IE : The World's Best Advertisement for FireFox

Jun 29

IE : The World's Best Advertisement for FireFox

In a surprise twist, a security flaw has been found in IE’s impenetrable armor that allows a trojan to install its payload and monitor for passwords sent over https connections. Your account number? Now it’s everyone’s account number! Thanks for sharing.

A “Browser Helper Object” is a DLL that allows developers to customize and control Internet Explorer. When IE 4.x and higher starts, it reads the registry to locate installed BHO’s and then loads them into the memory space for IE. Created BHO’s then have access to all the events and properties of that browsing session. This particular BHO watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries.

When an outbound HTTPS connection is made to such a URL, the BHO then grabs any outbound POST/GET data from within IE before it is encrypted by SSL. When it captures data, it creates an outbound HTTP connection to http://www.refestltd.com/cgi-bin/yes.pl and feeds the captured data to the script found at that location.

Via the folks at the Microsoft advocacy site SlashDot. (Oops, I left my sarcastifier turned all the way up!)

by Joe June 29, 2004 4:19 PM

Comments

by Deane, June 29, 2004 4:44 PM

I love the name of the script: "yes.pl". I can just imagine some cracker sitting at his computer pumping his first in the air everytime it runs yelling, "Yes-s-s-s-s!!!:

Add Comment

Want to advertise on this site? Contact FM.

URL Keyword Test by dermacolor, 3 hours, 51 minutes ago
Nerf Sniper Rifle by yig, 10 hours, 28 minutes ago
Spyware Removal Testing by Spyware Blockers, 12 hours, 5 minutes ago
Stupidest Interface Ever by Neil, 21 hours ago
Original SimCity Online by Angelic, 1 day, 4 hours ago
LightKeeper Pro Review by Ed Turner, 1 day, 9 hours ago
Resisting the Thrill of the Chase by David Gammel, 1 day, 15 hours ago
Green Any Site by Tal Ater, 1 day, 16 hours ago
The 12-Year-Old Spy by lily, 2 days, 8 hours ago
Squarespace'd by A. Casalena, 2 days, 9 hours ago
Show 5 more »

Getting the Google Vote by Deane in 2007
GDrive by Deane in 2007
Contented by Deane in 2006
The Apple iWipe by Dave in 2005
Wells Fargo and Second Life by Deane in 2005
Vocal Smoke Alarm by Deane in 2005
Extension APIs and New Versions by Deane in 2005
The Magic of Google by Deane in 2004
Here's a Lawsuit Waiting to Happen... by Deane in 2004
NNDB by Deane in 2004
All Your Content Are Belong To Us by Deane in 2004
PHP.net URL Shortcuts by Deane in 2004
MSN Spaces - The One-Minute Review by Joe in 2004
New Google Groups by Deane in 2004
Programming PHP at Wikibooks by Deane in 2004
How to Pronounce "Linux" by Deane in 2004
MSN Spaces by Deane in 2004
Error Message Primer by Deane in 2003
Harpers Magazine Re-design by Deane in 2003
The Three Click Rule by Deane in 2003
Indiana Keeps Jobs Home by Deane in 2003
Vanity TinyURL by Deane in 2003
Diluted Spam Messages Revisited by Deane in 2003
Looking Pretty Isn't Enough by Deane in 2003
Segway Revisited by Deane in 2003
Arkansas Has RSS by Deane in 2003
Blog from Email by Deane in 2003
Google AdSense Stats MT Plugin by Deane in 2003
Apple Tablet PC Coming? by Deane in 2003
FatWallet Sues Best Buy Over DMCA Claim by Deane in 2003
Google Algorithm Change by Deane in 2003
Open Source and .Net by Deane in 2003
Micropayment Roundup by Deane in 2003
Show 28 more »

Web Hosting Web hosting, dedicated servers and Web design services

Laser Toner Cartridges UK laser toner, toner cartridges, hp toner, lexmark toner, samsung toner, canon, toner, epson toner, oki toner, kyocera toner, xerox toner, remanufactured toner, compatible toner

Direct TV Deals Free 4 room direct tv deals. no equipment to buy. free fast professional direct tv installation. this is the best direct tv deal available anywhere.

SEO Article Learn from the experts with our SEO article.

rope light Shopping with birddog distributing, inc., gives you access to the lowest prices, the best customer service and the quickest delivery times possible.

Laptop AC Adapter We offer genuine factory direct replacement AC adapters.

Direct TV Best satellite TV deals.

Direct TV Deals Direct TV programming deals are varied and include packages containing from 50 channels up to over 250 channels.

8mm film to DVD Retain family memories with the only frame by frame digital restoration service in the United States for your 8mm film to DVD today

Rubber Stamp Shop for custom self-inking stamps, hand stamps, address stamps, label stamps, check endorsement stamps, check deposit stamps, date stamps, pre inks, pocket stamps, ink and much more!

Gadgetopia