« LinuxLookup Reviews VMware Workstation 3.0 | Main | NYC Commercial Real Estate in a State of Flux »

Four Year Old Security Issue Reportedly Reappears in IE 5.5 and 6.0

Newsbytes reports that security experts have discovered that Microsoft Internet Explorer fails to implement a security standard created in 1997. The standard, referred to as the "same-origin policy" requires that JavaScript code executing in the context of one Web site should not be able to access the properties of another. When this policy is not implemented "... a grab-bag of techniques {are available to attackers} for stealing other users' browser cookies, reading some files on their hard disks, and 'spoofing' the content of legitimate sites".


According to a SecurityFocus report on the flaw, "This violation of the 'same-origin policy' is a severe security vulnerability. There are many ways that an attacker could exploit this vulnerability."

Posted by Dave Aiello on January 8, 2002 7:55 AM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About CTDATA

CTDATA Venutures (CTDATA) develops Internet and Intranet applications for corporations and non profit organizations. Our services include:

  • Consulting services for Movable Type and TypePad-based publishing systems (visit our Weblog Improvement website for more information),
  • Financial services business process consulting,
  • Content management system and knowledge management system consulting,
  • Apache web server engineering and hosting,
  • MySQL, Sybase, and Microsoft SQL Server architecture and development,
  • SOAP, REST, and XML-RPC system architecture and programming, including Amazon Web Services and
  • Weblog publishing.
For more information, contact Dave Aiello by email at dave [at] daveaiello.com or call him at +1-267-352-4420.

CTDATA Services

Categories

Archives

Subscribe to this blog's feed
[What is this?]
Copyright © 1995-2010, CTDATA Ventures. All Rights Reserved.
Powered by
Movable Type 4.25