Internet Explorer Bug Leaks Whatever You Type In the Address Bar

The latest version of Internet Explorer has a bug that leaks the addresses, search terms, or any other text typed into the address bar. The flaw was disclosed Tuesday by security researcher Manual Caballero. Ars Technica reports: The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services. The proof-of-concept makes it transparent that the attacking website is viewing the entered text. The hack, however can easily be modified to make the information theft completely stealthy. A proof-of-concept site shows the exploit in action.

Re: Irrelevancies aside, SW non-freedom is the iss

[Aighearach]

The argument was never, "If you build it, they will all turn their eyes towards it checking for bugs."

The idea is that if you know you have a bug, because you use the software, and there is only the programmer at some company that is even allowed to look at the code, then they might not fix it, and they might not even have time or interest to try. Hard problems are often going to receive (if you're lucky) a work-around unless you're paying extra to get it fixed. The same situation with free software, the worse the problem is the more people are looking at it, and the easier it is to solve.

There was never anything about fixing bugs before you know about them because free software is magic. That part you made up yourself.

OSS security isn't broken, it is powering most of the infrastructure. But that isn't in the news, because "trains ran on time, 700 days uptime" isn't news.