| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
IE bug allows full MSN Messenger hijack | |
|
||
| Time: 19:14 EST/00:14 GMT | News Source: The Register | Posted By: Todd Richardson | ||
|
The recent privacy stuff-up in Messenger "pales in comparison to what can be done if you use MSN Messenger through unpatched IE vulnerabilities," security researchers Tom Gilder and Thor Larholm have discovered. Among the fun and games one can have with a vulnerable Messenger user are such sports as impersonating the victim and sending spoof messages and spoof e-mail memos to his contacts, and scouring his local drive for interesting files to share around. In other words, you can do anything with the victim's Messenger client that the owner can do. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 194 Last | Next |
The time now is
10:05:52 AM
ET.
Any comment problems? E-mail us |
| #1 By 2332 (129.21.145.80) at 2/10/2002 1:44:13 AM |
|
This really sucks. There are now multiple *very* serious IE holes that Microsoft has yet to patch. Some of these holes have been around for almost 3 months now.
Check out this site for more info: http://jscript.dk/unpatched/ For now, I'm simply going to disable scripting... which really sucks. I hate when Microsoft makes it impossible for me to defend them. |
| #2 By 2062 (63.11.142.67) at 2/10/2002 10:56:22 AM |
|
This is a bad security problem, however it's not the worst. Most of the media articles ive read about this paint the exploit as very bad, and adds further proof that microsoft does not take security seriously.
However this is not the worst by far. Just last year there was an AIM exploit that allowed anyone to steal an aim 10 characters or less, for almost a year. The exploit was found by hypah in august 2000, it was fixed on windows platforms by january 2001, however the mac version wasn't fixed until july 2001. Around feb 2001 hypah made a prog to steal aims using the mac aol protocol on windows machines. He used it to steal 6000 aims in just a couple days, and posted them on a website. AOL knew about this and did nothing. It was another 3 months before the problem was fixed. Just a year earlier there was another aim exploit that lasted a good 6 months. You can find more info by searching google on hypah and "aim thief", or by visiting this site: http://www.aol-files.com/breaches/index.html , the exploit im referring to is in http://www.aol-files.com/breaches/indent2k.htm I'm not defending MS, im just saying this isnt the worst instant messenger problem ever found, and if you want to be fair about it look at the record for others such as yahoo or aim. As the authors of the msn exploit say on there site, this isn't an exploit with messenger, it's an exploit in IE that makes it possible. Once a patch comes out fixing ie, this will be a nonissue. -gosh |
|
Write Comment
Return to News |
Displaying 1 through 25 of 194 Last | Next |
The time now is
10:05:52 AM
ET.
Any comment problems? E-mail us |
