Michal Zalewski, a polish security researcher, is known for his impressive detection of browser flaws. He has found more, well another four to be precise.
The most serious of the four vulnerabilities he has found would make it possible for 'cyber punks' to steal your browser's cookies, and extract personal information – like bank numbers and passwords – and possibly execute extremely harmful scripts.
Two of the four vulnerabilities were found in IE – the others were in Mozilla FireFox. The cookie's flaw found in IE is being called a critical vulnerability, and it resides in the 'page update race condition'. What does that mean, you ask? Well, it means that there's a very brief – but still there – window of opportunity when IE goes from a sensitive website (Say, your bank) to a normal website (Say, Starbucks). During this time, an attacker can execute a string of JavaScript that will read the content from the old site and the content in the new site. It's a slightly obscure attack, mind you, but it is a very real threat.
The other three flaws found by Zalewski aren't nearly as critical – however, we do hope that they will be fixed as soon as possible, because no matter how small, a security hole in your browser can bring serious havoc to your computer.
These latest findings make people question – will we ever be safe online?
|
|
Reader Comments: 0
