sting this issue now as I have seen it being exploited in the
wild.
If you use IE, be extremely wary of trusting what appear to be its
built-in security controls.
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
our
> system, unless it chooses random locations and file names.
Unfortunately quite a few of these parasites install themselves
in %WinDir%\System32 or %WinDir%\Downloaded Program Files, which
are not so easy to protect!
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://and.doxdesk.com/
d Sites zone using the normal IE Security tab. Microsoft have
refused to remove this undocumented behaviour.
So essentially the Restricted Sites feature offers zero security protection
by design. Users should not rely on it to enforce stricter settings than
present in the Internet Zone.
--
Andrew Cl
eover="[code]"))
((img src="blah))" onmouseover="[code]"))
((xml src="javascript:[code]"))
((xml id="X"))((a))((b))<script))[code]</script));((/b))((/a))((/xml))
((div datafld="b" dataformatas="html" datasrc="#X"))((/div))
[\xC0][\xBC]script))[code][\xC0][\xBC]/script)) [UTF-8; IE, Opera]
> but there can only be one CSS king, and that king is GOBBLES.
That's nice dear.
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://and.doxdesk.com/