It's important, and via FB, there will be lots of ways to make this work for some subset of the population, BUT, I still rate this as a mid-range threat in practice.
*ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) *Harnessing the Advantages of Technology for the SMB market... * On Fri, May 27, 2011 at 12:33 PM, Ziots, Edward <[email protected]> wrote: > > > http://www.networkworld.com/community/blog/ie-flaw-could-allow-hackers-a > ccess-your-faceb?source=NWWNLE_nlt_security_2011-05-27 > > Microsoft is not too worried about this zero-day hole in all versions of > IE. Microsoft spokesman Jerry Bryant said, "Given the level of required > user interaction, this issue is not one we consider high risk. In order > to possibly be impacted a user must visit a malicious website, be > convinced to click and drag items around the page and the attacker would > need to target a cookie from the website that the user was already > logged into." > > /My Slant on the situation.. > Honestly, visiting a malicious website is about as easy is getting > re-directed from a supposed known Good site, due any number of web > application vulnerabilities ( XSS, malicious iframes come to mind). And > given if the user is already getting re-directed or hits the bad site, > there is no telling what they might be tricked into doing. > > I do agree there might not be a high likely-hood that the site that the > attack stole the cookie from is the same site that the user is currently > logged into, but if the attacker did steal the cookie ( abeit > credentials and otherwise) and replayed them to the sites they belong, > it possibly could allow that attack to impersonate the legitimate user > and do any number of things. > > Heads up gang, might be seeing a security advisory on this soon enough, > > Z > > Edward E. Ziots > CISSP, Network +, Security + > Security Engineer > Lifespan Organization > Email:[email protected] > Cell:401-639-3505 > e ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
