Paul Wilders
February 25th, 2002, 08:08 AM
-{ Quote: "Leading firm in Internet ExplorerÔ and XML technology based software development, Ivy Hungary Ltd. found a critical security fault in Internet ExplorerÔ. The deficiency was discovered during development of a new component for their key product IVYŇ, which would manage data of remote web sites from a central location, allowing the consolidation of data gained from various Internet sources.
Abusing this security loop, hackers and ill-intentioned web site operators can open a gate to the user’s computer or install a worm script on it. Through the gate, the intruder can steal any file from the cracked computer and read the cookies, containing the owner’s personal data, at will, without the victim even detecting it. It is possible to write a worm script that snoops the internet traffic of the attacked machine and redirects sensitive information, including passwords and credit card numbers, to the hacker’s mailbox.
To be susceptible of such an attack, one does not have to download files from the Internet, a simple visit to a corrupted web page suffices. There are only very few completely safe web pages: hackers can smuggle in the harmful code to any web site they have cracked.
Any Internet ExplorerÔ installation is affected, regardless of version or operating system, thus 97 % of the world’s Internet users are in continuous danger. Following the alert of Ivy Hungary Ltd., Microsoft has issued a hotfix. It is strongly recommended for everyone to urgently download this hotfix from the Windows Update site." }-
read the whole story here: http://w3.ivy.hu/
Abusing this security loop, hackers and ill-intentioned web site operators can open a gate to the user’s computer or install a worm script on it. Through the gate, the intruder can steal any file from the cracked computer and read the cookies, containing the owner’s personal data, at will, without the victim even detecting it. It is possible to write a worm script that snoops the internet traffic of the attacked machine and redirects sensitive information, including passwords and credit card numbers, to the hacker’s mailbox.
To be susceptible of such an attack, one does not have to download files from the Internet, a simple visit to a corrupted web page suffices. There are only very few completely safe web pages: hackers can smuggle in the harmful code to any web site they have cracked.
Any Internet ExplorerÔ installation is affected, regardless of version or operating system, thus 97 % of the world’s Internet users are in continuous danger. Following the alert of Ivy Hungary Ltd., Microsoft has issued a hotfix. It is strongly recommended for everyone to urgently download this hotfix from the Windows Update site." }-
read the whole story here: http://w3.ivy.hu/