• Latest
  • All
  • How To
Microsoft sharepoint

Microsoft SharePoint and LinkedIn data at risk from Framesniffing Attacks

March 16, 2012
Android Canary release channel

Google Launches Android Canary Release Channel for Developers

July 11, 2025
Japan Internet Speed

Japan Records World’s Fastest Internet Speed at 1.02 petabits Per Second

July 11, 2025
Bitchat

Jack Dorsey Launches Bitchat, a Bluetooth-Only Messaging App

July 10, 2025
YouTube AI slop is getting demonetized

YouTube Declares War on Low-Effort AI Videos via Demonetization

July 10, 2025
DHgate Tablet Cases deals
Why Can'y You Register a Safaricom SIM Card After 7 PM

Why You Cannot Register a Safaricom SIM Card After 7 PM

July 10, 2025
Former Safaricom Chief Enterprise Business Officer, Cynthia Karuri-Kropac

Frankline Okata Takes Over as Cynthia Karuri-Kropac Exits Safaricom PLC

July 10, 2025
AI

OpenAI and Perplexity Launch Browsers to Rival Google Chrome

July 10, 2025
Vivo-Y29-4G

Vivo Y29 Launches in Kenya at KES 23,999

July 10, 2025
galaxy z fold7-galaxy z flip7-samsung

Samsung Unveils Galaxy Z Fold7 and Z Flip7 with Bigger Screens

July 10, 2025
GTA VI

Rockstar May Be Testing 96-Player Servers for GTA 6

July 10, 2025
Former X CEO, Linda Yaccarino

Linda Yaccarino Steps Down as CEO of X After Two Years

July 9, 2025
Apple-WWDC25-iOS-26

iPhone Users Are Not Too Happy With the iOS 26 Liquid Glass Design

July 9, 2025
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
No Result
View All Result

Microsoft SharePoint and LinkedIn data at risk from Framesniffing Attacks

Martin Gicheru by Martin Gicheru
March 16, 2012
in News
Reading Time: 2 mins read
261
2
Microsoft sharepoint

Microsoft sharepointContext Information Security has highlighted a weakness in Internet Explorer, Chrome and Safari web browsers that enables remote attackers to steal sensitive information held on private Microsoft SharePoint sites, as well as mine data from other public websites such as LinkedIn. In these Framesniffing Attacks, a hidden HTML frame is used to load a target website inside the attacker’s malicious webpage to read information about the content and structure of the framed pages. The attack bypasses browser security restrictions that are meant to prevent webpages directly reading the contents of third-party sites loaded in frames.

 

“Using Framesniffing, it’s possible for a malicious webpage to run search queries for potentially sensitive terms on a SharePoint server and determine how many results are found for each query,” said Paul Stone, senior security consultant at Context. “For example, with a given company name it is possible to establish who their customers or partners are; and once this information has been found, the attacker can go on to perform increasingly complex searches and uncover valuable commercial information.”

 

Context researchers tested SharePoint 2007 and 2010 and found that by default, they do not send the X-Frame-Options header that instructs web browsers to disallow framing. This leaves these applications open to both Framesniffing and Clickjacking. As a result, any website that knows the URL of the SharePoint installation can load it in a frame and carry out these attacks, even if it is only accessible on an Intranet.

 

Following the discovery of this vulnerability, Context contacted Microsoft and was told: “We have concluded our investigation and determined that this is by-design in current versions of SharePoint. We are working to set the X-Frame options in the next version of SharePoint.”

 

Framesniffing can also be used to harvest confidential data from public websites, such as LinkedIn that don’t protect against framing. An attacker using a malicious website could build a profile of visiting users by piecing together small pieces of information leaked from different websites. For example, the product IDs of previously bought items from a shopping site could be combined with a person’s user ID from a social networking site.

 

Context’s blog published today at their blog, includes a video that shows an attacker extracting sensitive information from a fictional corporate SharePoint installation. In the blog, Context also provides five simple steps to protect a website from this attack by adding the X-Frame-Options header. While Mozilla updated its Firefox web browser last year to prevent Framesniffing, the latest versions of Internet Explorer, Chrome and Safari are still vulnerable.

 

Fortunately, protecting a website from this attack is a simple matter of adding the X-Frame-Options header and in its blog, Context provides step-by-step instructions on how to do this. “Users of the Firefox browser are already protected against this attack,” said Stone. “We encourage other browser vendors to apply similar protection to their browsers but in the meantime, the onus is on individual websites to add framing protection via X-Frame-Options.”

Tags: Cybercrime
SendShare146Tweet92
Martin Gicheru

Martin Gicheru

Martin is the Managing Editor at Techweez, passionate about personal tech and telling stories of consumer experiences. Talk to me: [email protected]

Related Posts

tackling Bank Fraud, Sextortion, and Ransomware in Kenya

Kenya Facing Rise in Cyberthreats from Bank Fraud, Sextortion, and Ransomware

July 1, 2025
Kenya cyber threats 2025

Kenya Detects Over 2.5 Billion Cyber Threats in Three Months

June 30, 2025
Telegram

Telegram Shuts Down $35 Billion Crypto Black Markets

May 17, 2025
EFCC Hunts Four Kenyan Nationals in Connection with CBEX Fraud

Nigeria Issues Arrest Warrants for Four Kenyans in CBEX Crypto Fraud

May 6, 2025
KICTANet Cybersecurity Memo

KICTANet Pushes for Changes to Kenya’s Draft Cybersecurity Strategy

April 26, 2025
Titus Wekesa Sifuna

Kenyan Man Behind “I Must Go” X Account Arrested on Cybercrime Charges

April 24, 2025

Latest

Android Canary release channel

Google Launches Android Canary Release Channel for Developers

July 11, 2025
Japan Internet Speed

Japan Records World’s Fastest Internet Speed at 1.02 petabits Per Second

July 11, 2025
Bitchat

Jack Dorsey Launches Bitchat, a Bluetooth-Only Messaging App

July 10, 2025
YouTube AI slop is getting demonetized

YouTube Declares War on Low-Effort AI Videos via Demonetization

July 10, 2025
Why Can'y You Register a Safaricom SIM Card After 7 PM

Why You Cannot Register a Safaricom SIM Card After 7 PM

July 10, 2025
Former Safaricom Chief Enterprise Business Officer, Cynthia Karuri-Kropac

Frankline Okata Takes Over as Cynthia Karuri-Kropac Exits Safaricom PLC

July 10, 2025

Best devices

budget smartwatches 2025

Best Budget Smartwatches To Buy in Kenya 2025

February 13, 2025

Best Infinix Smartphones To Buy in Kenya 2024

February 13, 2025

Best Laptops for Battery Life in 2024

August 21, 2024

Best “Battery Warrior” Smartphones To Buy in 2024

August 22, 2024

Google Launches Android Canary Release Channel for Developers

July 11, 2025

Japan Records World’s Fastest Internet Speed at 1.02 petabits Per Second

July 11, 2025

Techweez is a fast growing influential source of technology news, reviews and analysis by leading tech geeks in the industry.

Follow Us

Editorials

Abductions and Arrests! Kenyan Government’s Fear and Hate of X Users Makes No Sense

Actors and Film Crews Are Worried About Veo 3 Taking Their Jobs

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

Trump’s Tariffs Will Be the End of Affordable Tech

5 Ways to Prep Your Tech for Resale

The Weaponization of PDFs: How Cybercriminals Are Exploiting a Trusted Format

More News

OpenAI and Perplexity Launch Browsers to Rival Google Chrome

Vivo Y29 Launches in Kenya at KES 23,999

Samsung Unveils Galaxy Z Fold7 and Z Flip7 with Bigger Screens

Rockstar May Be Testing 96-Player Servers for GTA 6

Linda Yaccarino Steps Down as CEO of X After Two Years

iPhone Users Are Not Too Happy With the iOS 26 Liquid Glass Design

  • Terms Of Use
  • Techweez Brand
  • Privacy & Policy
  • Contact Us

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!

Hey there! Just a heads-up: we're big fans of cookies - both the digital and edible kind! 🍪 We use our cookies and some from third parties to ensure your browsing experience on our site is smooth sailing and secure.

 

But wait, there's more! We also use cookies to gather stats and insights on how you navigate our site. It's like getting a behind-the-scenes peek at your digital adventures!

 

Don't worry, you're in control. You can adjust your cookie settings anytime to suit your preferences. Feeling curious? Dive into our Privacy Policy for all the juicy details. Happy browsing! 🚀

Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
No Result
View All Result
  • News
  • Reviews
  • Features
  • Editorial
  • Automotive
  • Entertainment

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.