[folkschool-list] Internet Explorer cookie security hole

Mon, 19 Nov 2001 08:24:22 -0800 

Last week, Microsoft announced the discovery of yet another security hole 
in Internet Explorer:

"A vulnerability exists because it is possible to craft a URL that
can allow sites to gain unauthorized access to user's cookies and
potentially modify the values contained in them. Because some
web sites store sensitive information in a user's cookies, it is
also possible that personal information could be exposed."

This seems like a pretty serious problem to me.  If you are using IE 5.5 or 
6, the good news is that Microsoft has posted a patch, at:
         <http://www.microsoft.com/windows/ie/downloads/critical/q312461/default.asp>

However, if you are using IE 5 or 5.01 (the most likely version if you have 
Windows 98), the news is not so good.  According to Patrick Douglas 
Crispen, writing in the Nov. 17 Tourbus newsletter (www.tourbus.com), 
Microsoft is no longer supporting pre- 5.5 versions of IE.  So even though 
version 5, (and version 4) may also have this cookie vulnerability, 
Microsoft will not *ever* be issuing patches for earlier versions of 
Internet Explorer.  (If you don't know what version you are using, open 
Internet Explorer, and click on Help > About Internet Explorer.)

If you're using a pre-5.5 version of IE, your choices are to ignore the 
problem, upgrade to IE 5.5 or 6, or switch to a different browser 
(Netscape, Opera, etc.).  You can download and install an updated version 
of Internet Explorer (I suggest version 6) from Microsoft's Windows Update 
site.  (Click on "Windows Update" on your Start menu, or go to 
<www.windowsupdate.com>).  These are BIG downloads - 30-60 minutes on a 56K 
connection.

For more information, read Patrick's newsletter in the Tourbus archives 
(<http://www.tourbus.com/archives.htm>).  Any questions?  Send them to this 
list.

Jon

Jonathan Falk
Pine Tree Folk School
RR 2, Box 7162
Carmel, ME  04419
(207)848-2433
<http://www.ptfolkschool.org>

         

**Folkschool-list archives are at:
<http://www.mint.net/folkschool/helpnet/archives.htm>
       Sponsored by Pine Tree Folk School

==^================================================================
This email was sent to: [email protected]

EASY UNSUBSCRIBE click here: http://topica.com/u/?a84vzQ.a9gqS3
Or send an email to: [EMAIL PROTECTED]

T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================

Reply via email to