 | |
| |
| 19 Apr 2010 | #1 |
| | Security gone awry: IE 8 XSS filter exposes sites...... Quote: Security gone awry: IE 8 XSS filter exposes sites to XSS attacks The cross-site scripting filter that ships with Microsoft’s Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat. According to a presentation at this year’s Black Hat Europe conference, the issue introduces security problems at several high-profile websites, including Microsoft’s own Bing.com (screenshot), Google.com, Wikipedia.org, Twitter.com (screenshot) and just about any site that lets IE 8 users create profiles. Microsoft added the anti-XSS feature in IE 8 last August to detect Type-1 (reflection) attacks that can lead to cookie theft, keystroke logging, Web site defacement and credentials theft. However, as the researchers discovered, Microsoft’s filters work by scanning outbound requests for string that may be malicious. Security gone awry: IE 8 XSS filter exposes sites to XSS attacks | Zero Day | ZDNet.com |
My System Specs | |
| 19 Apr 2010 | #2 |
| | That makes even more thankful for Firefox and NoScript. |
| My System Specs |
 |
Security gone awry: IE 8 XSS filter exposes sites...... problems?
| Thread Tools | |
| Similar help and support threads for: Security gone awry: IE 8 XSS filter exposes sites...... | ||||
| Thread | Forum | |||
| Security hole exposes Twitter accounts to hacking | Security News | |||
| Flashback malware exposes big gaps in Apple security response | Security News | |||
| Web Browser Security Testing Sites | Security News | |||
| 80% of fed sites miss DNS Security deadline. | Security News | |||
All times are GMT -5. The time now is 10:03 AM.
