Nasty Data-Stealing Bug Haunts Internet Explorer 8
Trailrunner7 writes "There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way IE8 handles CSS. The vulnerability can be exploited through an attack scenario known as cross-domain theft, and researcher Chris Evans originally brought the problem to light in a blog post in December. At the time, all of the major browsers were vulnerable to the attack, but since then, Firefox, Chrome, Safari and Opera all have implemented a simple defense mechanism. The upshot of this is that if a victim has visited a given Web site, authenticated himself to the site, and then visits a site controlled by an attacker, the attacker would have the ability to hijack the user's session and extract supposedly confidential data. This attack works on the latest, fully patched release of IE8."
Don't let the W3Schools stats confuse you. Those are for a small subset of the comparatively small American market, and thus aren't indicative of the global trends.
Just keep fiddling while Rome burns, Nero.
#DeleteChrome
if you're using internet explorer, you deserve every bug you get. If you're in one of those companies that mandates IE or something, company data theft is their fault and their loss. If you're reading slashdot, chances are you know that entering your personal data on one of those computers is probably a bad idea because besides internet explorer, they also more than likely have company monitoring software installed.
"People don't want to learn linux" hasn't been a valid excuse since '03.
Browsers have always supported standards that aren't finished, at least since I started using them in the early 90s; heck, many of the standards themselves co-opted features that browsers had implemented themselves.
Oh, I agree with you completely. But you can't *blame* them for it.
The complaint sums to: "they didn't go as much above and beyond as other browsers have."
Comment of the year
Data theft is easy to detect, just look for missing data. These sound like data spying/eavesdropping attacks, that is, where the attacker is able to monitor all your data without your knowledge. Nowadays it seems that "theft" has come to mean "something I don't like".