On The Insider: Shaheen Jafargholi Proud of What He Did
BNET Business Network:
BNET
TechRepublic
ZDNet
66 TalkBacks

By Marguerite Reardon
Posted on ZDNet News: Jun 30, 2004 5:04:00 PM

A security flaw that had been fixed in older versions of Microsoft Internet Explorer has reappeared in the latest version of the browser software.

Security company Secunia issued a bulletin warning of the flaw in versions 5.01, 5.5 and 6.0 of Internet Explorer (IE). The problem had been fixed six years ago, when it appeared in versions 3.0 and 4.0 of the IE browser.

"It's a concern that a company like Microsoft has a problem that's already been fixed in older versions resurface in newer ones," said Thomas Kristensen, chief technology officer of Secunia.

Microsoft has been plagued by a recent spate of IE vulnerabilities. The latest attack was reported Tuesday. Through a flaw in IE, victims can pick up a program through a pop-up ad that is used to read keystrokes and steal passwords when people visit any of nearly 50 banking sites.

Vulnerabilities in IE have become so common that some security researchers are recommending that people adopt alternate browsers. The U.S. Computer Emergency Response Team, the official U.S. body responsible for defending against online threats, also advised security administrators to consider moving to a non-Microsoft browser among six possible responses.

According to the latest bulletin, the vulnerability affects people who have multiple IE browsers open. Through one of the open browsers, hackers can change the content of another Web site without users ever knowing that it has been altered.

Using this attack method, hackers could insert links into legitimate Web pages and direct people to malicious sites where they could solicit personal information such as bank account or credit card information. Because the link comes from a legitimate and trusted site, victims may not realize they have been redirected to a harmful site. Hackers could also insert links that would trick users into downloading malicious software.

"It's a major problem when people can't trust what they are seeing in their browser," Kristensen said.

Another flaw discovered last week turns some Web sites into points of digital infection. The vulnerability was nipped in the bud on Friday, when Internet engineers shut down a server in Russia that had been the source of the malicious code.

Another flaw, discovered earlier this month, installed a toolbar on victims' computers that triggered pop-ups.

CNET News.com's Robert Lemos contributed to this report.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 66 Talkback(s)
(NT)This is getting ridiculous  toadlife | 06/30/04
Re: This is getting ridiculous  issthatso | 06/30/04
But predictable  IT_User | 06/30/04
What do you mean "getting"?  Chad_z | 06/30/04
what I mean  toadlife | 06/30/04
It is pathetic  Suicida| | 07/01/04
An msi would be nice  toadlife | 07/01/04
I agree  tholmes28 | 07/02/04
You have to understand that Microsoft wants to kill the browser.  DonnieBoy | 06/30/04
"The best platform to run Mozilla"  toadlife | 06/30/04
Good catch  escoles@... | 07/01/04
No its not.  computer_man | 06/30/04
Well ...  Suicida| | 07/01/04
Dump IE  seadog59 | 06/30/04
You are making a mistake...  Mike Cox | 06/30/04
I need assistance...  dharding | 06/30/04
9.8 - Just awesome (nt of course)  bgoss@... | 06/30/04
Take it one step at a time, after IE, next is MS Office.  DonnieBoy | 06/30/04
That maybe not that easy.  computer_man | 06/30/04
Yep  Suicida| | 07/01/04
Time for that ultimate unified Linux desktop  FilledOut | 06/30/04
Tried SUSE 9.1?  JoeMama_z | 06/30/04
Totally Agree  nikoli | 06/30/04
Well i will disagree on that.  computer_man | 06/30/04
we will definatly have to disagree....  JoeMama_z | 06/30/04
I agree with disagreeing  Suicida| | 07/01/04
Just calm down....  Mike Cox | 06/30/04
7.3  Yagotta B. Kidding | 06/30/04
9.4  Mike Rotch | 06/30/04
Agreed  Taz_z | 06/30/04
Balance, Grasshopper  Yagotta B. Kidding | 06/30/04
4.8  kray_z | 06/30/04
9.7  Yen_z | 06/30/04
Firewalls don't stop BHO's Mike...  BitTwiddler | 06/30/04
actually....  JoeMama_z | 06/30/04
10.0 My Kids love you Mike and my ex-wife wants to have your baby (NT)  Squawkbox | 06/30/04
kudos to Mike  shallow_diver | 06/30/04
rare form *golf clap* (NT)  ryusen | 06/30/04
[koff! koff!] Water! [Koff!] Too dry...  escoles@... | 07/01/04
Microsoft haunted by old mentatlity flaws  michael-t | 06/30/04
But remember...  hal9000mx | 06/30/04
No insentive to change or fix  DarthRidiculous | 06/30/04
Evidently it's NOT a concern of MICROSUCKS !!!  realitycheck101 | 06/30/04
No doubt...  Martin Marvinski | 06/30/04
Who is Mircosucks???  Enterprise Analyst | 06/30/04
MSFT users please note soap on floor  Chad_z | 06/30/04
Like a lapsing alcoholic  Expatriate US Geek | 06/30/04
Wonder if Microsoft  pj-xmesh | 06/30/04
Yep, some of those installations issues  FilledOut | 06/30/04
Internet Myth?  Craigtin | 06/30/04
Not CERT, but ISC  randomletter | 06/30/04
Here is the quote:  B.O.F.H. | 06/30/04
Here's the CERT page...  Yen_z | 06/30/04
And this is the problem when you do NOT have choice  DonnieBoy | 06/30/04
There Are Plenty Of Choices  nikoli | 06/30/04
I would say for corporatoins it is a really big deal.  DonnieBoy | 06/30/04
The idiotic DoJ said bolting IE to Windows was in the consumer's interest ?  Plain Logic | 06/30/04
Works for me  Enterprise Analyst | 06/30/04
I'm sure it does.  Cardinal_Bill | 06/30/04
NOTE: ALL BROWSER AFFECTED BY THIS FLAW!  boomslang_z | 07/01/04
Yes, but IE is still the most likly vector  escoles@... | 07/01/04
Theoretically  Immanuel Tranz-Mischen | 07/01/04
This is part of Microsoft's......  Rick_K | 07/01/04
Even Slate recommends changing to Firefox/Mozilla. . .  boomslang_z | 07/09/04
free sample gay vidoes, free sample gay xxxvideos, free sample gore xxx vid  dfjd89fs9d8j | 05/08/09
xxx ring cheerleader teen dick free, porn indonesian selebrities dick  dfjd89fs9d8j | 05/08/09

What do you think?

CIO Sessions

advertisement
Click Here