Obsahuje:
  • všechny e-ziny od 9/1999
  • celou databázi NEWS
  • soutěže 2000-2011
  • další články a BONUSY

Security - News

http://crypto-world.info

Crypto - News | Security - News

12 / 2004
Vybrali pro vás: TR - Tomáš Rosa, JP - Jaroslav Pinkava, PV - Pavel Vondruška, VK - Vlastimil Klíma

Velmi kritická chyba v MSIE se SP2, umož?nující rhybá??m podvržení SSL webu

20.12.2004
Security researcher Paul from the Greyhats research group has published details of an Internet Explorer cross-site scripting vulnerability that could allow an attacker to spoof the address line and the padlock symbol used to signify an SSL (secure sockets layer) connection. The flaw lies in the DHTML (Dynamic Hypertext Markup Language) Edit ActiveX control. Since the flaw is found in the browser, the attack can be used to spoof any website. The user would see the legitimate site's web address and a certificate for the malicious site. Secunia's Thomas Kristensen says it is odd that Paul chose to publish the flaw without informing Microsoft. The flaw affects Internet Explorer, even on systems with Service Pack 2. Secunia has rated the flaw as "moderately critical."
Zdroj: http://news.zdnet.co.uk/internet/security/0,39020375,39181466,00.htm
Autor: VK


<<- novější - Bezpe?nostní software zdarma
Design: Webdesign