Remind me why people still use IE
11th September 2002
The Register: IE 6 SP1 omits fixes for 20 outstanding flaws:
Because of the way frames (and iframes) are handled by IE version 5.5 and above, attackers are able to get to all sorts of mischief with minimal effort, including:
- Read local files from the victim’s hard drive, using a default local resource (ironically dubbed “PrivacyPolicy”) that contains frames in IE
- Execute arbitrary programs on the victim’s computer, using the woefully misnamed “PrivacyPolicy” resource
- Read a victim’s cookie and content from any remote site that contains a frame, which can lead to session-stealing and account compromise on sites containing frames—such as Hotmail
- Forge the content of any site that contains a frame. For example, the attacker could show the user a fake login screen at hotmail.com and log the results to a database
Luckily, an upgrade is available which provides immunity to all of the above vulnerabilities (sorry, I just couldn’t resist that particular dig ;) ).
More recent articles
- Datasette Enrichments: a new plugin framework for augmenting your data - 1st December 2023
- llamafile is the new best way to run a LLM on your own computer - 29th November 2023
- Prompt injection explained, November 2023 edition - 27th November 2023
- I'm on the Newsroom Robots podcast, with thoughts on the OpenAI board - 25th November 2023
- Weeknotes: DevDay, GitHub Universe, OpenAI chaos - 22nd November 2023
- Deciphering clues in a news article to understand how it was reported - 22nd November 2023
- Exploring GPTs: ChatGPT in a trench coat? - 15th November 2023
- Financial sustainability for open source projects at GitHub Universe - 10th November 2023
- ospeak: a CLI tool for speaking text in the terminal via OpenAI - 7th November 2023
- DALL-E 3, GPT4All, PMTiles, sqlite-migrate, datasette-edit-schema - 30th October 2023