|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alex Roichman (Alexr
Checkmarx.com)
Date: Sun Jan 31 2010 - 01:47:38 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Checkmarx Research Labs has identified a new critical vulnerability in
Internet Explorer (other browsers are probably exposed the same way) that
would allow hackers to easily compromise web applications. Cross-Site
History Manipulation (XSHM) is a newly discovered zero-day attack: attackers
may have been using it for a long time, but the application and security
communities do not know it.
To help major browsers or application developers stop the proliferation of
this exploit, Checkmarx has published a guide to identify and remediate the
vulnerability. It can be downloaded at
http://www.checkmarx.com/CxDownloadRequest.aspx?id=8
A POC for IE and Facebook users can be seen here:
http://www.checkmarx.com/Demo/XSHM.aspx In this page, an attacker can easily
detect whether a user is currently authenticated to the Facebook
application. Interested parties will be able to detect XSHM in samples of
their application by using a free download version of the product.
Thanks,
Alex Roichman
Chief Architect and head of Research labs, Checkmarx Ltd.
Securitylabscheckmarx.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]