Who Need Friends ? IE & MSN expose contact list & other info

From: drorshalevat_private
Date: Tue Oct 15 2002 - 06:04:43 PDT

Next message: the Pull: "RE: "Camera/Shy the Steganographical Browser""

Previous message: Sym Security: "Re: Multiple Symantec Firewall Secure Webserver timeout DoS"
Next in thread: Thor Larholm: "RE: Who Need Friends ? IE & MSN expose contact list & other info"
Reply: Thor Larholm: "RE: Who Need Friends ? IE & MSN expose contact list & other info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) <br> IE & MSN expose contact list & other info <br> by spoofing IE security zone using Die Yu Liu % encoding bug (IE 6)<br> this can lead to Privacy Risk<br> <br> MSN Status & hotmail Email Notification exposed by<br>other IE versions<br><br> <a target="mySite" href="http://sec.drorshalev.com/dev/friends/">MSN Contact demo </a> <br> http://sec.drorshalev.com/dev/friends/ <br> More demos are on <b>http://sec.drorshalev.com> <br> <br><b>Feel Free to contact me!</b><br>See my <a href='http://sec.drorshalev.com'>Security WorkShop</a> .<br><br>Dror Shalev<br><a href='mailto:drorshalevat_private? subject=friends'>drorshalevat_private</a><br>Are You Safe? <br><a href='http://www.SafeCenter.NET' target=_blank>www.SafeCenter.NET</a><br>

Next message: the Pull: "RE: "Camera/Shy the Steganographical Browser""
Previous message: Sym Security: "Re: Multiple Symantec Firewall Secure Webserver timeout DoS"
Next in thread: Thor Larholm: "RE: Who Need Friends ? IE & MSN expose contact list & other info"
Reply: Thor Larholm: "RE: Who Need Friends ? IE & MSN expose contact list & other info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 14:38:45 PDT