The Register® — Biting the hand that feeds IT

New IE spy progie exploits DCOM

And MS says it's secure....

See what The Register's experts have to say on application security

A group of Japanese security enthusiasts has developed a little tool called IE'en which exposes traffic between an IE user and any server he's contacting, including logins and passwords over HTTPS.

The group, SecurityFriday, has made the tool available for download here.

To use the tool it's necessary to log in as a current user on a Win-NT or 2K system. Of course if someone can log into your account they already have a great deal of your life in their hands and this is only going to give them a little bit more.

What's interesting here is the ability to capture packets between the client and server by exploiting DCOM (Distributed Component Object Model), a Microsoft program interface allowing the mediation and exchange of program and data objects over a network, similar to CORBA.

According to MS, it "enables software components to communicate directly over a network in a reliable, secure, and efficient manner."

Well, reliable and efficient it may be, but 'secure' is clearly a bit of a stretcher. And as for a workaround, that's easy: make sure you have a strong password for your user account. If you think yours may be weak, or if you've shared it, then reset it. Ten characters involving a combination of lower and upper-case letters, numerals, and special characters will keep you safe from IE'en jockeys. ®

Note: if you're having difficulty downloading the file, you might try this mirror.

See what The Register's experts have to say on application security

Don’t Miss

GoogleGoogle code cloud punts on-demand embarrassment

Fail and You Mountain View's Sarah Palin moment

open source 75Microsoft weighs next-phase in open-source support

Spring, PHP, and Apache sized up

iTunes logoiTunes minus the player: hack your Apple beats

Mac Secrets Dodge the shareware sledgehammer

OracleOracle plans cloud strategy

Exclusive Larry smells money in madness