IE security hole leads to cookie jar (Get A Mac!)

Microsoft has warned that versions of Internet Explorer can expose consumers' personal data contained within cookies.

The vulnerability exists within IE 5.5 and 6.0, but earlier browser editions "may or may not be affected," according to a security bulletin posted to Microsoft's Web site Thursday. The security flaw allows an outsider to break into cookies--tiny electronic files used by Web sites to file account information or personalize pages--through a specially crafted Web page or e-mail. A person could then steal or alter data from Web accounts, including credit card numbers, usernames and passwords.

"A malicious Web site with a malformed URL could read the contents of a user's cookie, which might contain personal information," according to the Redmond, Wash.-based company. "In addition, it is possible to alter the contents of the cookie. This URL could be hosted on a Web page or contained in an HTML e-mail."

The vulnerability comes only a week after security flaws were found in Microsoft's Passport authentication system, causing the software maker to remove the service from the Internet. The privacy breach in the Passport service, which keeps track of data used by e-commerce sites, potentially exposed the financial data of thousands of consumers, undermining the company's recent efforts to convince people that it is serious about security.

Privacy and security expert Richard Smith verified the IE security flaw by writing a tiny bit of JavaScript to hijack information contained in a cookie.

"I couldn't believe how easy it is," Smith said. "The danger here is that once you get somebody's cookie information for a particular Web site, you can get access to that account, whether it's private financial information or travel records."

Microsoft, which labeled the security problem "high" risk, said it is working on a patch. Meanwhile, the company is urging IE users to disable active scripting in the their browser settings. In addition, consumers using Outlook Express should set their preferences within the mail program to allow only "Restricted Sites" to load, according to the company.

To disable active scripting in IE, open the Tools menu in the browser, followed by Internet Options and then the tab for Security. Next, open the Custom Level option; in the Settings box, scroll down to the Scripting section. Click Disable under "Active scripting" and "Scripting of Java applets." Click OK, and then click OK again.

Yes the root core of Mac OS X, Darwin, has been around for 3 years as an Apple product. Actually the underpinnings of Mac OS X come from NeXT which has been around since the early 90s. NeXT is the OS developed by Steve Jobs after he left Apple in the 80s.

Just answer the question: Has OSX -- the complete operating system -- been shipping for 3 years? And note: I don't point at OLE and say that "Gee, OLE has been available for 10 years ... so Windows XP has been around at least that long." LOL.

A dying platform? That is why most major computer publications are giving Mac OS X the thumbs up over Windows XP.

Quantify "most major computer publications" (I want details). If you mean "Mac publications", I'm not surprised.

Speaking of XP, how lame can Microsoft get? Talk about an absolute flop!

It was released less than a couple weeks ago, you pencil neck geek. And in the space of that time, consider this: more copies of XP have sold on PCs shipped by Dell, Gateway, Compaq, and HP than will ever be sold by Apple for an entire year.

I would rather have the rock solid core of UNIX under my GUI than the hacked together garbage that Windows provides.

Yeah, that's a laugh. The Mac OS was so "bulletproof" that Apple decided to completely ditch it in favor of code written by somebody else -- anybody but Apple engineers. And you're proud of the fact that Apple needed to borrow an operating system?!?

Yes those companies do provide software to combat MICROSOFT OFFICE viruses due to the shoddy macro system that MICROSOFT introduced into our system with their Office package.

Could you please tell the audience who wrote "AppleScript"?

http://securityresponse.symantec.com/avcenter/vinfodb.html

Mac.Simpsons@mm is an AppleScript worm that targets the Macintosh platform. It may open Microsoft Outlook Express or Entourage, and send a copy of itself with the original message to everyone in your address book.

http://www.apple.com/applescript/ -- "Most Macintosh users don't realize there is a powerful hidden interface to their computers - a way to control and automate much of what we do every day; a way to save time and money; indeed, a way to have your computer do your work for you."

"It's called AppleScript, an easy-to-use, approachable, English-like language that controls nearly everything your computer can do."

(Including hose your machine with macro viruses)

"If you're not using AppleScript, you're just working too hard. Give yourself a break... click the Beginner's Tutorial link below and learn AppleScript today!"

(Yes, you, too, can join the rest of the script kiddies and write macro viruses for OSX today!)

Yes. I've run Windows in VMWare before, at my last job, where I needed the MS SQL doodad for manual queries, since we were using MS SQL. Thankfully, we're using Interbase at my new job, so I don't have to run Windows at all.

But, if you gotta run Windows, doing so within VMWare, under Linux, is a great way to do it. It seems more stable that way. The only things that don't work in the VMWare environment are some games that use certain DirectX procedures. Windows Media Player works, though, much to my surprise!

ROFL. The comment you were replying to, though, is absolutely precious. He/she is expecting us to believe that someone actually sought to cure a security problem by migrating TO Windows. Absurd.

Then again, there are some awfully stupid people in this world.

The Mac is the Betamax of PCs.

The Intel/Microsoft system is the VHS.

"Quantity has a quality all its own."

The Mac culture is more of a cult, getting smaller all the time, and essentially without a future.

--Boris

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.