New IE Flaw (This one is scary)
-
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/[^] Forever Developing
-
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/[^] Forever Developing
Don't work on mine, but my google toolbar started blocking something like 10 popups each second until i closed ie X| - Anders Bill's Bar
My PhotosWDevs - The worlds first DSP, free blog space, email and more. Now also with forums :)
-
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/[^] Forever Developing
-
Thank god I use Opera to surf for porn... :omg: Did I say that out loud? Tim Smith I'm going to patent thought. I have yet to see any prior art.
And in the Lounge no less... :rolleyes:
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
-
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/[^] Forever Developing
I clicked the demo link, and after a dozen or so page loads I appear to have gotten the standard PayPal web site... as far as I can tell? (IE6, XPSP1.) Does this mean I've turned something off that prevents that? It said to refresh the page before trying again, which I did, but I do use PayPal a lot to buy guns from Eastern Asia so whatever I was supposed to be refreshing might have been missed from a previous session? :~
David Wulff The Royal Woofle Museum
Everybody is entitled to my opinion
-
I clicked the demo link, and after a dozen or so page loads I appear to have gotten the standard PayPal web site... as far as I can tell? (IE6, XPSP1.) Does this mean I've turned something off that prevents that? It said to refresh the page before trying again, which I did, but I do use PayPal a lot to buy guns from Eastern Asia so whatever I was supposed to be refreshing might have been missed from a previous session? :~
David Wulff The Royal Woofle Museum
Everybody is entitled to my opinion
That is not really paypals site. It a hoax site. It can be used in a Phishing Scam Forever Developing
-
That is not really paypals site. It a hoax site. It can be used in a Phishing Scam Forever Developing
But it didn't work for me? The security article said it would be replaced by one of their pages, but shown as if it was on PayPal's. What I saw was the same as I see when I load PayPal from the "Start | Run" dialog - I highly doubt a security firm would actually create a mockup of the PayPal site on their own server as that is asking for legal action. Whilst I agree this is dangerous, what I meant was that it didn't appear to affect me.
David Wulff The Royal Woofle Museum
Everybody is entitled to my opinion
-
But it didn't work for me? The security article said it would be replaced by one of their pages, but shown as if it was on PayPal's. What I saw was the same as I see when I load PayPal from the "Start | Run" dialog - I highly doubt a security firm would actually create a mockup of the PayPal site on their own server as that is asking for legal action. Whilst I agree this is dangerous, what I meant was that it didn't appear to affect me.
David Wulff The Royal Woofle Museum
Everybody is entitled to my opinion
What version of IE are you running? Forever Developing
-
What version of IE are you running? Forever Developing
David Wulff wrote: IE6, XPSP1 I have installed every update except for SP2.
David Wulff The Royal Woofle Museum
Everybody is entitled to my opinion
-
David Wulff wrote: IE6, XPSP1 I have installed every update except for SP2.
David Wulff The Royal Woofle Museum
Everybody is entitled to my opinion
I have the same set up but this is what I see in the popup with https://www.paypal.com Secunia - Internet Explorer Cross Site Scripting Demonstration This window is serving content from Secunia.com, although the Address Bar says you are visiting: https://www.paypal.com/ You can also click on the "Pad-lock" SSL icon in the bottom, which also clearly states that you are visiting: https://www.paypal.com/ This page could just as easily have stolen cookie information (e.g. usernames, passwords, session IDs, etc.), or contained malicious information spoofed as being from PayPal or any other web site, asking you to install programs or disclose sensitive information such as credit card details. This vulnerability allows an attacker to execute arbitrary script code in the context of any web site. Exploitation is only limited by the imagination of the attacker (phisher). Close this window Secunia - Internet Explorer Cross Site Scripting Demonstration Forever Developing
-
I clicked the demo link, and after a dozen or so page loads I appear to have gotten the standard PayPal web site... as far as I can tell? (IE6, XPSP1.) Does this mean I've turned something off that prevents that? It said to refresh the page before trying again, which I did, but I do use PayPal a lot to buy guns from Eastern Asia so whatever I was supposed to be refreshing might have been missed from a previous session? :~
David Wulff The Royal Woofle Museum
Everybody is entitled to my opinion
Try using a different security level for the internet. If you can't be phished you aint playing fair. :-) Regardz Colin J Davies Attention: It's finally arrived, The worlds first DSP.
-
And in the Lounge no less... :rolleyes:
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
Hope no ones sister heard that! ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF!
-
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/[^] Forever Developing
Wow! My browser went nuts! It wiped out the notificationn tray, the task bar and quick launch trays, and took over the entire desktop. I had to kill every instance of IE to stop it, then had to mouseover the whole screen to force Windows to repaint the display. Nasty, to say the least... "If it's Snowbird season, why can't we shoot them?" - Overheard in a bar in Bullhead City
-
Hope no ones sister heard that! ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF!
I think it's kinda interesting that people think that words like porn might offend someone's "kid sister", but that it's ok to say "f*ck* because nobody would ever figure that out with the missing letter and all :rolleyes: ;) Cheers, Tom Archer - Archer Consulting Group Programmer Trainer and Mentor and Project Management Consultant
-
I think it's kinda interesting that people think that words like porn might offend someone's "kid sister", but that it's ok to say "f*ck* because nobody would ever figure that out with the missing letter and all :rolleyes: ;) Cheers, Tom Archer - Archer Consulting Group Programmer Trainer and Mentor and Project Management Consultant
If she figures out she's ready to hear it :cool:
we are here to help each other get through this thing, whatever it is Vonnegut jr.
boost your code || Fold With Us! || sighist | doxygen -
If she figures out she's ready to hear it :cool:
we are here to help each other get through this thing, whatever it is Vonnegut jr.
boost your code || Fold With Us! || sighist | doxygenD*mn straight. :-D
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
-
Try using a different security level for the internet. If you can't be phished you aint playing fair. :-) Regardz Colin J Davies Attention: It's finally arrived, The worlds first DSP.
I'm sorry. I don't know what I've changed, but obviously in my fiddling I've turned something off without realising the effects or otherwise broken IE enough for it not to work. Could it be third party software? A long time ago (18 months+) I used to run ZoneAlarm on this machine? When I have the hour it takes to spare I will clean out my temporary internet files and see if that helps. I will get IE to break, dmanit! :rolleyes:
David Wulff The Royal Woofle Museum
Everybody is entitled to my opinion
-
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/[^] Forever Developing
-
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/[^] Forever Developing
This one is scary... can't say more. <- true inside to understand outside ->
-
Try using a different security level for the internet. If you can't be phished you aint playing fair. :-) Regardz Colin J Davies Attention: It's finally arrived, The worlds first DSP.
Woo hoo! I got it! I got it! I used my laptop to follow the link and I get the security site page instead of paypal - I am finally one of the gang. :-D
David Wulff The Royal Woofle Museum
Everybody is entitled to my opinion