|
-
April 1st, 2008, 04:57 PM
#1
JAVA: new variation on a theme?
It seems that the idea of poisoning websites with Java scripts has taken a slightly new twist.
Attackers have taken advantage of JavaScript before, but usually on individual sites. The search engine trick — which has been focused on Google, though it could work on Yahoo and MSN search engines — is new, Danchev says.
Apparently it works like this:
The vulnerability occurs when someone does a Google search, then clicks on a result that has been secretly tainted by hackers. They will usually be taken to the Web page they expect. But at the same time, they are invisibly redirected to a computer server that installs a hidden program.
Article is here:
http://www.usatoday.com/tech/news/co...s_N.htm?csp=34
The worry here is that the targets seem to be large and reputable sites, that more security aware people would be tempted to allow in FireFox's "NoScipt" plugin, or put in the trusted zone of IE? 
Still want to turn off UAC.....................assuming that would warn you?????
Similar Threads
-
By SDK in forum Miscellaneous Security Discussions
Replies: 15
Last Post: November 26th, 2004, 04:50 AM
-
By MrLinus in forum Cosmos
Replies: 4
Last Post: April 18th, 2004, 08:01 AM
-
By -DaRK-RaiDeR- in forum AntiOnline's General Chit Chat
Replies: 5
Last Post: December 31st, 2002, 06:39 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote