|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
HTASploit
From: Larry Seltzer <larry(at)larryseltzer.com>
Date: Tue Jul 29 2003 - 21:27:54 EDT
Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products.
Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms
Received on Wed Jul 30 11:37:03 2003
Date: Tue Jul 29 2003 - 21:27:54 EDT
An IE exploit is alleged at http://www.spywareinfo.com/articles/htasploit/ "that allows
trojans and other malicious software to be introduced onto a machine via Internet
Explorer despite security settings."
I won't bother repeating all the details here, but wonder: If the exploit presumes that a malicious ActiveX control runs on the system and executes MSHTA.EXE from the Windows folder, what is the point of the HTA stuff? Once you get a malicious ActiveX control on the system anything's possible. Am I wrong?
Larry Seltzer
Editor
Ziff Davis Security SuperSite
http://security.ziffdavis.com/
larryseltzer@ziffdavis.com
Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products.
Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms
Received on Wed Jul 30 11:37:03 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:34 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |