Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: FastCoyote; Dominic Harr; All
Hmmm, some of us cretins have been running the Mozilla strains for quite a while and haven't been affected.

Neither has any IE user. I'd like anyone to point out a single user who was directly attacked by this hack. Bottom line: Nobody was. The threat is theoretical only -- and requires you to traverse to a malicious website. Hackers can't force you to go there; consequently, the actual threat is near zero to the average user.
140 posted on 07/04/2004 3:21:24 PM PDT by Bush2000
[ Post Reply | Private Reply | To 94 | View Replies ]

To: Bush2000
...and requires you to traverse to a malicious website...

Websites have fingerprints. Not as anonymous as a spoofed email.

141 posted on 07/04/2004 3:25:57 PM PDT by js1138 (In a minute there is time, for decisions and revisions which a minute will reverse. J Forbes Kerry)
[ Post Reply | Private Reply | To 140 | View Replies ]
To: Bush2000
Neither has any IE user. I'd like anyone to point out a single user who was directly attacked by this hack. Bottom line: Nobody was. The threat is theoretical only -- and requires you to traverse to a malicious website. Hackers can't force you to go there; consequently, the actual threat is near zero to the average user.

Thank you, Bush. I agree. Secunia has a propensity to announce unexploited security issues. As I pointed out earlier, the safest way to use a secure site is NOT to have anyother windows open while you use it. If you don't go to a malicious site WHILE you have the secure site open, it cannot be hijacked.

See, I knew you could do it.

151 posted on 07/04/2004 10:58:02 PM PDT by Swordmaker (This tagline shut down for renovations and repairs. Re-open June of 2001.)
[ Post Reply | Private Reply | To 140 | View Replies ]
To: Bush2000
I'd like anyone to point out a single user who was directly attacked by this hack.

Another point that needs to be made is that Secunia could accomplish this proof of concept (and scaring the bejeebers out of a lot of web users) ONLY BECAUSE they knew that a specific page from Microsoft with a specific Frame was open on your computer. Because of this SPECIAL knowledge, it was easy to inject their malicious code onto that page. This is a setup.

Consider the real world situation... To have this exploit cause a problem for any particular user, they would have to opened a page with frames on a site in which they would be planning to type in sensitive data... and THEN they would have to navigate to a malicious site that is prepared, in advance, to inject a spoofed page into the frame exactly replicating the page you expected for THAT particular website (out of thousands of possibilities) and THEN have you return to that page to insert your sensitive data...

Why we would all do that... every day..., Right. Sure.

156 posted on 07/04/2004 11:18:26 PM PDT by Swordmaker (This tagline shut down for renovations and repairs. Re-open June of 2001.)
[ Post Reply | Private Reply | To 140 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson