Remind me why people still use IE
The Register: IE 6 SP1 omits fixes for 20 outstanding flaws:
Because of the way frames (and iframes) are handled by IE version 5.5 and above, attackers are able to get to all sorts of mischief with minimal effort, including:
- Read local files from the victim’s hard drive, using a default local resource (ironically dubbed “PrivacyPolicy”) that contains frames in IE
- Execute arbitrary programs on the victim’s computer, using the woefully misnamed “PrivacyPolicy” resource
- Read a victim’s cookie and content from any remote site that contains a frame, which can lead to session-stealing and account compromise on sites containing frames—such as Hotmail
- Forge the content of any site that contains a frame. For example, the attacker could show the user a fake login screen at hotmail.com and log the results to a database
Luckily, an upgrade is available which provides immunity to all of the above vulnerabilities (sorry, I just couldn’t resist that particular dig ;) ).
More recent articles
- Understanding GPT tokenizers - 8th June 2023
- Weeknotes: Parquet in Datasette Lite, various talks, more LLM hacking - 4th June 2023
- It's infuriatingly hard to understand how closed models train on their input - 4th June 2023
- ChatGPT should include inline tips - 30th May 2023
- Lawyer cites fake cases invented by ChatGPT, judge is not amused - 27th May 2023
- llm, ttok and strip-tags - CLI tools for working with ChatGPT and other LLMs - 18th May 2023
- Delimiters won't save you from prompt injection - 11th May 2023
- Weeknotes: sqlite-utils 3.31, download-esm, Python in a sandbox - 10th May 2023
- Leaked Google document: "We Have No Moat, And Neither Does OpenAI" - 4th May 2023
- Midjourney 5.1 - 4th May 2023