Guardian.co.uk is reporting on Microsoft’s humiliating decision to recommend that its customers forgo the use of Microsoft’s own Internet Explorer product. They are instead suggesting that Windows users make use of a more secure browser such as Firefox or Opera until they are able to patch the latest serious vulnerability in IE.
From the article:
The flaw in IE allows criminals to gain control of computers that have visited a website infected with malicious code designed to exploit it. While restricting web surfing to trusted sites should reduce the risk of infection, the malicious code can be injected into any website. Users do not have to click or download anything to become infected, merely visiting an infected website is sufficient.
Read More
With all the hubbub about Clickjacking (gag, buzzwords!), I thought it would be valuable to write a brief article on the topic.
What it is
Details are still being suppressed at this point, but it appears to be an IFRAME manipulation used to effectively cover a normal web link with a trusted site that appears good and proper, with a bad one to an attacker site. That is, in its currently disclosed form. The implication is that it could potentially be a lot nastier, maybe even 100% automated. In any case, this attack could conceivably be used for phishing or host exploitation.
Who it affects
Basically, any modern browser which supports IFRAMEs. This includes any reasonably current versions of IE, Firefox/Mozilla, Safari, Flock, Opera, etc. So, pretty much everybody. It doesn’t include browsers which don’t support IFRAMEs, such as lynx or elinks.
[Read more]
Recent Comments