short: type the name of one of your bookmarks(favorites) in the addressfield in IE, and IE will execute the bookmark. bit longer: its trivial to trick a user into accepting a bookmark for a popular site, uh, lets say www.hotmail.com .. or placing it yourself. effect: users wont be able to access www.hotmail.com by typing the url in the address bar, they'll get redirected to whatever the bookmark points to. impact: this could easily be used for putting up 'fake pages' on public accessible computers, like at libraries, schools etc. where pages like hotmail/google/msn are often accessed. That could give you a lot of nice usernames/passwords. And a lot of crap. perhaps someone could try naming a bookmark http://www.hotmail.com and see what happens? seems i misplaced my funny filename generator.. this is stupid _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 10:51:52 PDT