To: FastCoyote; Dominic Harr; All
Hmmm, some of us cretins have been running the Mozilla strains for quite a while and haven't been affected.
Neither has any IE user. I'd like anyone to point out a single user who was directly attacked by this hack. Bottom line: Nobody was. The threat is theoretical only -- and requires you to traverse to a malicious website. Hackers can't force you to go there; consequently, the actual threat is near zero to the average user.
To: Bush2000
...and requires you to traverse to a malicious website...Websites have fingerprints. Not as anonymous as a spoofed email.
141 posted on
07/04/2004 3:25:57 PM PDT by
js1138
(In a minute there is time, for decisions and revisions which a minute will reverse. J Forbes Kerry)
To: Bush2000
Neither has any IE user. I'd like anyone to point out a single user who was directly attacked by this hack. Bottom line: Nobody was. The threat is theoretical only -- and requires you to traverse to a malicious website. Hackers can't force you to go there; consequently, the actual threat is near zero to the average user. Thank you, Bush. I agree. Secunia has a propensity to announce unexploited security issues. As I pointed out earlier, the safest way to use a secure site is NOT to have anyother windows open while you use it. If you don't go to a malicious site WHILE you have the secure site open, it cannot be hijacked.
See, I knew you could do it.
151 posted on
07/04/2004 10:58:02 PM PDT by
Swordmaker
(This tagline shut down for renovations and repairs. Re-open June of 2001.)
To: Bush2000
I'd like anyone to point out a single user who was directly attacked by this hack. Another point that needs to be made is that Secunia could accomplish this proof of concept (and scaring the bejeebers out of a lot of web users) ONLY BECAUSE they knew that a specific page from Microsoft with a specific Frame was open on your computer. Because of this SPECIAL knowledge, it was easy to inject their malicious code onto that page. This is a setup.
Consider the real world situation... To have this exploit cause a problem for any particular user, they would have to opened a page with frames on a site in which they would be planning to type in sensitive data... and THEN they would have to navigate to a malicious site that is prepared, in advance, to inject a spoofed page into the frame exactly replicating the page you expected for THAT particular website (out of thousands of possibilities) and THEN have you return to that page to insert your sensitive data...
Why we would all do that... every day..., Right. Sure.
156 posted on
07/04/2004 11:18:26 PM PDT by
Swordmaker
(This tagline shut down for renovations and repairs. Re-open June of 2001.)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson