Slashdot Mirror


Nasty Data-Stealing Bug Haunts Internet Explorer 8

Trailrunner7 writes "There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way IE8 handles CSS. The vulnerability can be exploited through an attack scenario known as cross-domain theft, and researcher Chris Evans originally brought the problem to light in a blog post in December. At the time, all of the major browsers were vulnerable to the attack, but since then, Firefox, Chrome, Safari and Opera all have implemented a simple defense mechanism. The upshot of this is that if a victim has visited a given Web site, authenticated himself to the site, and then visits a site controlled by an attacker, the attacker would have the ability to hijack the user's session and extract supposedly confidential data. This attack works on the latest, fully patched release of IE8."

3 of 151 comments (clear)

  1. Re:Let me the first to say..... by AnonymousClown · · Score: 5, Funny
    Well, now, using Einstein's time dilation equations and multiplying by the number of years that IE has existed, the internet, the speed of the signals around the net, that 15 years from our perspective is actually 30 by IE's perspective.

    Steve Hawking goes into a little more depth in his new book and Greene actually says String theory supports it too.

    We're on our way to a Unified Theory all thanks to IE and Microsoft.

    --
    RIP America

    July 4, 1776 - September 11, 2001

  2. Re:What? by Beelzebud · · Score: 5, Funny

    At least they get told "sorry, I love you, it won't happen again".

    People using IE don't even get that much!

  3. Re:IE and Microsoft by grcumb · · Score: 5, Funny

    Has Microsoft put out any Shakespeare yet? Then there's your proof.

    I dunno, I consider MSIE to be the of the great tragedies of my lifetime....

    --
    Crumb's Corollary: Never bring a knife to a bun fight.