You are subscribed to the Mac EvangeList - <http://www.MacEvangeList.com>
-----------------------Sponsorship Message-------------------------- On 4.17.02 MacOS X will never be the same. 4D Version 6.8 for MacOS X. More info -> http://www.4D.com/macevangelist/ ---------------------------------------------------------------------- Beyond being yet another back door in Windows, this articles reveals some of the mindset and importance of security at a company that has been telling us recently how seriously it is to them - Shane Another Big MS Browser Hole Found By Michelle Delio 11:41 a.m. April 17, 2002 PDT Internet Explorer users who click their browser's back button open the Windows operating system to a malicious hack attack. When users hit the back button on Explorer's toolbar, the browser's security settings for the "Internet" zone can be bypassed, and the browser will automatically execute malicious code embedded into a site's URL. The problem is caused by what can politely be described as a design flaw in Explorer. When a Web page fails to load, Explorer displays a standard error message. This message is set to operate in the "Local Computer Zone" security setting, which by default allows scripting to run automatically. Any code inserted in the original URL is handled as if it comes from the same security zone as the last URL viewed. So a URL containing malicious JavaScript that might be blocked by default if a user visits the site directly, will be automatically triggered when the user presses the back button. Many users hit the back button when a Web page fails to load in a timely manner. The exploit was discovered by Andreas Sandblad, a Swedish engineering student. Sandblad said he notified Microsoft of the problem last November. He provided additional information to Microsoft on March 25. "Originally, I was only able to produce the same result when the user pressed the refresh button," Sandblad said in an e-mail. "I contacted Microsoft about it in November and they confirmed the problem. On Feb. 28, I received mail from them saying that they didn't think the problem was serious enough to fix." More here: http://www.wired.com/news/technology/0,1282,51899,00.html -- *9/11/2001* We will never forget - http://www.windowscene.com -------------------------------------------------------------------------- For subscribing, unsubscribing or changing to a digest or individual version, visit <http://www.MacEvangeList.com/groups/> -------------------------------------------------------------------------- Send all submissions to: <[EMAIL PROTECTED]>