Researchers: Beware the IE Cache on a Public Terminal

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

"If you use Internet Explorer to access Google's Gmail on public terminals, you may be leaving a lot of sensitive information 
exposed in the browser's cache, according to a warning from Web application security specialist Cenzic."

The news article continues:
"However, Microsoft has downplayed the risk, insisting this is "not a product vulnerability."

Cenzic spokesman Mandeep Khera said his company's researchers figured out a way to use CSRF (cross-site request forgery) in 
combination with the improper use of caching directives to hijack Gmail credentials from the IE cache."

More at
http://www.eweek.com/article2/0,1895,2236192,00.asp

I don't see this as a serious issue, because a local access is required.

ComputerWorld article gives more technical information from the author of the issue:
--clip--
"Gmail, Cenzic went on, contributes to the overall vulnerability because its URLs display attachments when viewed using the "View 
Source" command."

Link:
http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=cybercrime_and_hacking&articleId=9053462&taxonomyId=82&intsrc=kc_top

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.