diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Internet Explorer 8 PoC ‘URL Shortening Shenanigans Involving Twitter’

MSRT said on last Friday that it was aware of a “publicly disclosed issue involving Internet Explorer”, and promised an investigation, without going into details. Circumstantial evidence suggests Microsoft is referring to a post by Google’s security researcher Chris Evans, to a Full Disclosure mailing list:

“A nasty vulnerability exists in the latest IE8,” Evans wrote. “I’ve been unsuccessful in persuading the vendor to issue a fix.”

“The bug permits — for example — an arbitrary web site to force victim to make tweets,” he added.

Evans claims Microsoft has been aware of the bug since 2008, producing a harmless proof-of-concept exploit to illustrate his concerns.

Rik Ferguson of Trend Micro, explained that the exploit works by stealing the (supposedly secret) credentials for an already authenticated browser session, for e.g. Twitter. “Those credentials are then abused to send arbitrary forged content,” Ferguson writes.


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...