<br> IE & MSN expose contact list & other info <br> by spoofing IE security zone using Die Yu Liu % encoding bug (IE 6)<br> this can lead to Privacy Risk<br> <br> MSN Status & hotmail Email Notification exposed by<br>other IE versions<br><br> <a target="mySite" href="http://sec.drorshalev.com/dev/friends/";>MSN Contact demo </a> <br> http://sec.drorshalev.com/dev/friends/ <br> More demos are on <b>http://sec.drorshalev.com</b> <br> <br><b>Feel Free to contact me!</b><br>See my <a href='http://sec.drorshalev.com'>Security WorkShop</a> .<br><br>Dror Shalev<br><a href='mailto:drorshalev@hotmail.com? subject=friends'>drorshalev@hotmail.com</a><br>Are You Safe? <br><a href='http://www.SafeCenter.NET' target=_blank>www.SafeCenter.NET</a><br>
