- Worst of the lot: PCConnection and PCMall
- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Cisco loses $2 million order to Nortel
- Enterasys, Extreme hooking up?
BitTorrent blocking; SQL injection attack. Listen now!
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Virtualization technology allows companies to respond quickly to ever-changing storage capacity requirements. Learn about how HP defines virtualization technology and how it applies to the HP 's newest Enterprise Virtual Array (EVA) storage system in this new white paper.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
take it easy last commenting person. Well, i happen to work for the company, I truthfully believe it...- employee
A security researcher has found a security bug that could be attacked in Internet Explorer. Mozilla said it plans to patch the problem in its next Firefox software update.
No, that's not a typo, just the strange fall-out from an unusual bug that had security researchers debating the question this week, "Who's to blame? Microsoft or Mozilla?"
Security researcher Thor Larholm kicked off the controversy on Tuesday, claiming that he had discovered a flaw that would let an attacker run commands on a victim's PC.
In his blog posting, Larholm said the bug was similar to a flaw he'd discovered last month in Apple's Safari 3.0 beta software, and he called it an an "input validation flaw in Internet Explorer." The problem is with a URL protocol handler component of IE, he said. This software allows IE users to launch applications such as Excel or Firefox by clicking on specially written links on Web pages.
When IE clicks on a link that launches the Firefox browser, however, the software does not properly check its syntax, and that, Larholm said, lets an attacker create a malicious link, that could be used in an attack. Security vendor Secunia ApS rates the flaw as "highly critical."
So while the flaw affects IE users, it appears to be a risk only to those who already have Firefox installed. And to make matters more complicated, if a Firefox user were to click on one of the specially-written links, he would not be affected.
Still, Microsoft Security Program Manager Mark Griesi said that the bug was not his company's problem. "We don't feel that there's an issue in IE and therefore there's nothing to be fixed," he said Tuesday.
With Microsoft saying it won't fix the vulnerability, Mozilla said it would change the way its Firefox URL protocol handler worked in its next Firefox update. That will fix Larholm's bug, but Mozilla security strategist Window Snyder wouldn't say whether or not she considered the vulnerability to be an IE or Firefox problem. She did, however, point out that without Microsoft making changes to IE, other Windows programs may be at risk.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
IMBy Anonymous on May 1, 2008, 12:40 amITS IT TO BLAME IT GIVES VIRUSES ON YOUR COMPUTER AND THAT HAPPNEDED TO ME BEFORE
Reply | Read entire comment
Meanwhile, Microsoft invests $50M in securityBy Micronet on July 12, 2007, 2:07 pmSee Microsoft Subnet for more Microsoft-related news, blogs, security alerts, technical group. Spending on advertising is ok. Spending on cooperating is a different...
Reply | Read entire comment
RE: Who's to blame for browser bug? IE or Firefox?By RAYMOND on July 11, 2007, 12:56 pmRead ASAP!
Reply | Read entire comment
View all comments