IE and Firefox Share a Vulnerability 207
hcmtnbiker writes with news of a logic flaw shared by IE 7 and Firefox 2.0. IE 5.01, IE 6, and Firefox 1.5.0.9 are also affected. The flaw was discovered by Michal Zalewski, and is easily demonstrated on IE7 and Firefox. The vulnerability is not platform-specific, but these demonstrations are — they work only on Windows systems. (Microsoft says that IE7 on Vista is not vulnerable.) From the vulnerability description: "In all modern browsers, form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, '.value' parameter cannot be set or changed, and any changes to .type reset the contents of the field... [in this attack] the keyboard input in unrelated locations can be selectively geared toward input fields by the attacker."
Nope (Score:4, Informative)
Doesn't work with Firefox 2.0.0.1 on Windows XP (Score:4, Informative)
Also, there is no need to type all that jibberish about cheese. Just slowly type in:
C:\boot.ini
Type it too quick, and the javascript in the background won't be able to keep up with the rate of keystrokes you enter.
Re:Doesn't work with Firefox 2.0.0.1 on Windows XP (Score:1, Informative)
Requires javascript (Score:3, Informative)
New/unknown sites won't be able to do this, but my previously "trusted" ones will.
Re:IE7 Vista (Score:5, Informative)
Variation on an old bug (Score:5, Informative)
Zalewski's version is bug 370092, and he was unhappy when I marked it as a duplicate of bug 56236.
Re:Doesn't work with Firefox 2.0.0.1 on Windows XP (Score:2, Informative)
Re:Try as I might... (Score:3, Informative)
I think the presence of a C:\ might help.
Re:Nope (Score:3, Informative)
*Doh*
I wonder how many other /.ers tried it, like I did and couldn't get it to work because they forgot to turn off NoScript...
OT: CS:101 - Lost updates. (Score:3, Informative)
Managing documents is not a task to be taken lightly, especially when the document is the product of more than one person, document management systems work in essentially the same way as source control systems. The reason the file is on the footer is to deliberately identify where the document came from (ie: is it "official" or just someones private backup copy). It is also (ironically) a simplistic security measure that makes hard copies somewhat trackable.
Removing the path is a "security through obscurity" solution that would impose an inconvienince on the people who create/edit/review documentation and would increase the risk of corrupt documentation (ie: lost update syndrome).
OTOH: I'm sure there are cases where "burning" is demanded because "shreading" is considered too risky, but I rather think they would be the exception rather than the rule.
Re:Offtopic rant (Score:5, Informative)
Seeing this in tech news just shows how much this has spread. I no longer want to use the word enjoy at all because every time I hear it, I am reminded of this usage and feel a twinge of annoyance.
I want my English language back from these idiots!
You'll have to go a long way back to claim this one.
Re:Nope (Score:3, Informative)
Re:Nope (Score:3, Informative)
Other than getting a full list of user names on my system, what does the /etc/passwd file contain that I don't want others to know? It's not like passwords are stored in there or anything...
Re:Awww, that's so cute (Score:3, Informative)
Save the windows bashing for actual causes.
That's mostly right, actually (Score:2, Informative)
Even on better-designed OSs, though, the exploit has uses for espionage and spam. People tend to put data files in predictable places, using predictable names. With a little luck or a large pool of visitors you can get financial information from QuickBooks, personal info (and valid email adresses) from Outlook contact books, business information from powerpoint documents stored in My Documents, or the complete set of somebody's recent email correspondence.
The focus-diversion technique sounds awkward at first, but I've been thinking of ways to make it more reliable without the user getting suspicious (eg, trick them into typing several backslashes in between other text) - and if I can think of them, others can too.