From: Robert S. Slifkin (robSLIFKIN.NET)
Date: Thu Feb 07 2008 - 13:32:47 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That does sound like a risk waiting to be exploited. However, if you
log off of websites properly, that would greatly mitigate the risk.

____________________________________
Robert S. Slifkin
Email: Robslifkin.net
Phone: 203.962.3878

-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
On Behalf Of jason_jones98hotmail.com
Sent: Thursday, February 07, 2008 9:34 AM
To: pen-testsecurityfocus.com
Subject: IE7 add-on

Hi.

I have just loaded the ie7 add-on 'open-last-tab', has anyone else had a
play with this? From initial results i have found this to be a great
'man-in-the-middle' attack tool.

Example on Bank site(no-names):

Log into your bank, open another tab within the window i.e. google.
Close the banking tab, hit Alt-X and the 'logged-in' banking window
re-opens. I have also attempted this on other applications and the
majority work. Can someone advise if M$ have provided us with a great
MITM plug-in tool?

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]