From: Dave Howe (David.Howe@ansgroup.co.uk)
Date: Thu Feb 07 2008 - 18:34:05 EST
jason_jones98@hotmail.com wrote:
> Log into your bank, open another tab within the window i.e. google.
> Close the banking tab, hit Alt-X and the 'logged-in' banking window
> re-opens. I have also attempted this on other applications and the
> majority work. Can someone advise if M$ have provided us with a great
> MITM plug-in tool?
Not really. The same effect can be seen if you hit Ctrl-H for a history
list, and open the stored page link in the "current" tab. It depends on
either a hash token being in the URL, or a session cookie still being
current in the cookie-jar as you have not close the browser.
so, yet more evidence for why you should log out and close your browser
properly after using internet banking and not mix-and-match tabs, but
other than that, nothing spectacular.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT