Oh boy, I don't know where to start. What an afternoon. I thought the morning was kind of slow, but here we go. First, a massive security hold was found in Microsoft Internet Explorer running on Windows systems (both 95 and 98 confirmed, still waiting to hear about NT and 2000.) Basically this hole lets a hostile web site view your cookies. This is not a problem with cookies (which some people like to say are unsecure) but with Microsofts implementation of javascript. If you are using IE on Windows, and you don't want other people to know where you go on the web, you should immediately turn off javascript. (On IE for the mac this is done in the edit menu by selecting preferences, and then choosing 'web content' (which is under WEB BROWSER on the left) and then deselecting enable scripting? in the Active Content section. If windows is different, someone please clue me in. Note: javascript is not java and has nothing to do with java - although you might want to turn that off too.) "Who cares" you ask? Well, dismissing the obvious oceans of porn that of course nobody ever looks at, what about your on line brokerage account? What about all your accounts that remember your password (like this one?) What about your account on the gay and lesbian alliance site that you didn't want your evil employer to know about? All of these things are stored as cookies on your machine, and only you should have access to them. Javascript is very good at keeping hostile website's code from gaining any sort of access to your machine (outside of that codes sandbox.) Microsoft's is unfortunately not so good. But everybody makes mistakes, the real test of their ethics will be how long it takes them to patch this. (If it were an open source program there would already be several patches available to solve this problem.) The clock is ticking Redmond...
|
- jim 5-11-2000 9:19 pm