From: Robert S. Slifkin (rob@SLIFKIN.NET)
Date: Thu Feb 07 2008 - 14:32:47 EST
That does sound like a risk waiting to be exploited. However, if you
log off of websites properly, that would greatly mitigate the risk.
____________________________________
Robert S. Slifkin
Email: Rob@slifkin.net
Phone: 203.962.3878
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of jason_jones98@hotmail.com
Sent: Thursday, February 07, 2008 9:34 AM
To: pen-test@securityfocus.com
Subject: IE7 add-on
Hi.
I have just loaded the ie7 add-on 'open-last-tab', has anyone else had a
play with this? From initial results i have found this to be a great
'man-in-the-middle' attack tool.
Example on Bank site(no-names):
Log into your bank, open another tab within the window i.e. google.
Close the banking tab, hit Alt-X and the 'logged-in' banking window
re-opens. I have also attempted this on other applications and the
majority work. Can someone advise if M$ have provided us with a great
MITM plug-in tool?
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT