The Cross-Frame security issue
You have barely had time to fix Internet Explorer's long filename vulnerability problem (see Just when you thought it was safe to read e-mail, October, p144) but now there's another security hole to worry about. This one's called the "Cross-Frame Navigate Issue", and although it's not as serious as the last one, it won't do much to soothe the nerves of the terminally paranoid Internet user. At the time of writing, Microsoft hadn't publicised many details, but it seems that this particular hole allows a skilled hacker to read files on your computer. Just about every version of Internet Explorer is affected, including 3.x, 4.0, 4.01 and 4.01 SP1. The good news is that the bug is difficult to exploit. The potential hacker (most likely a Web site operator) would need to know the names and locations of target files on your system and, even then, he or she couldn't view anything unless you visited the hacker's site. Still, it's always wise to play safe, so we recommend you download the fix from Microsoft's Web site. Windows 98 users can exploit the Windows Update feature to obtain the patch (StartûWindows Update). Users of other Windows versions will find updates at www.microsoft.com/ie/security/xframe.htm. Unfortunately, the patch only works for IE 4.01, so if you are running an earlier version you will need to upgrade before applying the patch. û Neville Clarkson | Category:bugs and fixes Issue: November 1998 |
These Web pages are produced by Australian PC World © 1998 IDG Communications