I didn't read the whole article, but got to the point that describes weaknesses in IE (even IE 8 they say) where an attacker on an internal network could present a user with a screen that looks like a login screen, making the user think the machine is locked.
This can be accomplished by uploading crafted html to an internal website for instance. The capabilities exist to also hide the title bar, toolbar, etc to give the full effect.
Now, I certainly haven't tried it, but seems like it could be a sweet hack for an internal pen test.
Carpe boxen!
Squid Dominated the Oceans in the Late Cretaceous
16 hours ago
No comments:
Post a Comment