ALERT: How Hackers Launch SQL Injection, XSS and Session Hijacking
Attacks
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter
Manipulation. All undetectable by Firewalls and IDS! Download *FREE*
white paper from SPI Dynamics for a complete
guide to protection!
http://list.windowsitpro.com/t?ctl=3E6E9:886699
=== SECURITY ALERT =============================================
IE 7.0 Vulnerable to Window Content Injection
Internet Explorer (IE) 7.0 is vulnerable to window content injection
under certain circumstances. When a malicious Web site is open in one
browser window and a legitimate Web site is open in another then the
malicious Web site could alter the content of a pop-up window generated
by the legitimate Web site. The vulnerability could lead to the exposure
of private sensitive information.
Microsoft is aware of the problem and considers the issue to be a
known risk that is to be mitigated by the user, therefore it is unlikely
that a security patch will be forthcoming. In a message posted to the
company's Security Response Center blog, a spokesperson for the company
said that IE 7.0 presents an address bar in pop-up windows, where
previous versions of IE did not do so. The spokesperson said that the
burden is on the user to examine the address bar to ensure that its
content is legitimate. "[People] should never decide to trust a web page
without first verifying both the address of the web page and an SSL
connection," the spokesperson said. See the URL below for the blog
entry.
Some security analysts think that placing the burden on the user is
unreasonable and too risky. Such analysts point to the fact that the
vulnerability was fixed in other browsers, including Firefox, Netscape,
Safari, and Opera, as well as others.
http://list.windowsitpro.com/t?ctl=3E6E8:886699
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and the Windows IT Security newsletter
(subscribe at the second URL below).
http://list.windowsitpro.com/t?ctl=3E6EB:886699
https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=3E6EA:886699
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB1757273C51131CAA2
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=3E6EC:886699
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment