MetaFilter posts tagged with ie and security

Microsoft update disables user:password in URLs

johnnydark — Wed, 04 Feb 2004 12:55:16 -0800

With its latest security update Microsoft has disabled the ability to pass username:password pairs in URLs. If you usually use this format for connecting to your site via either FTP or HTTP, it will no longer work after you install this update.

Nasty new IE hole

dejah420 — Tue, 09 Dec 2003 14:28:08 -0800

A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com. Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)

judith — Fri, 11 Oct 2002 15:02:50 -0800

While MS-bashing is often too easy, this statement about recent security holes seemed especially astounding: "Outlook Express ships with every Windows system, or rather as part of IE, so it's on every system. But unless it is configured to receive mail, you are not at risk," said Scott Culp, manager for Microsoft security response. Interesting. Unless it is configured to receive mail, like, you know, an email program.

mathowie — Fri, 12 Jul 2002 01:16:45 -0800

Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.

crankydoodle — Fri, 14 Dec 2001 14:45:28 -0800

"MS releases mother of all IE security patches" Per the article: Microsoft has released a cumulative patch for Internet Explorer which the firm says is a "critical" security precaution against crackers which should be applied "immediately". Time to update/upgrade boys and girls. :)

silusGROK — Tue, 03 Apr 2001 09:22:27 -0800

MSIE leaves the door wide open on your Windows OS... I can't believe that the myriad "security holes" are coincidental... maybe we should call them back doors. I mean, really... who do they think they're kidding? We all know who really wants surreptitious access to our systems. [via Glish]

ericost — Thu, 11 May 2000 11:31:16 -0800

Any server can read all your IE cookies. From any domain. Anyone. I was just explaing to my folks that the reason cookies are (generally) safe is that this was NOT possible. Well, it's possible now.

ericost — Wed, 19 Apr 2000 09:39:44 -0800

You know their server isn't particularly secure; well neither is their browser.