Open Tech Support
Open Tech Support Archives
Back to HomeCommunityReviewsGuidesDownloadsTech LinksMarketplaceContact Us
 »  SITE NAVIGATION
»  OTS Home
»  OTS Forums
»  OTS Archives

»  About our site
»  Search our site
»  Support our site

»  What is this site?
»  Who are we?
 
 
 »  ADVERTISMENT
 
  Pages: 1

IE Security Hole (again)

 (Click here to view the original thread with full colors/images)

Posted by: Canis Lupus

Tweaker just informed us of this news about yet another flaw in Internet Explorer. Check his post for full details. Thanks Tweaker.

ZDNN had this news today about the IE flaw, which puts credit card info at risk:

The vulnerability exists within IE 5.5 and 6.0, but earlier browser editions "may or may not be affected," according to a security bulletin posted to Microsoft's Web site Thursday. The security flaw allows an outsider to break into cookies--tiny electronic files used by Web sites to file account information or personalize pages--through a specially crafted Web page or e-mail. A person could then steal or alter data from Web accounts, including credit card numbers, usernames and passwords.

Click here for the full news article.


Posted by: Chako

Microsoft security is much like military intelligence.


Posted by: Jess

Quote:
Originally posted by Canis Lupus:
The security flaw allows an outsider to break into cookies. A person could then steal or alter data from Web accounts, including credit card numbers, usernames and passwords.

- Wow, wait just a minute here... If you've an account with fragile information contained there (Such as 'ScotiaBank.com', and the admin/webmaster is storing your info in a cookie then you shouldn't be complaining about IE, because it's the webservice that has the problem....


Cookies are Open Source, they're also encoded as regular ascii text documents (In which you can open, and clearly read with Notepad).. They're simple this way because they're meant for holding small, and otherwise useless information to anything other then the webservice that spawned them.. They're NOT made for holding account/personal information (Passwords, usernames, credit card numbers, etc. etc.)

If the webservice stored your 'fragile' information in an SQL database like it's supposed to, then nobody would have a problem...

Any webpage can call and manipulate cookies that for instance, this board uses. They've always been able to, that's the whole point of cookies. (It's also why you don't make webservices that store info about the person in a freaking cookie, it's just wrong!)



 
Copyright 2000-2008 Open Tech Support. All Rights Reserved. Site Design and Development by Tolitz Rosel.