IE & Gmail Show Up with Alarming Vulnerabilities
Cenzic Inc., the company that assesses application security vulnerability and solutions for risk management, released an advisory on December 17, 2007 to warn users against vulnerabilities in Microsoft's Internet Explorer (IE) and Google's Gmail that could severely affect e-mail systems leading to breach of user privacy. MarketWire published this on December 17, 2007.
The said flaws relate to XSS or Cross-Site Scripting and CSRF, i.e., Cross-Site Request Forgery attacks capable of stealing users' confidential information.
Cenzic alleged that in the case of Internet Explorer, the problem relates to the way caching takes place allowing an XSS attack, which could exploit the surfer's cache across accounts that are shared on the computer. With Gmail, Cenzic said that its e-mail addresses showing attachments could have the CSRF. Internetnews published this in news on December 17, 2007.
According to Google, a user with malicious intent who works on a shared PC could change the environment such as alter data stored in the cache of the browser so that it becomes unresponsive to all future users. Internetnews published this on December 17, 2007.
But Google added that such a problem need not necessarily be with Gmail or other Google products for a maliciously minded user could manipulate a shared PC with as many possible methods such as by directly installing a keylogger program.
Mark Miller, Director of security response at Microsoft, notes that the software maker is probing into public's new claims that potential vulnerability could exist in Internet Explorer. So far, Microsoft has been downplaying the criticality of vulnerability that Cenzic has alleged. Internetnews published this.
Vice President of marketing, Mandeep Khera, at Cenzic said in a company press release that the recent vulnerabilities show how serious threats exist in general services, which otherwise users believe to be secure and safe. MarketWire published this on December 17, 2007.
According to Khera, these threats need to be obviously dealt with in a timely and proactive manner. Although big vendors like Google and Microsoft are aggressively protecting their software, the road to cover is long. For smaller software vendors and large organizations, the situation with their application security is bleaker.
Related article: IE 6 Users Warned of New Security Bug
» SPAMfighter News - 01-01-2008