IE hole exposes your private data

This article
from
Cnet is one of many around reporting the your cookies in IE are open for all to see. Check out peacefire.org for a demonstration.


Even though the majority of the LISNews viewers use Netscape (librarians love Netscape?), this security hole is still good to know.Microsoft noted that the hole doesn\'t let an attacker \"inventory\" the visitor\'s cookies, but only targets specific ones from certain sites. The company also said that a victim would have to visit a malicious Web site.

Still, Microsoft acknowledged that the hole leaves room for plenty of trouble.

\"The vulnerability could allow a malicious Web site to read, change or delete cookies that belong to another Web site,\" Microsoft said in a statement. \"We expect to deliver the patch shortly. A security bulletin will be published...to discuss the issue and advise customers how to obtain and apply the patch.\"

The hole lends credence to the fears of privacy advocates, who say the technology and business of collecting Web surfers\' private information--such as when and where they surf and which books and other items they purchase--is prone to abuse and mishap.

Syndicate content