Vista + IE7’s default security: Blocked site from stealing info, MSBLOG

Vista + IE7’s default security: Blocked site from stealing info

May 15th, 2007 by

Jabez Gan [MVP]

At the ToorCon Seattle (beta) conference, Web application security specialist Robert Hansen (RSnake) demoed Mr-T (Master Recon-Tool), a new utility that combines information disclosure flaws in Internet Explorer and Firefox to collect information on a target’s computer system.

Basically, it will attempt to use Javascript to cough up information about ones’ browser details, eg: version of browser, what plugins are running/enabled, location of the machine, internal IP of the machine etc.

However on a Vista with IE7 running, “Access denied” error will be shown. This is because Vista + IE7 has Javascript disabled by default.

Please test your browser here:
http://ha.ckers.org/mr-t/

Through the above website it can also show you what gmail address you are using.

More information: http://blogs.zdnet.com/security/?p=197&tag=nl.e622

Does it work on IE7 on Windows XP?

Posted in Internet Explorer, Windows Vista, Windows XP | 1 Comment »

This entry was posted on Tuesday, May 15th, 2007 at 5:02 pm and is filed under Internet Explorer, Windows Vista, Windows XP. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response

UrbanGeek Says:
May 15th, 2007 at 6:53 pm
This does work on XP! I did not however see where it could tell what my gmail address is.

Search

Disclaimer

Archives

Categories

Vista + IE7’s default security: Blocked site from stealing info

One Response