Another IE security flaw this one could lead to data theft



I saw this earlier this afternoon at betanews.com there seems to be a flaw in the way Internet Explorer deals with css that could put your data at risk. According to this article it is a risk combined with Google Desktop. This can be “fixed” by disabling scripting or using Firefox as your primary browser. Currently Microsoft says it is “investigating the problem”…


The securityfix has coverage this afternoon.

Microsoft said in a statement that it was investigating the problem, saying the exploit detailed by Gillon “could potentially allow an attacker to access content in a separate website if that website is in a specific configuration.” The company said it was not aware of any “active attacks or of customer impact,” and said it may issue a security advisory on the matter or provide an update through its monthly patch release process to fix the problem.

It doesn’t sound as though it’s a flaw with Google Desktop in spite of the fact that is the means through which this was discovered.

Israeli hacker Matan Gillon says he’s discovered that an unpatched security hole in IE could allow a Web site to see files on the visitor’s computer that store data about the user’s relationship with other Web sites.

In a detailed analysis published on his Web site, Gillon demonstrates how the hack could be leveraged to steal data on the victim’s machine indexed by Google Desktop Search, a free program that allows users to quickly find a variety of files on their computers. The problem is not with Google’s software, which contains several built-in security measures to ensure that data cached by its software cannot be read by anyone other than the user.

Full details can be found at the resaearchers site.

The Microsoft security advisory is available here.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
  • How to Remove Eco Antivirus 2010 | Eco Antivirus 2010 Removal Guide Eco Antivirus 2010 is a slight twist (renaming) of the recent Eco Antivirus rogue that has made the rounds. These rogues pretend to be antivirus, or antispyware software, but in reality are not much more than a scam trying to squeeze money out of unsuspecting computer users. These rogue applications......
  • Microsoft June Patch Cycle heads up It's about that time again folks.... Monthly Microsoft patch cycle - June patches will be released on the 13th (next Tuesday) and it looks like a big batch. There should be 12 patches this time and at least one of the Windows updates is Critical and at least one of......
Blog Traffic Exchange Related Websites
  • A Convenient Tool For Searching The Internet As fantastic as Internet search engines could be, it still has imperfections. It gives out too much knowledge that we really are not that interested in. Why should we go through all the troubles of looking into all the pages of results by Google? Our usual techniques on using the......
  • Windows 7 Sales Spike to Overtake Mac OS X [/caption]Proving there is no accounting for taste Microsoft’s latest attempt at a decent operating system, Windows 7, is now running on 5% of the computers online.  The daily average of online users as measured by Internet metrics company Net Applications showed that an increase last week put Windows 7 above......
  • What Is A Cloud Virtual Server Solution And How Will It Work? In recent years, cloud computing has seen more and more use. It offers new options for storing files and using the web and serves the base for many a social networking site. Internet use and communication have become much easier with the use of a cloud virtual server. The name......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site