RE: IE bookmark 'clever' feature not so clever after all

From: Petruzel, Oliver (OliverPat_private)
Date: Thu Aug 16 2001 - 06:35:57 PDT

Next message: kantat_private: "Re: Assembler Help"

Previous message: Xyntrix: "Re: IE bookmark 'clever' feature not so clever after all"
Maybe in reply to: perkere stinker: "IE bookmark 'clever' feature not so clever after all"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 
> Exploiting this would be a "social engineering" exploit, not a bug.
> I guess the more integrated we get the harder it will be to 
> prevent this
> kind of social exploit.


that is simply not accurate.  This exploit can harm IE users remotely
through javascript coding. plain and simple.  If anything, it's a
combination social/logical exploit.

One of the most popular, yet subtle, methods of exploitation is malicious
web content.  the key is simply drawing the viewers to the location.  The
rest is handled silently by M$ software. (in most cases - setting internet
zone sec to high might prevent this or make it much more
difficult/detectable).  This could also take place through the wonderful
IE/Outlook relationships, and even more so perhaps in XP.  A malicious email
can be sent that once viewed simply says "hi", while in the background, the
scripting is placing or replacing bookmarks... or:

examples: 
1) searched and replaced bookmark for yahoo.com or google.com.  they are
replaced with commands such as rdisk or perhaps something else with
user-level priv instead.  the next time the user wishes to search, they are
confused and hacked (cracked.. whatever).  this is not a social engineered
exploit, it's a logical one.

2) links in email or web content which say one thing such as "you have a new
greeting card at www.sweethearts.com", which point to a malicious site
instead (Favorites change has occurred), which the attacker has crafted to
error out (yet running malicious script quietly in the background) then
redirects to the real site.  This is YOUR combo of social/logical.

3) and just to bring up my favorite subject again, add Raw Socket priv's for
all users to this equation...you do the math.  the possibilities then become
endless!

but as u may see, it's not purely social, and can be prevented simply by
disallowing remote priv to "Favorites" defining.
M$ all too often gives us these wonderful "features" that backfire.  I wish
they would just K.I.S.S. 

-oliver p.

Next message: kantat_private: "Re: Assembler Help"
Previous message: Xyntrix: "Re: IE bookmark 'clever' feature not so clever after all"
Maybe in reply to: perkere stinker: "IE bookmark 'clever' feature not so clever after all"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 08:06:57 PDT