Results 1 to 4 of 4

Thread: New IE spy proggie

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001

    Arrow New IE spy proggie

    A group of Japanese security enthusiasts has developed a little tool called IE'en which exposes traffic between an IE user and any server he's contacting, including logins and passwords over HTTPS.

    The group, SecurityFriday, has made the tool available for download here.

    To use the tool it's necessary to log in as a current user on a Win-NT or 2K system. Of course if someone can log into your account they already have a great deal of your life in their hands and this is only going to give them a little bit more.

    What's interesting here is the ability to capture packets between the client and server by exploiting DCOM (Distributed Component Object Model), a Microsoft program interface allowing the mediation and exchange of program and data objects over a network, similar to CORBA.

    According to MS, it "enables software components to communicate directly over a network in a reliable, secure, and efficient manner."

    Well, reliable and efficient it may be, but 'secure' is clearly a bit of a stretcher. And as for a workaround, that's easy: make sure you have a strong password for your user account. If you think yours may be weak, or if you've shared it, then reset it. Ten characters involving a combination of lower and upper-case letters, numerals, and special characters will keep you safe from IE'en jockeys.

    Source: http://www.theregister.co.uk/content/4/25977.html

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Thanks for the info Sonic,

    For those who want to try downloading any of the proggies from the SecurityFriday site.. if you are using IE... you may have a problem.. most Netscape on RH works ok, and Mozilla on Win98 and XP work ok.. But we all are useing other browsers than IE.. Aren't we?

    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    Join Date
    Oct 2001
    Thanx Sonic....

    That is something to look into...

  4. #4
    Join Date
    Jun 2002
    Yes indeed.....thanks for this useful information s0nIc.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts