1. Attachments are working again! Check out this thread for more details and to report any other bugs.

IE flaw lets intruders into Google Desktop

Discussion in 'Fred's House of Pancakes' started by Sufferin' Prius Envy, Dec 2, 2005.

  1. Sufferin' Prius Envy

    Sufferin' Prius Envy Platinum Member

    Joined:
    Jul 7, 2004
    3,998
    18
    0
    Location:
    USA
    Vehicle:
    Other Non-Hybrid
    Another day, another nasty IE flaw brought to light. :rolleyes:

    This is not the super critical flaw which was recently discovered (and still not patched!) . . . this one has all the potential to be much worse! Your personal data on your computer is at risk of being exposed! :angry:

    "This design flaw in IE allows an attacker to retrieve private user data or execute operations on the user's behalf on remote domains . . ."

    “ . . . this flaw and other software bugs could be used to covertly access virtually any application on a compromised computer.â€

    “You can bet we will see this one being used to steal users' Quicken data, database files, etc."

    “ While IE is vulnerable . . . Firefox and Opera are not. For protection, Internet users could use one of those browsers or disable JavaScript in IE, Gillon suggested.â€

    http://news.zdnet.com/2100-1009_22-5980623.html

    Mozilla 1.5 :wub:
    http://www.mozilla.com/
     
    #1 Sufferin' Prius Envy, Dec 2, 2005
  2. TonyPSchaefer

    TonyPSchaefer Your Friendly Moderator
    Staff Member

    Joined:
    May 11, 2004
    14,816
    2,498
    66
    Location:
    Far-North Chicagoland
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Advanced
    If you are going to download Firefox, you can also help Priuschat. The following link gives Priuschat sponsorship for your traffic: [CLICK HERE]
     
    #2 TonyPSchaefer, Dec 2, 2005
  3. rick57

    rick57 Member

    Joined:
    Feb 20, 2005
    572
    6
    0
    Location:
    Circleville, Ohio
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    I just read this today at www.extremetech.com. I have FF on my laptop,which has my sensitive data on it,but have yet to put it on the desktop. It is mostly used for surfing anyway. Also it would give my not to technical wife,something else to try and work, :lol: . May have to try and educate her in it,just for fun!
     
    #3 rick57, Dec 2, 2005
  4. brandon

    brandon Member

    Joined:
    Oct 24, 2004
    771
    9
    0
    Location:
    Manhattan, KS
    Vehicle:
    2005 Prius
    ... If the user is dumb enough to click on a malicious URL, of course. The author said it himself, the type of exploit is nothing new, just that the "researcher" took it one step further and included Google Desktop as part of his PoC. Lack of restriction to cross-domain interaction has long been a problem in a variety of products, including a previous release of Firefox. The difference, though, is that Firefox actually patches these vulnerabilities and parses CSS by the book.
     
    #4 brandon, Dec 4, 2005
(You must log in or sign up to post here.)