Again?! A recently discovered flaw in Internet Explorer could allow criminals to collect passwords and banking information. Microsoft is warning Windows users to be aware of the problem, with a manual work-around available, but there is no downloadable software fix available yet.
Users of Windows versions from XP to Windows 7 are at risk, Microsoft says.
Chester Wisniewski, of Sophos security software, noted on the company’s blog that there is “proof of concept code in the wild and it seems to be only a matter of time before we see criminals trying to exploit this flaw”.
If you are unsure of what to do, the best thing may be to switch to another Web browser for now, such as Firefox or Chrome. Then again … are there still that many who uses IE nowadays?
Dozens of websites have been secretly harvesting lists of places that their users previously visited online, everything from news articles to bank sites to pornography, a team of computer scientists found. Although security experts have known for nearly a decade that such snooping is possible, the latest findings offer some of the first public evidence of sites exploiting the problem. Current versions of the Firefox and Internet Explorer browsers still allow this, as do older versions of Chrome and Safari, the researchers said.
The information is valuable for con artists to learn more about their targets and send them personalized attacks. It also allows e-commerce companies to adjust ads or prices — for instance, if the site knows you’ve just come from a competitor that is offering a lower price.
Although passwords aren’t at risk, in harvesting a detailed list of where you’ve been online, sites can create thorough profiles on its users.
The technique the University of California, San Diego researchers investigated is called “history sniffing” and is a result of the way browsers interact with websites and record where they’ve been. A few lines of programming code are all a site needs to pull it off.
The latest versions of Google Inc.’s Chrome and Apple Inc.’s Safari have automatic protections for this kind of snooping, researchers said. Mozilla Corp. said the next version of Firefox will have the same feature, adding that a workaround exists for some older versions as well.
Microsoft Corp. noted that Internet Explorer users can enable a private browsing mode that prevents the browser from logging the user’s history, which prevents this kind of spying. But private browsing also strips away important benefits of the browser knowing its own history, such as displaying Google links you’ve visited in different colors than those you have not.