Forget it ALL major browsers are at risk from this new vulnerability.
Introduction
Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window.
Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.
This is one fucked up vulnerability, one of the worst I have seen EVER!
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img] "Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
Left Click the first link named "Test Now - With Pop-up Blocker - Left Click On This Link"
On the new page click the Consumer Alert picture
This is the danger with this one!
All large browsers are unsafe from this ALL!
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img] "Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
I'm running Firefox 1.0, tried both of the links, did just as the instructions said and got a pop-up titled Learn About Spoofs on both occasions, not the Secunia pop-up Faram posted a picture of.
The pop-up wrote:Every Internet user should know about spoof (a.k.a. phishing or hoax) e-mails that appear to be from a well-known company but can put you at risk.
Ok, I just tried four more times and got the same results... maybe it's broken or something.
Now I can't access the Secunia website at all. Considering that and the fact that this is supposed to work on Firefox, which it didn't do for me, I am starting to think that there really is something wrong with the Secunia site.
A "safe" result might not mean that you are safe after all.
EDIT: I just got the Secunia page to work again and tried once more... and got the Secunia pop-up Faram posted a picture of , even though it didn't work on previous attempts.
Ph34r teh eyebrow!!11!Writers GuildSluggitePawn of ChaosWYGIWYGAINGW so now i have to put ACPATHNTDWATGODW in my sigEBC-Honorary Geordie Hammerman! Hammer!
The latest Safari didn't bring up the Secunia pop-up, but the latest Camino (a Mozilla-variant) did.
“There are two kinds of people in the world: the kind who think it’s perfectly reasonable to strip-search a 13-year-old girl suspected of bringing ibuprofen to school, and the kind who think those people should be kept as far away from children as possible … Sometimes it’s hard to tell the difference between drug warriors and child molesters.” - Jacob Sullum[/size][/align]
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img] "Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
With the pop up blocker I get the Secunia window. Without the pop up blocker I get the citibank window.
ASVS('97)/SDN('03)
"Whilst human alchemists refer to the combustion triangle, some of their orcish counterparts see it as more of a hexagon: heat, fuel, air, laughter, screaming, fun." Dawn of the Dragons
The first two times it showed the Secunia pop-up but after that, it showed the regular pop-up from Citi-bank.
Edit: and back again. Anyway, I got the spoof-stick to show where the site is coming from.
I have almost reached the regrettable conclusion that the Negro's great stumbling block in his stride toward freedom is not the White Citizen's Counciler or the Ku Klux Klanner, but the white moderate, who is more devoted to "order" than to justice; who constantly says: "I agree with you in the goal you seek, but I cannot agree with your methods of direct action"; who paternalistically believes he can set the timetable for another man's freedom; who lives by a mythical concept of time and who constantly advises the Negro to wait for a "more convenient season."
Pcm979 wrote:Version 1.0, with pop-up blockers. Yes, I did the test for people with pop-up blockers.
Then you are vulnerable.
There might be somthing in the network or some other setting in you computer that is affecting this but Firefox 1.0 is not safe from this attack.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img] "Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
If there is more than one tab open in a window, it doesn't work in Firefox. Try it. Click the link to open the citibank website in a new window. Hit Ctrl+T. Then click the image. The citi-bank window shows up properly.
At least, I think that's how it's working...
"preemptive killing of cops might not be such a bad idea from a personal saftey[sic] standpoint..." --Keevan Colton
"There's a word for bias you can't see: Yours." -- William Saletan
Pcm979 wrote:Version 1.0, with pop-up blockers. Yes, I did the test for people with pop-up blockers.
Then you are vulnerable.
How many fucking times do I have to tell you? I did the test. I'm safe.
Did you click on the spoofing thing? I'm using Firefox 1.0 and when I clicked on the Citibank web site. Then, on the Citibank web site, I clicked on the consumer alert graphic, and I got the Secunia warning. Firefox 1.0 is not safe from the security hole.
, even though it didn't work on previous attempts.
