Internet Explorer exceeds all expectations.
7am, 25th August 2006 - Geek, Microsoft, SecurityLet me be the first to congratulate the IE team on their remarkable achievement in releasing their most obvious security vulnerability yet.
According to the Secunia Advisory, the vulnerability happens during the parsing of a URL while using HTTP 1.1 and compression.
Honestly, a URL. Who would have thought that a URL could be controlled by malicious people and therefore would be a danger that needed bounds checking ? Oh yes, did I forget to mention that the exploit was a buffer overflow that results in arbitrary code being executed on the target machine and, if the code is right, system access ?
Now I know what they say about people who live in glass houses, and that my website isn't all that secure and that security flaws could be found that would lead to XSS attacks or possibly SQL injection (although I have been fairly careful about the SQL injection side of things) but in my defense, I don't get paid for this and there's only one of me. There are hundreds of guys who make IE and they get paid well for it. It should be better, and it isn't. Of course, you can always get Firefox. If you use the advert underneath the navigation I may even get paid for you choosing a more secure browser !
Some quick links to the relevant Secunia pages containing the security records of other browsers...
Firefox
Internet Explorer
Safari
Opera
Related posts:
So many servers, all hacked.Galumph went the little green frog one day.
Swedish security researcher exposes plaintext passwords found while sniffing Tor
How to recover your data after a crash
Security implications of data recovery
Older blog posts:
- 27th Jan, 2009: The Middle Name Guesser
- 15th Jan, 2008: The air powered car
- 30th Oct, 2007: MoneySavingExpert under DDoS attack
- 14th Oct, 2007: Little Bobby Tables
- 13th Oct, 2007: So many servers, all hacked.
- 23rd Sep, 2007: Security implications of data recovery
- 17th Sep, 2007: How to recover your data after a crash
- 16th Sep, 2007: Burning water not so hot after all
- 12th Sep, 2007: Swedish security researcher exposes plaintext passwords found while sniffing Tor
- 27th Aug, 2007: The smoking ban
- 31st Jul, 2007: Eating and watering and generally relaxing
- 29th Jul, 2007: Apocalypse tomorrow
- 2nd Jul, 2007: In search of an English summer
- 30th Jun, 2007: iPhone and Security: Spreading the FUD.
- 9th Jun, 2007: Galumph went the little green frog one day.
- 26th May, 2007: A tale of duelling GRUBs and boots.
- 2nd May, 2007: Distribution and layers
- 22nd Apr, 2007: Dave's rebuttal of Macrovision's response to Steve Jobs' open letter about DRM in iTunes
- 14th Apr, 2007: Much ado about DRM
- 29th Mar, 2007: It's all relative
- 25th Feb, 2007: Minimum wage: minimum job
- 5th Dec, 2006: They took my shower !
- 21st Nov, 2006: How different must a copy be before it is no longer a copy ?
- 17th Nov, 2006: Clever girl...
- 21st Oct, 2006: The Great Croatian Adventure (Part III - The Good Bits)
- 19th Oct, 2006: The Great Croatian Adventure (Part II - Getting back)
- 6th Oct, 2006: Oooooh, shiny !
- 24th Sep, 2006: The Great Croatian adventure (Part I - Getting there)
- 8th Sep, 2006: AAAarrrgh ! Human pop-ups !
- 1st Sep, 2006: Submit, Reset.
- 25th Aug, 2006: Internet Explorer exceeds all expectations.
- 18th Aug, 2006: Sudoku solving version alpha
- 6th Aug, 2006: I don't know whether to be proud or ashamed.
- 5th Aug, 2006: Time to move on
- 30th Jul, 2006: Another part comes to life.
- 10th Jul, 2006: How may I help you today ?
- 25th Jun, 2006: Clawing my way back on to the web
Comments
Be the first to comment !