A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com. Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)
posted by dejah420 on Dec 9, 2003 - 29 comments

While MS-bashing is often too easy, this statement about recent security holes seemed especially astounding: "Outlook Express ships with every Windows system, or rather as part of IE, so it's on every system. But unless it is configured to receive mail, you are not at risk," said Scott Culp, manager for Microsoft security response. Interesting. Unless it is configured to receive mail, like, you know, an email program.
posted by judith on Oct 11, 2002 - 30 comments

Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.
posted by mathowie on Jul 12, 2002 - 6 comments

Suprise. Another gaping hole in Internet Explorer. This one's pretty alarming. Mozilla, anyone?
posted by dr_emory on Apr 17, 2002 - 48 comments

"MS releases mother of all IE security patches" Per the article: Microsoft has released a cumulative patch for Internet Explorer which the firm says is a "critical" security precaution against crackers which should be applied "immediately". Time to update/upgrade boys and girls. :)
posted by crankydoodle on Dec 14, 2001 - 11 comments

Any server can read all your IE cookies. From any domain. Anyone. I was just explaing to my folks that the reason cookies are (generally) safe is that this was NOT possible. Well, it's possible now.
posted by ericost on May 11, 2000 - 32 comments

You know their server isn't particularly secure; well neither is their browser.
posted by ericost on Apr 19, 2000 - 2 comments