Nasty Data-Stealing Bug Haunts Internet Explorer 8 151
Trailrunner7 writes "There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way IE8 handles CSS. The vulnerability can be exploited through an attack scenario known as cross-domain theft, and researcher Chris Evans originally brought the problem to light in a blog post in December. At the time, all of the major browsers were vulnerable to the attack, but since then, Firefox, Chrome, Safari and Opera all have implemented a simple defense mechanism. The upshot of this is that if a victim has visited a given Web site, authenticated himself to the site, and then visits a site controlled by an attacker, the attacker would have the ability to hijack the user's session and extract supposedly confidential data. This attack works on the latest, fully patched release of IE8."
What? (Score:5, Funny)
People still use MSIE?
Bummer (Score:3, Funny)
I just upgraded to IE 8 yesterday to verify a support issue.
Re:Let me the first to say..... (Score:5, Funny)
Steve Hawking goes into a little more depth in his new book and Greene actually says String theory supports it too.
We're on our way to a Unified Theory all thanks to IE and Microsoft.
Re:What? (Score:5, Funny)
People using IE don't even get that much!
Re:What? (Score:4, Funny)
Re:IE and Microsoft (Score:4, Funny)
If it is broke (Score:1, Funny)
why fix it?
Re:IE and Microsoft (Score:5, Funny)
I'm surprised one executive hasn't gotten so fed up and fired the "IE team" or replaced them with monkeys.
Do you have any proof that they haven't been replaced by monkeys?
Re:IE and Microsoft (Score:4, Funny)
Re:IE and Microsoft (Score:5, Funny)
Has Microsoft put out any Shakespeare yet? Then there's your proof.
I dunno, I consider MSIE to be the of the great tragedies of my lifetime....
Re:Times change (Score:2, Funny)
I guess I had the magic version of XP, where all you had to do was check "automatically download and install updates" in the Windows Update control panel.
think about it ... (Score:2, Funny)
God's ten commandments aren't adhered to ... well at least a major subset of them. How can you expect the rest of the population to listen to administrators when they suggest "don't use IE"?
Re:in the wild (Score:3, Funny)
Yes there is sites out there where the company behind them send out software that infect your computer and causes it to become open for anyone to take over.
Some of them even pretend to do useful things for you like pretending to be a way to secure your computer from nasty attacks.
For one nasty example check out this site:
http://www.microsoft.com/ [microsoft.com]
Re:IE and Microsoft (Score:2, Funny)
That's only proof that it's not an infinite amount of monkeys...or that they haven't been given typewriters and are struggling with all of Word's delightful little habits.
Re:Ie9 ? (Score:2, Funny)
Isn't that all of them?
Re:IE and Microsoft (Score:1, Funny)
tg bn op nml ot ebb ttat si the qwerty qqqqqqqqqqqqqqq
Word is autocorrecting, please wait......
To be or not to bee that is teh question qqq :-( qqq