IE bookmark 'clever' feature not so clever after all

• Previous message: Birger Toedtmann: "Re: Assembler Help"
• Next in thread: Sould3mon: "Re: IE bookmark 'clever' feature not so clever after all"
• Reply: Sould3mon: "Re: IE bookmark 'clever' feature not so clever after all"
• Reply: Petruzel, Oliver: "RE: IE bookmark 'clever' feature not so clever after all"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

short: type the name of one of your bookmarks(favorites) in the addressfield 
in IE, and IE will execute the bookmark.

bit longer: its trivial to trick a user into accepting a bookmark for a 
popular site, uh, lets say www.hotmail.com .. or placing it yourself.

effect: users wont be able to access www.hotmail.com by typing the url in 
the address bar, they'll get redirected to whatever the bookmark points to.

impact: this could easily be used for putting up 'fake pages' on public
accessible computers, like at libraries, schools etc. where pages like
hotmail/google/msn are often accessed. That could give you a lot of nice 
usernames/passwords. And a lot of crap.

perhaps someone could try naming a bookmark http://www.hotmail.com and see 
what happens? seems i misplaced my funny filename generator..

this is stupid

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

• Next message: Inno Eroraha: "[Site available] :: RE: Wireless Lans give EVERYONE ACCESS"
• Previous message: Birger Toedtmann: "Re: Assembler Help"
• Next in thread: Sould3mon: "Re: IE bookmark 'clever' feature not so clever after all"
• Reply: Sould3mon: "Re: IE bookmark 'clever' feature not so clever after all"
• Reply: Petruzel, Oliver: "RE: IE bookmark 'clever' feature not so clever after all"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 10:51:52 PDT