A bug in Microsoft's Internet Explorer browser gives phishers a way to scan the hard drives of Google Desktop users, according to an Israeli hacker. Because of a flaw in the way IE processes Web pages, a malicious Web site could use the attack to steal sensitive information like credit card numbers or passwords from the hard drives of its visitors.
"Google Desktop users who use IE are currently completely exposed," wrote hacker Matan Gillon in an e-mail interview. "An experienced attacker can covertly harvest their hard drives for sensitive information such as passwords and credit card numbers. Since Google also indexes e-mails which can be read in the Web interface itself, it's also possible to access them using this attack."
Turn Off java script:
Users can nullify the attack by turning off JavaScript in their browsers, Gillon says. This can be done by disabling "Active scripting" in IE's Internet Options menu. JavaScript is a popular scripting language used by Web developers to make their sites more dynamic.
---------------------------
"This design flaw in IE allows an attacker to retrieve private user data or execute operations on the user's behalf on remote domains"
In order to work, Internet Explorer users must enter malicious websites which contain this IE/CSS exploit.
"Thousands of Web sites can be exploited, and there isn't a simple solution against this attack, at least until IE is fixed,"
Microsoft is investigating the matter, but it said they are not aware of any malicious code that takes advantage of this IE flaw. It added that a security update or advisory might be issued soon.
News source:
ieXbeta
Full story:
View Here
Hybrid Mode
