Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [OSS] IE7 Loses to Firefox on Security, Again?

Strange spoofing technique evades anti-phishing filters

,----[ Quote ]
| Hall said he's used Norton and AdAware to scan his machine and
| neither program has turned up any malware. He doubts his DNS has
| been hijacked because the problem only occurs when he uses IE. He 
| can log in just fine using Firefox.
| 
| [...]
| 
| Based on our description, Roger Thompson, who tracks web exploits
| for Exploit Prevention Labs, guesses those experiencing this attack 
| have inadvertently installed an html injector. That means the
| victims' browsers are, in fact, visiting the PayPal website or
| other intended URL, but that a dll file that attaches itself to
| IE is managing to read and modify the html while in transit.
`----

http://www.theregister.co.uk/2007/05/25/strange_spoofing_technique/


Recent:

Secunia: Firefox more likely to be fully patched

,----[ Quote ]
| Firefox users have something new to brag about. Security vendor
| Secunia reports that users of the open-source browser are more 
| likely to have installed the latest security updates than Web
| surfers running Internet Explorer or Opera.
`----

http://www.linuxworld.com.au/index.php?id=948896741&rid=-50


Related:

Microsoft probes possible IE 7 phishing hole

,----[ Quote ]
| The vulnerability relates to the message IE displays when Web page
| loading is aborted, Raff wrote. An attacker can rig the message by
| creating a malicious link. The message will offer a link to retry
| loading the page; hitting it brings up the attacker's page, but
| showing an arbitrary Web address, he wrote.
`----

http://news.zdnet.com/2100-1009_22-6167410.html


Attack code out for 'critical' Windows flaw

,----[ Quote ]
| All recent versions of Windows are vulnerable when all recent
| versions of IE, including IE 7, are in use, according to Microsoft.
`----

http://news.zdnet.com/2100-1009_22-6150642.html


Microsoft Releases First IE7 Update 

,----[ Quote ]
| When visiting certain web pages, the Phishing Filter may increase
| CPU usage while evaluating the page contents and the system may
| become slow to respond.
`----

http://www.msfn.org/comments.php?shownews=19020


Information disclosure bug blights IE7 release

,----[ Quote ]
| The flaw stems from error in the handling of redirections
| for URLs with the "mhtml:" URI handler. Security
| notification firm Secunia reports that the same bug
| was discovered six months ago in IE6 but remains unresolved.
`----

http://www.theregister.co.uk/2006/10/19/ie7_first_bug/


Way Too ActiveX

,----[ Quote ]
| Today, over at Symantec's Security Response Weblog, Greg Ahmad
| reveals startling--and I do mean shocking--increases in ActiveX
| vulnerabilities. According to Symantec, ActiveX vulnerabilities
| stayed in the 12- to- 15-a-year range from 2002 to 2005. For
| 2006, the number of vulnerabilities "reached 50," with 42 in
| the second half of the year--coincidentally, the same time
| period Microsoft finished up and released Internet Explorer 7.
`----

http://www.microsoft-watch.com/content/security/way_too_activex.html?kc=MWRSS02129TX1K0000535
http://tinyurl.com/33cfno


Wake up and smell the IE7!

,----[ Quote ]
| The results of our study suggest that around 12.7 million websites are
| in need of a little TLC because of IE7. Maybe even more.
`----

http://www.thinkvitamin.com/features/design/wake-up-and-smell-the-ie7


IE7 'critical update' causes headaches for managed desktop environments

,----[ Quote ]
| As many organisations may not feel compelled to turn off automatic
| updates, they should be prepared to face this is issue when Internet
| Explorer 7 is downloaded and installed automatically.
`----

http://www.theregister.co.uk/2006/11/12/ie7_critical_update_managed_desktops/


IE 7 bugs abound

,----[ Quote ]
| "But browser testers may already be at risk, according to security 
| researcher Tom Ferris. Late Tuesday, Ferris released details of a potential 
| security flaw in IE 7. An attacker could exploit the flaw by crafting a 
| special Web page that could be used to crash the browser or gain complete 
| control of a vulnerable system, Ferris said in an advisory on his Web site. 
| Microsoft had no immediate comment on Ferris' alert."
`----

http://news.com.com/2100-1002_3-6034054.html?part=rss&tag=6034054&subj=news


CLARION CALL: IE 7 Not Ready For Prime Time

,----[ Quote ]
| Either leave your dog at home, or make sure it's trained better
| before inviting it into my house to make a mess on my carpet.
`----

http://saunderslog.com/2006/10/18/clarion-call-ie-7-not-ready-for-prime-time/


IE7 Released As High-Priority Update

,----[ Quote ]
| "Looks like FF2 is already outnumbering FF 1.5, while IE7 is having a
| hard time to find followers. Will today's release as a
| high-priority, force-fed update fix this issue?"
`----

http://it.slashdot.org/article.pl?sid=06/11/02/1424203&from=rss


Attackers end-run around IE security

,----[ Quote ]
| The vulnerability underscores that the improvements in security in the
| latest version of Microsoft's browser, Internet Explorer 7, do not
| eliminate the threats of older components of Windows, said Gunter
| Ollmann, director of IBM Internet Security Systems' X-Force
| vulnerability research team.
| 
| [...]
| 
| Online criminals frequently use flaws in ActiveX to install malicious
| code on victims' PCs via their browsers. One tool - known as WebAttacker
| and sold from a Russian website for about $20 - has had great success
| in compromising the security of victims' computers.
`----

http://www.theregister.co.uk/2006/11/08/ie_security_analysis/


IE7 users: beware! Microsoft telling their staff not to touch it...

,----[ Quote ]
| My mum's friend, who's been working for Microsoft for quite a while,
| just told my mum that Microsoft have started telling their employees
| not to use IE7 as it crashes a lot.
`----

http://forums.tauonline.org/index.php?topic=36928.0


IE7's anti-phising scheme worries small business owners

,----[ Quote ]
| ...small business owners and corporations are worried that users
| will leave their sites feeling unsafe, as they are not eligable
| to smaller businesses.
`----

http://www.daniweb.com/blogs/entry1163.html


Is Internet Explorer 7 Explorer Too Locked Down for You?

,----[ Quote ]
| A store owner in a bad neighborhood must balance safety against
| commerce. Too many locks and bars will keep away customers with
| the crooks. Based on Microsoft Watch reader feedback, Internet
| Explorer 7 sacrifices too much usability in the interest of safety.
| 
| [...]
| 
| Many Microsoft Watch readers complain of incompatibilities with
| Web sites, Web services or desktop software. Back in December, I
| wrote about one company's new satellite office devastated by an
| IE 7 upgrade, which knocked out access to CRM and e-mail software.
`----

http://www.microsoft-watch.com/content/web_services_browser/how_you_see_internet_explorer_7.html
http://tinyurl.com/2opg76


IE7 breaks Outlook Printing

,----[ Quote ]
| Beware, be very aware. Upgrading to Internet Explorer 7 can break
| the printing of email headers from Outlook. 
`----

http://blogs.ittoolbox.com/linux/locutus/archives/ie7-breaks-outlook-printing-14819

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index