Posted on 11/09/2001 10:40:49 AM PST by toupsie
IE security hole leads to cookie jar
By Stefanie Olsen
Staff Writer, CNET News.com
November 9, 2001, 11:05 a.m. PT
http://news.cnet.com/news/0-1005-200-7828689.html?tag=prntfr
Microsoft has warned that versions of Internet Explorer can expose consumers' personal data contained within cookies.
The vulnerability exists within IE 5.5 and 6.0, but earlier browser editions "may or may not be affected," according to a security bulletin posted to Microsoft's Web site Thursday. The security flaw allows an outsider to break into cookies--tiny electronic files used by Web sites to file account information or personalize pages--through a specially crafted Web page or e-mail. A person could then steal or alter data from Web accounts, including credit card numbers, usernames and passwords.
"A malicious Web site with a malformed URL could read the contents of a user's cookie, which might contain personal information," according to the Redmond, Wash.-based company. "In addition, it is possible to alter the contents of the cookie. This URL could be hosted on a Web page or contained in an HTML e-mail."
The vulnerability comes only a week after security flaws were found in Microsoft's Passport authentication system, causing the software maker to remove the service from the Internet. The privacy breach in the Passport service, which keeps track of data used by e-commerce sites, potentially exposed the financial data of thousands of consumers, undermining the company's recent efforts to convince people that it is serious about security.
Privacy and security expert Richard Smith verified the IE security flaw by writing a tiny bit of JavaScript to hijack information contained in a cookie.
"I couldn't believe how easy it is," Smith said. "The danger here is that once you get somebody's cookie information for a particular Web site, you can get access to that account, whether it's private financial information or travel records."
Microsoft, which labeled the security problem "high" risk, said it is working on a patch. Meanwhile, the company is urging IE users to disable active scripting in the their browser settings. In addition, consumers using Outlook Express should set their preferences within the mail program to allow only "Restricted Sites" to load, according to the company.
To disable active scripting in IE, open the Tools menu in the browser, followed by Internet Options and then the tab for Security. Next, open the Custom Level option; in the Settings box, scroll down to the Scripting section. Click Disable under "Active scripting" and "Scripting of Java applets." Click OK, and then click OK again.
Mac OS X is fantastic for programmers. You have a full Unix underneath the UI, and Apple's developer tools are free; they come with the OS X retail package and you can download them from the web. The Cocoa API is the best I've seen on any system. Apple is definitely encouraging third party developers much more than they have in the past.
Well, that is a change! Thanks, guess I'll have to read up on it and look into maybe purchasing. One can never have too many computers, can one?
Outside of REALbasic, Cocoa is the fastest development system I have used. I am moving over a lot of the systems I wrote for Tru64 (I am a closet DEC Alpha fan) over to Mac OS X because of Cocoa. Easy as pie!
Get real. Ever heard of netscape? Linux?
The consumer version of Mac OS X does not come with any virus protection software.
It does come with the same firewall that is intalled with any freeBSD distribution.
It is not set up by default and must be configured via the command line or a third party utility.
The firewall is not strictly an Apple product though (no monopoly there).
I do believe that Microsoft should be as free as Apple or any other company to legally engage in business
the way they see fit.
Apple would do fine along side an unrestrained Microsoft.
My company, almost 18 years old now, uses Macs because we get more work work done in a day than we could with PCs. And that is for me, the end of the story.
Thanks
I searched Wired for that, but couldn't find it. PLEASE tell me you have a link to it. Thanks.
Not stupid just comforted by the notion that Mac OS X has had rock solid Internet security and virus protection since the start something Windows could never claim. So far in its existence (3 years in the case of Mac OS X Server), Mac OS X & Mac OS X Server have not had one remote root exploit, worm or a virus reported. The only root exploits were resolved within in 24 hours via Apple's Automatic Software Update system. Those root exploits all required access to the machine with a valid login. Now compare that to the last three years of Microsoft Windows remote exploits, worms and viruses. All combined, I feel the number would be ~50,000 for Windows.
Even when Apple does screw up (Yes, they are human), they make sure the problem is resolved ASAP. Their last screw up was a faulty installer that on a rare occasion would erase a partition in Mac OS X. Apple yanked the installer within 24 hours, put out a new one and offered to reimburse the users for any data recovery software or data recovery service they needed to get back the data. Microsoft has to be kicked in the pants to get anything fixed in a timely manner.
No operating system is perfect. But I would rather not have spend tons of money and waste a lot of time to protect the OS on my computer. Running Mac OS X, I spend my time using the computer on the things I want to do and my money on great USB & Firewire products. I just need to ask Santa Claus for an iPod for Christmas. That is one sweet Firewire MP3 player.
Where I work the Linux servers were all infected with some kind of worm. The brass decided to replace them with Windows servers
Details, please.
I have serious doubts about this story. And, if the "brass" thinks switching to Windows will reduce the security problems they have, they're in for a rude surprise!
Yes the root core of Mac OS X, Darwin, has been around for 3 years as an Apple product. Actually the underpinnings of Mac OS X come from NeXT which has been around since the early 90s. NeXT is the OS developed by Steve Jobs after he left Apple in the 80s.
A dying platform? That is why most major computer publications are giving Mac OS X the thumbs up over Windows XP. Speaking of XP, how lame can Microsoft get? Talk about an absolute flop! I would rather have the rock solid core of UNIX under my GUI than the hacked together garbage that Windows provides.
You can run virtually all micro$haft programs on linux by going through wine or vmware. Or any other programs designed for W32. The only exceptions would be programs that make certain os specific system calls (namely, the one not included in wine or vmware) or programs specifically designed to make those calls to thwart linux. Office 2000, office xp, photoshop, maya, etc. will run fine under linux but it'll take more than 20 minutes to set them up.
Is this one of the magical Mac's that falls off the back of the truck? The cheapest Mac on Apple's website is $799 for the IMac
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.