| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Jul 2003 21:43:13 +0700 From: "Marek Bialoglowy" <mb@...temintegra.com> To: <bugtraq@...urityfocus.com> Subject: Internet Explorer Full-Screen mode threats Hello, I was reading the "IE chromeless window vulnerabilities" thread and thought maybe I could add some proof of concept to this discussion. This very simple demo: http://www.systemintegra.com/ie-fullscreen/ shows how system password could be captured thanks to Internet Explorer working in full-screen mode. Certainly it could be more advanced and designed to detect the platform to show correct login window. It will work fine on the local network, however it has to be optimised for the Internet use - everything has to appear immediately and no download process can be visible. Best Regards, Marek Bialoglowy (ultor@...temintegra.com) - IT Security Researcher PGPkey: http://www.systemintegra.com/pgp/ultor.asc | ID: 0x4B36656E JOB: (CTO) System Integra | JKT, Indonesia | Timezone: JAVT, GMT +7
Powered by blists - more mailing lists