| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
IE Flaw Leaves Users Open to Data Theft | |
|
||
| Time: 00:01 EST/05:01 GMT | News Source: eWeek | Posted By: Robert Stein | ||
|
There is a severe flaw in Microsoft Corp.'s ubiquitous Internet Explorer browser that could enable a malicious Web site operator to hijack user sessions and steal their credit card numbers and other sensitive data. The flaw lies in the way that IE verifies the validity of digital certificates issued to Web sites that offer SSL (Secure Socket Layer)-enabled connections. Such certificates are typically issued and signed by CAs (certificate authorities) such as VeriSign Inc. and list the URL of the Web site to which they are issued. When a user connects via the SSL protocol to a Web site, the user's browser will check the certificate to ensure that the domain listed on it matches the ones to which the browser is connected. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 316 Last | Next |
The time now is
8:35:59 AM
ET.
Any comment problems? E-mail us |
| #1 By 6253 (12.237.219.240) at 8/13/2002 10:50:32 AM |
|
These stories are always exaggerated.
"...anyone with a valid CA-signed certificate for any domain can generate a valid CA-signed certificate for any other domain..." I just tried it, and it didn't work. Obviously, there's a specific procedure required, some little bit of knowledge that isn't being included in the announcement. Oh, and I'm sure that a motivated hacker can spend the time to find the missing information to exploit this hole, but it's not as ridiculously simple as the stories make it sound. It's always ANYONE can do ANYTHING to ANYBODY at ANYTIME from ANYWHERE blah blah blah. In other words, there is absolutely nothing stopping the entire web (of which > 90% uses IE) from collapsing in a few hours. Here we go again with Y2K. Start stocking up on bottled water and ammunition.... |
| #2 By 931 (24.98.84.138) at 8/14/2002 3:48:16 AM |
| It's a threat and it's quite doable.. It's not however all that serious as people are making it out to be. Yes it should be fixed, yes it should be soon or included in the next round of patches, but it's not the end of the world. It's also not that easy to actually exploit.. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 316 Last | Next |
The time now is
8:35:59 AM
ET.
Any comment problems? E-mail us |
