security horrors

Trillian, IE, and Firefox all turn out to be vulnerable to nasty attacks which will take some months to fix. I was particularly horrified by the fact that the authors have encoded an entire Google page into an URL — it doesn’t lead there: it just causes Firefox to generate a picture of the page. Also, the Trillian exploit does work. Click on the URL and pwnd.bat really does get written to your system.

Urgh.

UPDATE: Rafe Coburn explains how this works.

This entry was posted in Net stories. Bookmark the permalink.