Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] More security hiccups for IE

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] More security hiccups for IE
Date: Thu, 18 Nov 2004 05:20:47 -0600 (CST) 
http://news.com.com/More+security+hiccups+for+IE/2100-1002_3-5457105.html

By Robert Lemos 
Staff Writer, CNET News.com
November 17, 2004

Microsoft's Internet Explorer has become a turkey shoot for flaw
finders.

This week, three more vulnerabilities were found in version 6 of the
software giant's flagship Web browser, security information provider
Secunia said on Wednesday. That brings the total number of IE
vulnerabilities disclosed in the past two months to 19, including
eight flaws fixed by Microsoft during its October patch cycle.

The latest flaws were found by two different researchers, Secunia
said. Two could be used together to allow malicious content to bypass
an mechanism in Microsoft Windows XP Service Pack 2 that alerts people
about potentially harmful programs, Secunia stated. The third
vulnerability could be used to overwrite the cookies of a trusted site
to hijack a Web session, if the site handles authentication in an
insecure manner, according to that advisory.

The flaws were rated "moderately critical" and "not critical,"  
respectively, by Secunia.

"We have not been made aware of any active attacks against the
reported vulnerabilities or customer impact at this time, but we are
aggressively investigating the public reports," Microsoft said in a
statement sent to CNET News.com.

The company said that customers who needed advice should visit its
software security site and its PC Protect site for home users.  
Microsoft also criticized the researchers for publicizing the flaws
without allowing it to work to solve the problems first.

"Microsoft is concerned that this new report of a vulnerability in
Internet Explorer was not disclosed responsibly, potentially putting
computer users at risk," the company said in the statement. "We
believe the commonly accepted practice of reporting vulnerabilities
directly to a vendor serves everyone's best interests."

Security researchers and hackers, however, are not paying heed to the
software giant's standard chastisement of public disclosure. In the
past two months, flaw finders have publicized critical Internet
Explorer vulnerabilities and a slew of security issues in Service Pack
2, the company's latest update to Windows XP.

Already, viruses have started to use the critical Internet Explorer
flaw to spread.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] More security hiccups for IE, InfoSec News <=
Previous by Date:  [ISN] China boosting cyberwar ability, InfoSec News
Next by Date:  [ISN] Hoosiers don't take cybercrime seriously, InfoSec News
Previous by Thread:  [ISN] China boosting cyberwar ability, InfoSec News
Next by Thread:  [ISN] Hoosiers don't take cybercrime seriously, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]