Vista + IE7’s default security: Blocked site from stealing info


At the ToorCon Seattle (beta) conference, Web application security specialist Robert Hansen (RSnake) demoed Mr-T (Master Recon-Tool), a new utility that combines information disclosure flaws in Internet Explorer and Firefox to collect information on a target’s computer system.
Basically, it will attempt to use Javascript to cough up information about ones’ browser details, eg: version of browser, what plugins are running/enabled, location of the machine, internal IP of the machine etc.
However on a Vista with IE7 running, “Access denied” error will be shown. This is because Vista + IE7 has Javascript disabled by default.
Please test your browser here:
http://ha.ckers.org/mr-t/
Through the above website it can also show you what gmail address you are using.
More information: http://blogs.zdnet.com/security/?p=197&tag=nl.e622
Does it work on IE7 on Windows XP?
Posted in Internet Explorer, Windows Vista, Windows XP | 1 Comment »
May 15th, 2007 at 6:53 pm
This does work on XP! I did not however see where it could tell what my gmail address is.