[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RT] Re: Security Alert -- Hackers can access your cookies



PureBytes Links

Trading Reference Links

Yeah, but there isn't any real solution yet.  Disabling active 
scripting, the only recommended MS solution at this time, will cause 
many websites to fail or not work correctly.  So instead, stick to 
well-known sites and avoid those bin laden, etc. joke sites <g>.


--- In realtraders@xxxx, Mark Jurik <mark@xxxx> wrote:
> On November 8, Microsoft released a security bulletin
> warning that cookies in Internet Explorer 5.5 and 6.0 may be
> viewed or even changed by malicious hackers. See ...
> 
> http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS01-055.asp
> 
> ( URL is all on one line )
> 
> 
>                            ---- SUMMARY -----
> 
> Since some Web
> sites store personal information in cookies, hackers could
> use this vulnerability to obtain sensitive information such
> as user names, passwords and credit card numbers.
> 
> This attack is limited in scope by the fact that the
> attacker must target a specific cookie. 
> 
> Although a patch is not yet available, Microsoft has
> supplied workarounds:
> 
> For Internet Explorer 5.5 and 6.0, disable both 
> Active Scripting and Scripting of JAVA applets.
> Unfortunately, many web sites require active scripting.
> 
> For Outlook 2000:
> Applying this Outlook E-mail Security Update
> will protect you from HTML e-mails containing this exploit ...
> 
> http://office.microsoft.com/downloads/2000/Out2ksec.aspx
> 
> Regards,
> Mark Jurik


To unsubscribe from this group, send an email to:
realtraders-unsubscribe@xxxxxxxxxxxxxxx

 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/