Scripting is baaaad

By Frank on Aug 16, 2007 · Leave a Comment

So, on Monday I reported on why you shouldn’t allow Flash on your network with the article: Nmap 127.0.0.1: Flash Style . Kind of hinting toward how a malicious site could scan your internal network without triggering your firewall, IPS/IDS, or sometimes even a host based firewall/ips. Today, I have a new threat that is hot off of BugTraq. A researcher at SecNiche.org by the name of Aditya K Sood found a vulnerability in Microsoft Internet Explorer’s PopUp Blocker. An incredible small amount of code can be executed via JavaScript to add a site to the “Allowed” popup list. You can find the write up HERE (PDF).

Isn’t it about time that you start using Firefox with Adblock Plus and NoScript ? Might as well throw in another good add-on called StumbleUpon as well.

::UPDATE:: It has been confirmed that this only works when the html document is opened locally. The reason I didn’t wipe the article all together is the fact that things like this usually are a seed to find an actual working way to get this done.

Frank's the editor in chief of tech.nocr.at. He can be found surfing the internet and playing with gadgets. Follow him on twitter @franklinhares

Filed under Hacking And Security · Tagged with AA, ac, bug, ds, ea, fire, firefox, firewall, flash, hack, hacking, id, ir, iso, java, led, lock, microsoft, mozilla, nda, network, open, os, pda, pdf, pen, rc, ring, rip, security, small, stumbleupon, time, tron, update

tech.nocr.at

Scripting is baaaad

Follow Us

Friends

Recent Comments

Bullets At 1,000,000 FPS

Most Read Posts

Facebook

Tag Cloud

Links

Categories

Contact Us