April 28th, 2002, 07:48 AM
IE6 Privacy Features Open Users To Attack
Hi all you great people,
You are probably across this issue, but just for those who might have missed it....found this at newsbytes:
IE 6 Privacy Features Open Users To Attack - Expert
By Brian McWilliams, Newsbytes
REDMOND, WASHINGTON, U.S.A.,
23 Apr 2002, 12:47 PM CST
Security flaws in privacy features added to Microsoft's Web browser could enable attackers to perform several privacy-robbing attacks, including hijacking victims' MSN Messenger accounts, a security researcher warned.
According to Thor Larholm, a developer with Denmark-based Internet portal Jubii.dk, "severe" bugs in the "Privacy Report" feature in Internet Explorer version 6 can be exploited "in effect removing all privacy."
Last week, Larholm posted an advisory and harmless demonstrations of the flaws at his personal Web site. One example showed how the browser bugs enable a Web site to launch programs that exist on the user's hard disk. Another demo page silently sends a message to users in the target's MSN Messenger contact list.
"Hello, my MSN has just been h4><0r3d. However, this is nothing to be worried about. Your MSN is fine. The person who sent this would probably like a reply though, to show that it worked," read the instant message transmitted by Larholm's demonstration.
Larholm said the IE flaws also enable an attacker to steal a victim's browser cookies. Cookie files are sometimes used by the browser to authenticate users and allow them to access sites. Larholm did not provide a demonstration of the cookie-stealing exploit.
According to Larholm, he notified Microsoft about the IE vulnerabilities on March 18. The researcher said he decided to publicize his findings because he felt Microsoft was not giving the flaws proper consideration.
"After a month, they are still only at a stage where they are considering whether to patch it," said Larholm in an interview today.
A Microsoft representative said the company was still investigating the issue and declined further comment.
Larholm said the security flaws lie in an IE feature for creating dialog windows. The browser fails to perform proper validation checking when a privacy dialog window interacts with a remote site, he said.
In response to Larholm's advisory, GreyMagic Software of Israel said it found similar dialog-related flaws in another IE resource named Analyze.dlg. According to GreyMagic, earlier versions of Microsoft's browser, including IE 5 and IE 5.5, as well as IE 6, are vulnerable to the attack.
Larholm's advisory is at http://jscript.dk/adv/TL002/ .
GreyMagic's advisory is at http://sec.greymagic.com/adv/gm001-ax/ .
Microsoft's description of privacy features in IE is at http://www.microsoft.com/windows/ie/...ew/privacy.asp .
keep up the good work everyone
May 6th, 2002, 08:35 PM
Nice one - Greenies for you