[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Alert -- Hackers can access your cookies



PureBytes Links

Trading Reference Links

On November 8, Microsoft released a security bulletin
warning that cookies in Internet Explorer 5.5 and 6.0 may be
viewed or even changed by malicious hackers. See ...

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-055.asp

( URL is all on one line )


                           ---- SUMMARY -----

Since some Web
sites store personal information in cookies, hackers could
use this vulnerability to obtain sensitive information such
as user names, passwords and credit card numbers.

This attack is limited in scope by the fact that the
attacker must target a specific cookie. 

Although a patch is not yet available, Microsoft has
supplied workarounds:

For Internet Explorer 5.5 and 6.0, disable both 
Active Scripting and Scripting of JAVA applets.
Unfortunately, many web sites require active scripting.

For Outlook 2000:
Applying this Outlook E-mail Security Update
will protect you from HTML e-mails containing this exploit ...

http://office.microsoft.com/downloads/2000/Out2ksec.aspx

Regards,
Mark Jurik