Vulnerability Development mailing list archives
Re: IE bookmark 'clever' feature not so clever after all
From: Xyntrix <xyntrix () bitz org>
Date: Wed, 15 Aug 2001 16:13:34 -0700
it's fairly feasible concept. 1) attacker places javascript on a public website to add a bookmark for www.onlinebankx.com (and possibly other commonly visited sites where a username and a password might be needed) which is actually www.attackersite.com. 2) attacker sets up a mirror of www.onlinebankx.com on www.atackersite.com. 3) attacker then sets up some method to draw people to visit public website (free porn, for example). 3) victim visits public website, gets several bookmarks added. 4) if the attacker is lucky, the victim eventually goes to visit one of those bookmarks which pulls up the fake site. 5) victim enters their username and password for www.onlinebankx.com at which time the attacker records such information as entered. 6) an error page is then displayed and victim is then forwarded on to the real site, unaware that their username and password have been obtained by the attacker. combine step 1 with placing malicious javascript on vulnerable ida iis sites, and a worm to deliver such a package, and the number of possibilities for this scenerio to work gets higher. the only two dependent variables are: wether joeuser running ie visits a bookmark effecting site and wether joeuser will go to a possibly redirected website. opera and netscape both do not direct themselvs to a bookmark-title location. also, netscape and opera do not support the remotee-bookmark placing 'feature'. On Wed, Aug 15, 2001 at 03:05 PM, Kevin Gagel <Gagel () cnc bc ca> said:
Personally I like the idea that I can name my bookmarks whatever I want. This allows me to save web sites that are poorly named with something I prefer. Exploiting this would be a "social engineering" exploit, not a bug. I guess the more integrated we get the harder it will be to prevent this kind of social exploit. Nothing short of a labotamy for exploiters can really help with a social exploit. Especially since most users tend to not bother understanding. Therefor I recomend a real fix for the problem - Turn off the computer...yup totaly right rename bookmark to a website like hotmail and it follows the bookmark instead of the real page meanted-- ============================= Kevin W. Gagel Network Administrator College of New Caledonia gagel () cnc bc ca (250)561-5848 loc. 448 =============================
----- ________________________________ Mike Mclane | xyntrix () bitz org | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current thread:
- IE bookmark 'clever' feature not so clever after all perkere stinker (Aug 15)
- Re: IE bookmark 'clever' feature not so clever after all Sould3mon (Aug 15)
- Re: IE bookmark 'clever' feature not so clever after all Kevin Gagel (Aug 15)
- Re: IE bookmark 'clever' feature not so clever after all Xyntrix (Aug 15)
- Re: IE bookmark 'clever' feature not so clever after all Kevin Gagel (Aug 15)
- <Possible follow-ups>
- RE: IE bookmark 'clever' feature not so clever after all Petruzel, Oliver (Aug 16)
- Re: IE bookmark 'clever' feature not so clever after all Sould3mon (Aug 15)