Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

IE and Firefox Share a Vulnerability

Lemm Re:Doesn't work with Firefox 2.0.0.1 on Windows XP (207 comments)

Very true. First time I tried it, it got as far as c:bo and stopped cos I was typing too fast. That wouldn't be any use at all.

Mind you, the likelihood of people typing sufficiently slowly for this to catch the keystrokes is high enough to warrant this as a threat. However, that's only if the attacker knew the name of the file to look for. I guess to pull something from My Documents they just need the user to type in their Windows username (eg c:\Documents and settings\[username goes here]\My Documents - they could fill in the rest themselves), but then they'd have to append the document name, say, document1.doc to the end.

If they don't know the filename, this attack is dead in the water. Why would someone enter the name of a document on their system just because some random webpage asks?

I suppose a fix for this would be a warning prompt when a file is about to be sent. Any other suggestions? Is this solution too obtrusive?

more than 7 years ago

Submissions

Lemm hasn't submitted any stories.

Journals

Lemm has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>