vulnerability. In this article I will detail what the vulnerability in IE is and how it is used to exploit Google Desktop. If you have IE 6 and Google Desktop v2 installed you can test it for yourself in my proof of concept page.

Detailed analysis

Normally, browsers impose strong restrictions for cross domain interaction through the web browser. A certain web page can make a user browse to a different domain. However, it may not read the content of the retrieved page nor manipulate any of its DOM objects. This restriction is imposed so one site owner wouldn't be able to spy on a user's surfing habits using Javascript. Also, if a user is already logged on to a certain service (such as Gmail or hotmail) a malicious web page could have executed certain operations in the user's account (such as opening an email and reading it) if the restrictions weren't in place. In IE these restrictions are kept thoroughly but they are broken when it comes to CSS imports. I call this attack CSSXSS or Cascading Style Sheets Cross Site Scripting.

...
http://www.hacker.co.il/security/ie/css_import.html

"Slowly the whale turns". I've been thinking of writing a book
by that title.

Deadly stuff.

Web pages pumping OS-native code for the client to execute? No thanks.

Java and Javascript at least run in a credibly boxed environment.

I would start, but I see the good Rev already has. :D


I love being M$ free at home.