Friday, October 20, 2006

IE7 Problems Already

It would appear that the new verion IE7 already has a security flaw as written up by Infopackets Windows Newsletter.

According to security gurus from Secunia, the final version of Internet Explorer 7 has been released with an information disclosure flaw. Now this is not a major problem as there definitely are some problems if anyone wanted to prey on this flaw. By reading the writeup at Microsoft Watch you will get an idea of how hard it would be to actual take advantage of the flaw.

The site states: quote

"While it is nearly impossible to exploit this flaw to launch a spoofing or phishing attack, as an attacker would first have to lure an IE user to a fake Web site and know for sure which other secure site might be open in an IE tab in the same browser session, it is strange that Redmond allowed this to slip through."

unquote

The flaw can be tested in your copy of the browser at Secunia Test.

It is worth noting that this same flaw was in the IE6 version of the browser and Microsoft didn't fix it for the new version. One method to fix the flax is to turn off 'active scripting' through Internet Options on the Tools menu. However, by doing that you are not able to use a lot of internet sites as scripting is used in many sites nowadays. I would hope that Microsoft brings out a security update for this problem asap. Especially with all the press the flaw has been getting already.

For now, prudent surfing would be in order. If you are using your banking site, ensure you only have 1 tab open in the current browser session.

No comments: