Re: IE7 add-on

[Dave Howe <David.Howe () ansgroup co uk>]

jason_jones98 () hotmail com wrote:
> Log into your bank, open another tab within the window i.e. google.
> Close the banking tab, hit Alt-X and the 'logged-in' banking window
> re-opens. I have also attempted this on other applications and the
> majority work. Can someone advise if M$ have provided us with a great
> MITM plug-in tool?

Not really. The same effect can be seen if you hit Ctrl-H for a history 
list, and open the stored page link in the "current" tab. It depends on 
either a hash token being in the URL, or a session cookie still being 
current in the cookie-jar as you have not close the browser.

so, yet more evidence for why you should log out and close your browser 
properly after using internet banking and not mix-and-match tabs, but 
other than that, nothing spectacular.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------