New IE-related problem
Nov 23, 2009 3:00:42 GMT
Post by CharlieChomper on Nov 23, 2009 3:00:42 GMT
The disclaimer to this is that it mainly appears to affect versions of IE prior to 8 (in particular, IE 6 and 7). Also, it does not appear to be 100% effective on the part of the attacker, it seems.
Basically, there was a new exploit that was recently discovered and confirmed by Symantec (the company behind Norton Anti-Virus/security products) which can allow an attacker to gain access to a system via IE by way of how the browser retrieves cascading style sheets (CSS for short).
However, in order for an attacker to do so, they would somehow need to lure a victim using said browser to a site with the malicious coding, written in Javascript, in order for them to unleash this attack.
As far-fetched as it may seem for this to even succeed, this type of method is actually growing in popularity amongst those writing malware or of the more malicious mindset, in a similar fashion to a spider building its web to catch its prey--and it has surprisingly proven successful to them.
The current "workaround" to avoid problems for IE users is by disabling javascript until Microsoft releases a fix for this issue.
Basically, there was a new exploit that was recently discovered and confirmed by Symantec (the company behind Norton Anti-Virus/security products) which can allow an attacker to gain access to a system via IE by way of how the browser retrieves cascading style sheets (CSS for short).
However, in order for an attacker to do so, they would somehow need to lure a victim using said browser to a site with the malicious coding, written in Javascript, in order for them to unleash this attack.
As far-fetched as it may seem for this to even succeed, this type of method is actually growing in popularity amongst those writing malware or of the more malicious mindset, in a similar fashion to a spider building its web to catch its prey--and it has surprisingly proven successful to them.
The current "workaround" to avoid problems for IE users is by disabling javascript until Microsoft releases a fix for this issue.
