From: Adam Thompson (adwulf@gmail.com)
Date: Thu Feb 07 2008 - 14:00:36 EST
This happens because you're still logged in to the banking site. If
you don't logoff, the session is still active.
This would work the same with two windows or tabs in ANY browser. How
do you plan to exploit this as MITM?
On 7 Feb 2008 14:34:00 -0000, jason_jones98@hotmail.com
<jason_jones98@hotmail.com> wrote:
> Hi.
>
>
> I have just loaded the ie7 add-on 'open-last-tab', has anyone else had a play with this? From initial results i have found this to be a great 'man-in-the-middle' attack tool.
>
>
> Example on Bank site(no-names):
>
>
> Log into your bank, open another tab within the window i.e. google. Close the banking tab, hit Alt-X and the 'logged-in' banking window re-opens. I have also attempted this on other applications and the majority work. Can someone advise if M$ have provided us with a great MITM plug-in tool?
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
-- AdamT "I've had death threats - well, OK, a petition." - Jack Dee ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT