29-01-04

internet explorer goed en slecht nieuws

het goede nieuws is dat microsoft de uitgesproken methode door spammers om hun links onmogelijk leesbaar te maken in hun mails onmogelijk zal maken. Ze weten echter niet goed of de update volgende maand zal klaar zijn (2e week van februari, dinsdag normaal)
 
In response to security issues, Microsoft will be releasing an update to IE that will change the web browser's default URL syntax handling. URLs like the following:

http(s)://username:password@server/resource.ext

will no longer be supported.

In Microsoft Knowledge Base Article 834489 (http://support.microsoft.com/?kbid=834489 ), the software giant explains that the change in default behavior is necessary to protect users from being tricked into visiting spoofed or malicious websites.

According to the HTTP specific section of RFC 1738 (http://www.faqs.org/rfcs/rfc1738.html ) this behavior is appropriate, but it will still cause problems with many existing implementations. Microsoft offers workarounds in KB834489.

Microsoft has not specified a release date for the update.
 
het slechte nieuws is dat Internet Explorer in XP een momenteel zwaar veiligheidslek heeft
 
A new method of exploiting Microsoft Internet Explorer security zones was posted to the BUGTRAQ mailing list today that uses the Windows XP ".folder" extension to trick users into running scripts in the My Computer zone. This is another example of the dangers of unrestricted scripting in trusted zones. Preliminary information from Microsoft indicates that Service Pack 2 for Windows XP will include improvements to restrict web pages from running in the My Computer zone. In the meantime, organizations are advised to disable the "Hide Extensions for Known File Types" option on Windows systems, and advise users to report instances of folders appearing with the ".folder" extension
 
EKZ

13:48 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.