lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAANuHirhJCtFNjblUSGJShn3CgAAAEAAAAMziIlyolCBBrfOAStIDV1cBAAAAAA==@pchandyman.com.au>
Date: Thu, 16 Aug 2007 11:24:00 +1000
From: "Greg" <full-disclosure3@...andyman.com.au>
To: "'Aditya K Sood'" <zeroknock@...niche.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: SecNiche : Microsoft Internet Explorer Pop up
	Blocker Bypassing and Dos Vulnerability

> 
> Advisory : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos
> Vulnerability
>


In fact, it isn't just "malicious" doing this. I wanted to read an article
on a well known Australian I.T. mag and it had, with it, the usual
advertisements. In the middle of reading it using IE7, a pop up started to
come up. I noted that the GOOGLE pop up blocker installed on this IE7 turned
to "Popups Okay" and when the popup came up, it bounced right back to "#
blocked" where "#" equals the number recorded as blocked. This happened to
me yesterday while using an Internet Explorer 7 on a Vista machine with no
third party firewall installed and Google Toolbar installed. So it lead me
to wonder - is Google actually allowing popups for paid advertisers or is
someone fooling with the Google popup blockers for the same reason?

No, I haven't investigated it. I haven't had the time and though this has
potential most likely, it didn't seem malicious right now. Perhaps someone
else can. Too much on my plate to get near it right now. I would love to
hear anything if anyone looks into it. Apologies if this has already been
posted. I am way behind on my list reading.

Greg.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ