Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

IE security hole leads to cookie jar (Get A Mac!)
c|net ^ | 11/09/01 | Staff Writer, CNET News.com

Posted on 11/09/2001 10:40:49 AM PST by toupsie

IE security hole leads to cookie jar
By Stefanie Olsen
Staff Writer, CNET News.com
November 9, 2001, 11:05 a.m. PT
http://news.cnet.com/news/0-1005-200-7828689.html?tag=prntfr

Microsoft has warned that versions of Internet Explorer can expose consumers' personal data contained within cookies.

The vulnerability exists within IE 5.5 and 6.0, but earlier browser editions "may or may not be affected," according to a security bulletin posted to Microsoft's Web site Thursday. The security flaw allows an outsider to break into cookies--tiny electronic files used by Web sites to file account information or personalize pages--through a specially crafted Web page or e-mail. A person could then steal or alter data from Web accounts, including credit card numbers, usernames and passwords.

"A malicious Web site with a malformed URL could read the contents of a user's cookie, which might contain personal information," according to the Redmond, Wash.-based company. "In addition, it is possible to alter the contents of the cookie. This URL could be hosted on a Web page or contained in an HTML e-mail."

The vulnerability comes only a week after security flaws were found in Microsoft's Passport authentication system, causing the software maker to remove the service from the Internet. The privacy breach in the Passport service, which keeps track of data used by e-commerce sites, potentially exposed the financial data of thousands of consumers, undermining the company's recent efforts to convince people that it is serious about security.

Privacy and security expert Richard Smith verified the IE security flaw by writing a tiny bit of JavaScript to hijack information contained in a cookie.

"I couldn't believe how easy it is," Smith said. "The danger here is that once you get somebody's cookie information for a particular Web site, you can get access to that account, whether it's private financial information or travel records."

Microsoft, which labeled the security problem "high" risk, said it is working on a patch. Meanwhile, the company is urging IE users to disable active scripting in the their browser settings. In addition, consumers using Outlook Express should set their preferences within the mail program to allow only "Restricted Sites" to load, according to the company.

To disable active scripting in IE, open the Tools menu in the browser, followed by Internet Options and then the tab for Security. Next, open the Custom Level option; in the Settings box, scroll down to the Scripting section. Click Disable under "Active scripting" and "Scripting of Java applets." Click OK, and then click OK again.


TOPICS: Front Page News; News/Current Events
KEYWORDS:
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-67 next last
To: fnord
But OS X seems to be something that a programmer could get into. Am I correct ? Or is programming still taboo on Apple systems?

Mac OS X is fantastic for programmers. You have a full Unix underneath the UI, and Apple's developer tools are free; they come with the OS X retail package and you can download them from the web. The Cocoa API is the best I've seen on any system. Apple is definitely encouraging third party developers much more than they have in the past.

41 posted on 11/09/2001 2:53:32 PM PST by ThinkDifferent
[ Post Reply | Private Reply | To 40 | View Replies]

To: toupsie; borg
I just brought up my redhat 7.2 box the other night. just getting into the nuts and bolts of it - I do like KDE.
42 posted on 11/09/2001 3:08:22 PM PST by stainlessbanner
[ Post Reply | Private Reply | To 22 | View Replies]

To: ThinkDifferent
Apple is definitely encouraging third party developers much more than they have in the past.

Well, that is a change! Thanks, guess I'll have to read up on it and look into maybe purchasing. One can never have too many computers, can one?

43 posted on 11/09/2001 3:11:25 PM PST by fnord
[ Post Reply | Private Reply | To 41 | View Replies]

To: ThinkDifferent
The Cocoa API is the best I've seen on any system.

Outside of REALbasic, Cocoa is the fastest development system I have used. I am moving over a lot of the systems I wrote for Tru64 (I am a closet DEC Alpha fan) over to Mac OS X because of Cocoa. Easy as pie!

44 posted on 11/09/2001 4:14:05 PM PST by toupsie
[ Post Reply | Private Reply | To 41 | View Replies]

To: toupsie
No offense, John, but do you even know what you are talking about? I can buy a brand spanking new Macintosh, today, for $499.

Why don't you provide a link so we can do a side-by-side comparison.

As for hackers. Hackers don't care about the OS. They care about taking over computers so they can use them for nefarious purposes. By your logic, hackers would not go after Solaris (Sun) or Tru64 (DEC Alpha) or OS/400 (IBM) but they do.

Nonsense. Hackers generally target a particular platform in order to do the most damage. But the best thing about Mac OS X is you don't have to buy anti-virus software, firewalls, access control software and disk repair utils.

Nothing like having a monopoly on software and hardware -- and keeping competition at a distance. Isn't this what Microsoft was accused of doing?

As a bonus, you are never posting Virus/Worm alerts on Free Republic.

Are you really stupid enough to suggest that the Mac does not have bugs, viruses, and patches? Because I'll slam dunk your ass with bug reports, if you like.
45 posted on 11/09/2001 4:33:43 PM PST by Bush2000
[ Post Reply | Private Reply | To 17 | View Replies]

To: aimhigh
"But, since there isn't any competition.... "

Get real. Ever heard of netscape? Linux?

46 posted on 11/09/2001 4:51:09 PM PST by PatrioticAmerican
[ Post Reply | Private Reply | To 6 | View Replies]

To: Bush2000
Nothing like having a monopoly on software and hardware -- and keeping competition at a distance. Isn't this what Microsoft was accused of doing?

The consumer version of Mac OS X does not come with any virus protection software.

It does come with the same firewall that is intalled with any freeBSD distribution.

It is not set up by default and must be configured via the command line or a third party utility.

The firewall is not strictly an Apple product though (no monopoly there).

I do believe that Microsoft should be as free as Apple or any other company to legally engage in business
the way they see fit.

Apple would do fine along side an unrestrained Microsoft.


BTW, my spell checker continuously tries to replace"freeBSD" with "freebased"
Richard Pryor jokes aside, this really freaks me out.
47 posted on 11/09/2001 5:42:56 PM PST by avg_freeper
[ Post Reply | Private Reply | To 45 | View Replies]

To: toupsie
Good job. I was too tired of this arguement to bother with it, but I am happy to see that you did, and a good job it was.

My company, almost 18 years old now, uses Macs because we get more work work done in a day than we could with PCs. And that is for me, the end of the story.

Thanks

48 posted on 11/09/2001 5:58:22 PM PST by Octar
[ Post Reply | Private Reply | To 17 | View Replies]

To: toupsie
Wired just had a big article on Microsoft Office v. X and how the Windows division couldn't replicate the amazing features from Mac version because Windows XP just "isn't there yet".


I searched Wired for that, but couldn't find it. PLEASE tell me you have a link to it. Thanks.

49 posted on 11/09/2001 8:06:42 PM PST by gratefulwharffratt
[ Post Reply | Private Reply | To 19 | View Replies]

To: Octar
I've used both. I got to come down on the Mac side. My company which has several G4s, G3s, Imacs, still has a MacIIfx -- circa 1990 -- set up. It was in daily use four months ago. We had long since discarded the PCs of that era.
50 posted on 11/09/2001 8:13:48 PM PST by Tribune7
[ Post Reply | Private Reply | To 48 | View Replies]

To: Bush2000
Are you really stupid enough to suggest that the Mac does not have bugs, viruses, and patches? Because I'll slam dunk your ass with bug reports, if you like.

Not stupid just comforted by the notion that Mac OS X has had rock solid Internet security and virus protection since the start something Windows could never claim. So far in its existence (3 years in the case of Mac OS X Server), Mac OS X & Mac OS X Server have not had one remote root exploit, worm or a virus reported. The only root exploits were resolved within in 24 hours via Apple's Automatic Software Update system. Those root exploits all required access to the machine with a valid login. Now compare that to the last three years of Microsoft Windows remote exploits, worms and viruses. All combined, I feel the number would be ~50,000 for Windows.

Even when Apple does screw up (Yes, they are human), they make sure the problem is resolved ASAP. Their last screw up was a faulty installer that on a rare occasion would erase a partition in Mac OS X. Apple yanked the installer within 24 hours, put out a new one and offered to reimburse the users for any data recovery software or data recovery service they needed to get back the data. Microsoft has to be kicked in the pants to get anything fixed in a timely manner.

No operating system is perfect. But I would rather not have spend tons of money and waste a lot of time to protect the OS on my computer. Running Mac OS X, I spend my time using the computer on the things I want to do and my money on great USB & Firewire products. I just need to ask Santa Claus for an iPod for Christmas. That is one sweet Firewire MP3 player.

51 posted on 11/09/2001 9:27:30 PM PST by toupsie
[ Post Reply | Private Reply | To 45 | View Replies]

To: toupsie
So far in its existence (3 years in the case of Mac OS X Server), Mac OS X & Mac OS X Server have not had one remote root exploit, worm or a virus reported.

Mac OSX has been a released product for 3 years?!? Face it: The reason that few exploits, worms, or virii have been reported (obviously, holes do exist, whether you like to admit it or not: all software is porous) is that almost nobody -- including most hackers -- use Mac OSX. It's a dying platform.
52 posted on 11/10/2001 10:48:27 AM PST by Bush2000
[ Post Reply | Private Reply | To 51 | View Replies]

To: toupsie
LOL. Perhaps you should inform McAfee and Norton that they don't need to sell antivirus software for OSX anymore. Steve Jobs has ... eliminated ... the threat. LOL! Thanks for the laughs. You guys so delusional it's almost funny, if it weren't so sad.

http://www.symantec.com/nav/nav_mac/index.html

http://www.mcafeeb2b.com/products/virex/default.asp
53 posted on 11/10/2001 11:15:22 AM PST by Bush2000
[ Post Reply | Private Reply | To 51 | View Replies]

To: Virginia-American
Where I work the Linux servers were all infected with some kind of worm. The brass decided to replace them with Windows servers

Details, please.

I have serious doubts about this story. And, if the "brass" thinks switching to Windows will reduce the security problems they have, they're in for a rude surprise!

54 posted on 11/10/2001 1:59:09 PM PST by Johnny B.
[ Post Reply | Private Reply | To 21 | View Replies]

To: aimhigh
XP riped the guts out of my unit. I lost every thing. :(
55 posted on 11/10/2001 2:03:29 PM PST by Colonel Jim
[ Post Reply | Private Reply | To 6 | View Replies]

To: Bush2000
Yes those companies do provide software to combat MICROSOFT OFFICE viruses due to the shoddy macro system that MICROSOFT introduced into our system with their Office package. None of these viruses attack the Mac OS X operating system but only MICROSOFT OFFICE files. So what we have hear is an attempt by MICROSOFT to sabotage the Mac OS X operating system. Take a gander at the URL you found and you will see that majority, if not all, of the protection is against these macro viruses. But then again, you can go on and look foolish discussing a topic you have no knowledge. I sort of like I am debating Al Gore on fiscal policy. All hype not substance.
56 posted on 11/10/2001 5:02:55 PM PST by toupsie
[ Post Reply | Private Reply | To 53 | View Replies]

To: Bush2000
Mac OSX has been a released product for 3 years?!? Face it: The reason that few exploits, worms, or virii have been reported (obviously, holes do exist, whether you like to admit it or not: all software is porous) is that almost nobody -- including most hackers -- use Mac OSX. It's a dying platform.

Yes the root core of Mac OS X, Darwin, has been around for 3 years as an Apple product. Actually the underpinnings of Mac OS X come from NeXT which has been around since the early 90s. NeXT is the OS developed by Steve Jobs after he left Apple in the 80s.

A dying platform? That is why most major computer publications are giving Mac OS X the thumbs up over Windows XP. Speaking of XP, how lame can Microsoft get? Talk about an absolute flop! I would rather have the rock solid core of UNIX under my GUI than the hacked together garbage that Windows provides.

57 posted on 11/10/2001 5:10:33 PM PST by toupsie
[ Post Reply | Private Reply | To 52 | View Replies]

To: B Knotts
I personally don't use any Microsoft stuff, thankfully. Not that I have the option...since I run Linux on all my machines. :-)

You can run virtually all micro$haft programs on linux by going through wine or vmware. Or any other programs designed for W32. The only exceptions would be programs that make certain os specific system calls (namely, the one not included in wine or vmware) or programs specifically designed to make those calls to thwart linux. Office 2000, office xp, photoshop, maya, etc. will run fine under linux but it'll take more than 20 minutes to set them up.

58 posted on 11/10/2001 5:22:23 PM PST by wooly_mammoth
[ Post Reply | Private Reply | To 11 | View Replies]

To: toupsie
I can buy a brand spanking new Macintosh, today, for $499

Is this one of the magical Mac's that falls off the back of the truck? The cheapest Mac on Apple's website is $799 for the IMac

59 posted on 11/10/2001 5:40:56 PM PST by rightisright
[ Post Reply | Private Reply | To 17 | View Replies]

To: rightisright
Is this one of the magical Mac's that falls off the back of the truck? The cheapest Mac on Apple's website is $799 for the IMac

I've already asked him for proof but apparently he's been ignoring my query.
60 posted on 11/10/2001 10:31:41 PM PST by Bush2000
[ Post Reply | Private Reply | To 59 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-67 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson