Cool Mac Gear
• iPod Video
• iPod nano
• iPod 1G-2G
• iPod 3G
• iPod 4G
• iPod Mini
• PowerBook-iBook
• Garageband
|
|
By Applelinks Senior Editor John H. Farr
There's something very disturbing about the latest chapter in the unending story of how inviting most Microsoft apps are for those who would do digital harm. According to ComputerWorld, the "long-ignored" Internet Explorer vulnerability is allowing malicious hackers to install software on PCs through hacked Web sites and instant messaging programs. What's even worse, though, is Microsoft's apparent inability to get its act together and issue a workable patch.
Here's how the hole works:
The security hole, known as the "Object Data vulnerability," is in software code used by IE to process HTML pages containing an element called the Object Data tag. When properly exploited, the vulnerability enables an attacker to place a malicious computer program on a user's machine. No user actions are required to infect a machine, aside from opening an e-mail message or visiting a Web page rigged by an attacker.
Yes, Microsoft issued a patch on August 20. But the patch did not fix IE Versions 5.01, 5.5 or 6.0. 19 days later, on September 8, Microsoft finally acknowledged that the patch was incomplete and promised a solution. Well, guess what? As of this writing, nothing has been done. That's right, three weeks later and no amended patch. In the interim, a password-stealing virus that spreads via the AIM network has been released, among other exploits.
Quoting security expert Richard Smith, the article concludes:
In the meantime, hackers will continue to take advantage of the Object Data vulnerability, which is easy to exploit and powerful [our emphasis], he said. "The sky's the limit of what you can do with [the Object Data vulnerability]," Smith said. "This exploit is going to be used for years."
|
|
Page: 1 - 2 - 3 - 4 - 5