Dave's Mess > Blog

<<< Sudoku solving version alpha Submit, Reset. >>>

Internet Explorer exceeds all expectations.

7am, 25th August 2006 - Geek, Microsoft, Security

Let me be the first to congratulate the IE team on their remarkable achievement in releasing their most obvious security vulnerability yet.

According to the Secunia Advisory, the vulnerability happens during the parsing of a URL while using HTTP 1.1 and compression.

Honestly, a URL. Who would have thought that a URL could be controlled by malicious people and therefore would be a danger that needed bounds checking ? Oh yes, did I forget to mention that the exploit was a buffer overflow that results in arbitrary code being executed on the target machine and, if the code is right, system access ?

Now I know what they say about people who live in glass houses, and that my website isn't all that secure and that security flaws could be found that would lead to XSS attacks or possibly SQL injection (although I have been fairly careful about the SQL injection side of things) but in my defense, I don't get paid for this and there's only one of me. There are hundreds of guys who make IE and they get paid well for it. It should be better, and it isn't. Of course, you can always get Firefox. If you use the advert underneath the navigation I may even get paid for you choosing a more secure browser !

Some quick links to the relevant Secunia pages containing the security records of other browsers...
Firefox
Internet Explorer
Safari
Opera

Related posts:

So many servers, all hacked.
Galumph went the little green frog one day.
Swedish security researcher exposes plaintext passwords found while sniffing Tor
How to recover your data after a crash
Security implications of data recovery

Comments


Be the first to comment !


(not shown publicly)


Limited HTML
Like BBCode
Common Usage
What's all this ?



Older blog posts: