December 17, 2004

Secunia reports new IE vulnerability

by brian_turner

Secunia reports a new cross-site scripting vulnerability in Internet Explorer, that even people who downloaded the Windows XP Service Pack 2 update will be vulnerable to.

Using a live example, Secunia suggest that this could be very easily exploited in phishing, allowing phishers not simply to create spoofed websites URLs, but also fake SSL signatures and hijack cookies.

This comes as something of an embarrassment for microsoft, who had lauded the SP2 update as a major security milestone for the company.

In related news, Microsoft’s recent acquisition of Giant – an anti-spyware vendor – means that Microsoft will now be able to offer spyware checks for its customers. However, according to the report at Security Focus, Microsoft may charge extra for new security software:

Microsoft’s tool, expected to be available within 30 days, initially will be free but the company isn’t ruling out charging for future versions. “We’re going to be working through the issue of pricing and licensing,” said Mike Nash, vice president of Microsoft’s security business unit. “We’ll come up with a plan and roll that out.”

Story link: Secunia reports new IE vulnerability

Add to Bookmarks:

 

 

 

• Recent Posts

  • Windows 7 SP1 just a minor update
  • Commodore 64 is reborn
  • Small businesses at greatest risk from cyber crime
  • 26% of UK youngsters have tried hacking
  • Whitevector maps social media for marketing and brand management

• Most read today

  • Forum admins warned on new wave of spam
  • How Google destroyed $1 billion of United Airlines
  • Hurricane on Wall St: Lehman bust; Merrill bought
  • How to combat spam on vbulletin forums
  • Basic install and optimisation of a vbulletin forum