MetaFilter posts tagged with internetexplorer and internet

Zero-Day

chuckdarwin — Tue, 16 Dec 2008 02:33:52 -0800

BBC: Users of the world's most common web browser (good old IE!) have been advised to switch to a rival until a serious security flaw has been fixed. Microsoft Security Advisory 961051. Microsoft Corp. has tipped off its users of a “huge increase” in hacking attacks exploiting a critical unpatched vulnerability in some versions of its flagship web-browser Internet Explorer (IE), and notified that some of these attacks have originated from hacked porn websites. In addition to IE7, other versions like IE 5 and IE 6 have also been found to be vulnerable to the flaw, which on proper exploitation could enable a hacker to seize complete control over victim’s computer, the company added. The flaw essentially originates from the improper handlings of DHTML data bindings due to a memory corruption error. Though the hackers have been exploiting the vulnerability for more than a week, the company notified an upswing in attacks over the weekend. Researchers Tareq Saade and Ziv Mador in one of their postings on Malware Protection Center blog said, “Based on our stats, since the vulnerability has gone public, roughly 0.2 percent of users worldwide may have been exposed to websites containing exploits of this latest vulnerability”. The researchers purported that the hackers have now changed their methodology of attacks, as instead of using malicious websites for attacks, they are now using compromised legitimate websites to trick the users. Incidentally Trend Micro Inc has estimated that around 6,000 websites have been infected so far to exploit the vulnerability, with the count “quickly increasing in number”.

Internet Explorer 7 announced

j.p. Hung — Tue, 15 Feb 2005 14:38:34 -0800

Internet Explorer 7 announced We've heard about it for a while and it's been discussed here before. Will the new version of I.E. be able to hold its own against open source browsers like Firefox?

Nasty new IE hole

dejah420 — Tue, 09 Dec 2003 14:28:08 -0800

A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com. Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)

WaSP Calls for MS to Fix Standards Bugs in Discontinued IE

setmajer — Fri, 27 Jun 2003 06:03:47 -0800

IE in bug fix mode? Then fix the bugs! As was mentioned here before, MS is discontinuing the free version of IE for Mac, and offering it only as part of the MSN service instead. They also appear to be doing the same with IE for Windows. The Web Standards Project is demanding that they include standards bugs in the list they are going to fix, because MS has always advertised IE as standards-compliant.

hitsman — Tue, 22 Jan 2002 19:05:42 -0800

AOL's Netscape sues Microsoft for damage done to its Netscape Internet browser by violations of antitrust law found in a separate government case against the software giant. "I don't see this case as primarily about money. I see it as primarily about injunctive relief,'' said Steve Salop, a Georgetown University law professor.

endquote — Wed, 12 Jul 2000 09:29:56 -0800

To those who are interested in such things, IE 5.5 is out, with all kinds of new and not that important features, including those great colored scroll bars.

ericost — Thu, 11 May 2000 11:31:16 -0800

Any server can read all your IE cookies. From any domain. Anyone. I was just explaing to my folks that the reason cookies are (generally) safe is that this was NOT possible. Well, it's possible now.

Zeldman — Mon, 10 Apr 2000 06:16:53 -0800

The Web Standards Project blasts Microsoft's "arrogant" break with standards in IE 5.5/Windows Edition. Please read the press release and, if you agree, post it to your favorite mailing lists and news groups. This must not stand.