a_Taxman@hotmail.com" rel="external">Da_Taxman meldt: dat er weer een gat is gevonden in Internet Explorer, door een klein beetje gegoochel met URL's is het mogelijk toegang te krijgen tot alle koekjes van iemand die toevallig langs een verkeerde website surft :
Security enthusiasts Bennett Haselton and Jamie McCarthy demonstrated how a simple substitution in Web addresses (URLs) can foil IE's security checks, exposing the cookie files that Web sites place on visitors' computers. Cookies authenticate people's identities when they return to Web sites and store data about visitors' activities and purchases.
Microsoft noted that the hole doesn't let an attacker "inventory" the visitor's cookies, but only targets specific ones from certain sites. The company also said that a victim would have to visit a malicious Web site.
Still, Microsoft acknowledged that the hole leaves room for plenty of trouble.
"The vulnerability could allow a malicious Web site to read, change or delete cookies that belong to another Web site," Microsoft said in a statement. "We expect to deliver the patch shortly. A security bulletin will be published...to discuss the issue and advise customers how to obtain and apply the patch."
The hole lends credence to the fears of privacy advocates, who say the technology and business of collecting Web surfers' private information--such as when and where they surf and which books and other items they purchase--is prone to abuse and mishap.