Another IE security flaw this one could lead to data theft



I saw this earlier this afternoon at betanews.com there seems to be a flaw in the way Internet Explorer deals with css that could put your data at risk. According to this article it is a risk combined with Google Desktop. This can be “fixed” by disabling scripting or using Firefox as your primary browser. Currently Microsoft says it is “investigating the problem”…


The securityfix has coverage this afternoon.

Microsoft said in a statement that it was investigating the problem, saying the exploit detailed by Gillon “could potentially allow an attacker to access content in a separate website if that website is in a specific configuration.” The company said it was not aware of any “active attacks or of customer impact,” and said it may issue a security advisory on the matter or provide an update through its monthly patch release process to fix the problem.

It doesn’t sound as though it’s a flaw with Google Desktop in spite of the fact that is the means through which this was discovered.

Israeli hacker Matan Gillon says he’s discovered that an unpatched security hole in IE could allow a Web site to see files on the visitor’s computer that store data about the user’s relationship with other Web sites.

In a detailed analysis published on his Web site, Gillon demonstrates how the hack could be leveraged to steal data on the victim’s machine indexed by Google Desktop Search, a free program that allows users to quickly find a variety of files on their computers. The problem is not with Google’s software, which contains several built-in security measures to ensure that data cached by its software cannot be read by anyone other than the user.

Full details can be found at the resaearchers site.

The Microsoft security advisory is available here.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft Update day for September.... AND Flash... AND Apple Yesterday, of course, Microsoft released it's monthly patches. I found the Windows update site to be painfully slow (and in some cases unresponsive.) It wasn't quite a huge update day by recent standards, but here's the summary.... Incidents.org has a nice chart showing the two re-released patches (one is actually......
  • Vista UAP (User Account Protection) - too much? First let me tell you I have not seen first hand Microsoft's Vista UAP (User Account Protection) I cannot then claim firsthand experience with it, the following is and will be based on what I have read plus how it relates and compares to linux and "run as" functionality. George......
  • Google Desktop 2 Slow morning computer news-wise. The only thing that's really caught my eye is the release by Google of Google Desktop v. 2 In addition to it's desktop search capabilities it adds rss in a sidebar (news, gmail info, etc.) as well as several other features (Improved outlook filtering). It is......
Blog Traffic Exchange Related Websites
  • An Overview Of What Mozy Has To Offer For business owners (and even homeowners) these days, it is important to make use of tools that provide backup services for their digital files. And such a need is what mozy was specifically developed for. Such a program offers great file backup and file storage solutions for both business as......
  • Free Financial Management Software When it comes to your getting out of debt, having the right software can actually make a real world of difference. Some people tend to manage their efforts at debt reduction with something that is as simple and as straight forward as a computer spreadsheet while other people tend toward......
  • Google Search Advertising Method Will Be Your Crucial To Much More Visitors And Profits People on the web want to developed a great sem method. If you would like make money internet then you simply must know something about Search engine optimization. It's really bizarre that when people today learn what they really want to try and do for getting rated on the internet......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site