RE: scary site

From: Singh Anil V Contr AFRL/MLOC (Anil.Singh@wpafb.af.mil)
Date: 03/07/02


From: Singh Anil V Contr AFRL/MLOC <Anil.Singh@wpafb.af.mil>
To: "'security-basics@securityfocus.com'" <security-basics@securityfocus.com>
Date: Thu, 7 Mar 2002 16:08:16 -0500 

Out of curiosity, what is it about IE that makes it especially vulnerable in
this case? Just looking at the html it seems the page uses standard
JavaScript functions...why wouldn't this work for other browsers?

Anil V. Singh

-----Original Message-----
From: ruler [mailto:rulerpen@optonline.net]
Sent: Wednesday, March 06, 2002 2:21 PM
To: security-basics@security-focus.com
Subject: Re: scary site

There are also sites that will let you view all of your directory trees,
which a server could easily see all of your files. Which do you think is
more scary?
----- Original Message -----
From: "leon" <leon@inyc.com>
To: <security-basics@security-focus.com>
Sent: Tuesday, March 05, 2002 12:30 PM
Subject: scary site

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> http://www.liquidwd.freeserve.co.uk/
>
>
> Try it with a windows machine and IE with all patches.
>
> Be afraid be very afraid.
>
> FYI this is for all those people who are think that just having a
> firewall is enough.
>
> Guess what?
>
> This works through packet filter, stateful inspection and proxy
> servers.
>
> Cheers,
>
> Leon
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPIUArNqAgf0xoaEuEQLn0wCgjtpLPuRxLbCscHrq32IjePeezf8AoI6t
> T73+xCv/VhrCGDVDIVrFBqZl
> =9gR6
> -----END PGP SIGNATURE-----
>



Relevant Pages

  • RE: scary site
    ... The server never knows about it. ... Subject: scary site ... > Try it with a windows machine and IE with all patches. ... > Be afraid be very afraid. ...
    (Security-Basics)
  • RE: scary site
    ... but not transmit that info back to the server. ... >_Subject: scary site ... >_> Try it with a windows machine and IE with all patches. ... >_> Be afraid be very afraid. ...
    (Security-Basics)
  • Re: scary site
    ... it is ismple java script that loads cmd.exe ... > which a server could easily see all of your files. ... > Subject: scary site ... >> Be afraid be very afraid. ...
    (Security-Basics)
  • Re: scary site
    ... There are also sites that will let you view all of your directory trees, ... which a server could easily see all of your files. ... Subject: scary site ... > Be afraid be very afraid. ...
    (Security-Basics)
  • RE: scary site
    ... I had started to play with different ... If I disable scripting on all clients, I can just see the pone calls ... Subject: scary site ... > Be afraid be very afraid. ...
    (Security-Basics)