|
« Media Search: Blinkx TV & Yahoo! video |
Main
| Symantec's $13 billion Veritas merger »
December 17, 2004
Secunia reports new IE vulnerability
Secunia reports a new cross-site scripting vulnerability in Internet Explorer, that even people who downloaded the Windows XP Service Pack 2 update will be vulnerable to.
Using a live example, Secunia suggest that this could be very easily exploited in phishing, allowing phishers not simply to create spoofed websites URLs, but also fake SSL signatures and hijack cookies.
This comes as something of an embarrassment for microsoft, who had lauded the SP2 update as a major security milestone for the company.
In related news, Microsoft's recent acquisition of Giant - an anti-spyware vendor - means that Microsoft will now be able to offer spyware checks for its customers. However, according to the report at Security Focus, Microsoft may charge extra for new security software:
Microsoft's tool, expected to be available within 30 days, initially will be free but the company isn't ruling out charging for future versions. "We're going to be working through the issue of pricing and licensing," said Mike Nash, vice president of Microsoft's security business unit. "We'll come up with a plan and roll that out."
Posted by at December 17, 2004 10:08 PM
> Discuss this in the Platinax Business forums
|
