AskMorris Inc. provides the following services; Internet Speeches, SEO Business Tools, web design, system interfaces and competitive web marketing solutions, mainly in Taipei - Taiwan and China
No.1 Free web design tools, SEO speeches, system interfaces & internet marketing in Taipei, Taiwan and China
Site Map | Contact AskMorris
Search AskMorris System Interfaces, Speeches, Free Tools & SEO Business Tools
On Askmorris Speeches Testimonials Business News Marketing Newsletter Free Tools Internet FAQ Change to Chinese
New security flaw in Outlook, IE
on Saturday, February 28, 2004 - 08:46 PM CCT - 1385 Reads
A Danish security researcher warned users of Microsoft's Internet Explorer, Outlook and Outlook Express applications that a recently discovered software flaw could leave their system open to malicious code carried on Web pages or in e-mails.

In an advisory released Wednesday, Thor Larholm, a security researcher and partner at risk-assessment company PivX Solutions, warned that HTML objects embedded in Web pages and e-mails could carry code that allows an attacker to check out victims' cookie files, read their documents, and execute programs on their computer.

The bug, known as a cross-domain scripting flaw, was discovered on June 25, and information about it has been posted on several security lists since then. Larholm also informed Microsoft of the bug the day it was discovered. "Since this is possibly very publicly known...I have decided to release this advisory after only two weeks time," Larholm said in the warning. Microsoft thought Larholm had overstated the seriousness of the flaw. "Thor's advisory doesn't make it clear that there are significant mitigating factors associated with the issue," said a company representative, adding that people who limited their browsing to trusted sites would be safe as would people who had installed one of the software giant's patches for its e-mail clients.

The company chose to lambaste Larholm for disclosing the flaw too quickly. "It's a shame that Thor chose to publicize this issue before the patch could be completed, because by doing so, he's significantly increased the risk to customers," the representative said. The amount of information disclosed about a flaw, and how fast consultants make the disclosure, has been a point of contention between software makers and the bug finders based at security companies.

Recent research suggests, however, that the corporate customers who suffer from software maker's slipups actually want flaws disclosed more quickly. Hackers and security experts frequently find software flaws in Microsoft's Internet Explorer. In June, Microsoft released a patch for an IE flaw that allowed attackers to run code on a victim's computer by exploiting links to an old pre-Web protocol known as Gopher. The month before that, the company released a patch for IE that fixed six different flaws.

To repair the current problem, Larholm recommended that users disable ActiveX in the security settings for Internet Explorer, or run IE and Outlook in "Restricted" mode, at least until Microsoft releases a patch. Microsoft said a patch will be available soon.
Printer friendly page Send this story to a friend
 
Related links
· More about Business News

- - Most read story in - -

 Business News:
·  We are Hiring!!
 
Speeches at AskMorris Inc. - We hear your needs.
Contact a great web & system design company in Taipei / Taiwan | Learn more about AskMorris, the system interface company of choice
Attend useful web speeches and seminars in Taipei, Taiwan and China | Recommend an experienced web solutions and system interface company
Read the AskMorris newsletter, tools for how to be more competitive | Useful Tips and tricks to help you use the internet better and be more global
AskMorris news on emarketing, web design solutions in Taipei / Taiwan | Companies that use AskMorris proven web tools and system interfaces
© Copyright 1996 - 2008, AskMorris Inc. All Rights Reserved. OFFICE: + 886 27946400 FAX: + 886 87918173 - In Taiwan since 2001...