|Updated: 11/25/2005; 12:01:46 AM.
|XML and software
XML, web and software in general, with notes on Radio Userland resources
Wednesday, January 28, 2004
New Explorer hole could be devastating: "Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be - including executables. The previous spoofing problem allowed Explorer users to think they were visiting one site when in fact they were visiting somewhere entirely different. The implications are not only troublesome, but Microsoft’s failure to include a fix for the problem in its January patches has led many to believe it cannot be prevented. If the same is true for this spoofing issue, then it will only be a matter of time before someone who thinks they are visiting one website and downloading one file will in fact be visiting somewhere entirely different and downloading whatever that site’s owner decides. ..
We also have reason to believe there is no fix. It may be that today’s flaw is identical to one found nearly three years ago by Georgi Guninski in which double-clicking a link in Explorer led you to believe you were downloading a text file but were in fact downloading a .hta file. Guninski informed Microsoft in April 2001. The fact that the issue has been born afresh suggests rather heavily that the software giant has no way of preventing this from happening. ..
So how bad could it get? Just off the top of our heads - suppose someone set up a fake Hutton Inquiry site today with a link to the report’s summaries - how many people across the UK would download a worm this afternoon? And imagine the computers it would end up on. " 11:15:38 AM
Copyright 2005 © Ken Novak.
Last update: 11/25/2005; 12:01:46 AM.