WASHINGTON, DC.  There are alot of different ways to trick browsers into letting hackers do things that they should not be allowed to do. Some of them have to do with URIs.

 In a presentation at Black Hat, security researchers Nathan McFeters and Rob Carter argued that URI exploitation is an area that is still ripe for further analysis and exploitation.

 URI's allow browsers to load applications and protocols for example http:// for web and ftp:// for FTP. Other common URI's are AIM:// for instant messaging and firefoxurl:// for loading a Firefox browser.

 McFeters noted that every URI registered on your system can be interacted with by a browser. Application developers commonly create URI hooks into their apps. Sometimes those URI hooks can be used by an attacker to do 'bad' things.

One such application with a URI hook is Google's Picassa photo application. That's where the T-bAG (trust based applet attack) comes in. The attack involves a user clicking on a Picassa URI (Picassa://) that causes a button to be loaded inside of a user's Picassa application. In a nutshell, when the button is clicked the users images can be stolen by the attacker.

Carter and McFeters were quick to note that Google has now mostly fixed the URI issue by doing additional URI bound and validation checks.

McFeters also demonstrated what he called 'Stupid IM Tricks' where by taking advantage of IM URIs he could trigger a message to be sent from a victim's machine.

Scary stuff actually that looks dead easy to do, in my opinion.

Overall McFeters sees URIs as a target rich environments that affect Windows, Linux and Mac. To make matters even worse McFeters argued that in many cases there is no need for the URI (which could lead to an exploit) to exist in the first place.

"I don't think there is a real reason why we need protocol handlers most aren't really useful," McFeters said.