By Loring Wirbel, EE Times
The Department of Homeland Security's U.S. Computer Emergency Readiness
Team touched off a storm this week when it recommended for security reasons
using browsers other than Microsoft Corp.'s Internet Explorer.
The Microsoft browser, the government warned, cannot protect against
vulnerabilities in its Internet Information Services (IIS) 5 server
programs, which a team of hackers allegedly based in Russia has exploited
with a Java script that is appended to Web sites.
The particular virus initiated this week inserts Java script into certain
Web sites. When users visit those sites, it initiates pop-up ads on home
and office computers, and allows keystroke analysis of user information.
The target is believed to be credit card numbers. CERT estimated that as
many as tens of thousands of Web sites may be affected.
CERT said vulnerabilities in IIS and IE could include MIME-type
determination, the DHTML object model, the IE domain/zone security model
and ActiveX scripts. Alternative browsers such as Mozilla or Netscape may
not protect users, the agency warned, if those browsers invoke ActiveX
control or HTML rendering engines.
http://story.news.yahoo.com/news?tmp...c_cmp/22103407
--
__
Similar Threads
