Quote:
Originally posted by jaguar
No maggie, contrary to popular opinion i'm not as stupid as you think
|
Oh.. is that a popular opinion? :-)
Quote:
Its a well known trick that causes IE/Windows to disply the contents of the drive, it won't work on unix/variants etc, but its afair guess that they are in the minority, even here.
|
Ah...yes...client-side silliness. Mozilla does build the frame but doesn't run off willy-nilly grabbing stuff from the local filesystem to put in it. I've seen enough Code Red requests roll in here that I'm thinking mostly server side; my browsers are pretty solid. But then I'm not running IE.. Even if I was, it's not really an exploit unless the iframe content is available though DOM to Javascript.
Speaking of which, Windows peeps... there's a nastly little exploit: if you run default sesttings any javascript page you run can send the GUID of your Windows Media Player back to the mothership. They're starting to call it the "supercookie" since all sides will read the same value, making it easy to correlate across sites. Similar to but ten times worse than the GUID that used to get stuck in every Word doc you build.
BTW...anybody with a pimp fetish who isn't reading
http://www.sinfest.net should be.