> >My exploit is completely different from the secureexperts.com 'frame >spoof bug'. If you examine the source, you will see they have nothing in >common. AFAIK 'frame spoofing' needs a frame to spoof, I did not need a >frame. > >Even Netscape has acknowledged 'Window spoofing bug' is a new bug. > I DID look at your code (and I didn't mean that your code was junk, mearly that I had deleted stuff BTW). If netscape ack'ed that this is a new bug then it is because you got someone new to review it or someone who didn't realize that they are the same problem. Now I wonder if they are looking into this. Anyone who looked at how Secureexperts did their attack could easily move it onto an attack against a regular page (as I did 2 months ago, and you did more recently I presume). Both exploit the same fundamental feature (..not a bug, it is a feature), of being able to direct java to open up a new site inside of another window or frame (Based on a timer or some such trigger). I very much believe it is the same problem. We have been unable to figure out a good blanket procedure to fix it though. You can do neat things with timers, should they be taken out of Java in the name of security? Perhaps we should suggest to the browser developers that they change the window's appearence of any window/frame that is not the same as the URL displayed in the Location box in some manner. While this would fix new browsers, we still have a LOT of people using old browsers out there (and would still be susceptable). I had a man call me up 2 weeks ago wondering why his Netscape 1.0 browser wouldn't do something (Didn't quite have me on the floor laughing). -Robert >>for IE (that didn't work for all cases BTW). The solution to this was > >Regards, >Georgi Guninski > > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:36:50 PDT