funsec mailing list archives
Researchers: Beware the IE Cache on a Public Terminal
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 20 Dec 2007 17:05:17 +0200 (EET)
"If you use Internet Explorer to access Google's Gmail on public terminals, you may be leaving a lot of sensitive information exposed in the browser's cache, according to a warning from Web application security specialist Cenzic." The news article continues: "However, Microsoft has downplayed the risk, insisting this is "not a product vulnerability." Cenzic spokesman Mandeep Khera said his company's researchers figured out a way to use CSRF (cross-site request forgery) in combination with the improper use of caching directives to hijack Gmail credentials from the IE cache." More at http://www.eweek.com/article2/0,1895,2236192,00.asp I don't see this as a serious issue, because a local access is required. ComputerWorld article gives more technical information from the author of the issue: --clip-- "Gmail, Cenzic went on, contributes to the overall vulnerability because its URLs display attachments when viewed using the "View Source" command." Link: http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=cybercrime_and_hacking&articleId=9053462&taxonomyId=82&intsrc=kc_top Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Researchers: Beware the IE Cache on a Public Terminal Juha-Matti Laurio (Dec 20)