Cross browser javascript vulnerability



It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec …. “This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users,” and is a way that the attacker could scrape/log things that are typed in (bank information, passwords, etc.) Also, they say “In one scenario, a crafty programmer might be able to trick users into entering personal data into a seemingly secure field on an online payment form, giving the hacker access to anything typed within the field.”


They say it would take a fairly determined attacker and require LOT’s of typing from the user. So, sites that would require LOT’s of user input might be targetted.

Related Posts

Blog Traffic Exchange Related Posts
  • Vmware launches beta of real to virtual converter Vmware has launched a tool (windows only it seems) aimed to convert a REAL running system into a virtual machine. (For use with VMWare's virtualization products. The converter also can convert images from competing virtual machine "platforms"(?) (Microsoft Virtual PC, Microsoft Virtual Server, Symantec Backup Exec System Recovery (formerly LiveState......
  • Sandbox your browser on a linux system While I was reading about browser sandboxing coming up in Vista and musing about how easy or difficult it would be to sandbox OTHER 3rd party applications, I found a comment on a ZDNet post that I think I'll just copy directly (of course, giving credit to the poster...) Of......
  • The end for Windows 98 may be a boost to linux? There are articles out about the demise of official Windows 98 and ME support would be a boost to linux uptake. Realistically, I suppose it may, but I personally am not holding my breath. Here's why. 1) The people still running Windows 98/ME are likely doing so because that's what......
Blog Traffic Exchange Related Websites
  • Why Choose The Best Web Browser For Online Security Web browser is the prime software to connect yourself to the world wide web. Now most of the companies are increasingly putting more and more services on their website and ask their customer to take active part online. Secured browser means keeping your computer free from the virus, spyware and......
  • Finovate Startup 2009 Live Twitter I am attending Finovate Startup 2009. It is an action packed 1 day format which I belive will lend itself perfectly to a live twitter. Stay tuned it should be an amazing day. http://twitter.com/BlogTrafficExch In the break I have scheduled some talks with SimplFi, Mint, and Calendar Budget. I am......
  • Microsoft Security Bulletin Summary for July 2010 MS10-042 - Vulnerability in Help and SupportCenter Could Allow Remote Code Execution (2229593) "This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site