lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <003701c34adf$6d400360$6f00a8c0@ultor>
Date: Tue, 15 Jul 2003 21:43:13 +0700
From: "Marek Bialoglowy" <mb@...temintegra.com>
To: <bugtraq@...urityfocus.com>
Subject: Internet Explorer Full-Screen mode threats


Hello,

I was reading the "IE chromeless window vulnerabilities" thread and thought
maybe I could add some proof of concept to this discussion.

This very simple demo:

http://www.systemintegra.com/ie-fullscreen/

shows how system password could be captured thanks to Internet Explorer
working in full-screen mode.

Certainly it could be more advanced and designed to detect the platform to
show correct login window. It will work fine on the local network, however
it has to be optimised for the Internet use - everything has to appear
immediately and no download process can be visible.

Best Regards,

 Marek Bialoglowy (ultor@...temintegra.com) - IT Security Researcher
 PGPkey: http://www.systemintegra.com/pgp/ultor.asc | ID: 0x4B36656E
 JOB: (CTO) System Integra | JKT, Indonesia | Timezone: JAVT, GMT +7

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ