1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE8 To Be Made More Secure Against Attacks

Discussion in 'General Security' started by flavallee, Apr 20, 2010.

Thread Status:
Not open for further replies.
  1. flavallee

    flavallee Trusted Advisor Thread Starter

    Joined:
    May 12, 2002
    Messages:
    80,940
    First Name:
    Frank
    This is word-for-word from the softpedia.com news site.

    Microsoft plans to release and update to the Internet Explorer 8 XSS Filter that will further bulletproof the browser against attacks. The Redmond company already took measures to address an issue impacting the XSS Filter. In this regard, the January security update to Internet Explorer (MS10-002) was designed to resolve a vulnerability detailed at Blackhat EU. According to David Ross, MSRC Engineering, the software giant is now gearing up to take additional steps in order to protect customers.

    A new “update to the IE XSS Filter is currently scheduled for release in June. This change will address a SCRIPT tag attack scenario described in the Blackhat EU presentation. This issue manifests when malicious script can ‘break out’ from within a construct that is already within an existing script block. While the issue identified and addressed in MS10-002 was identified to exist on high-profile web sites, thus far real-world examples of the SCRIPT tag neutering attack scenario have been hard to come by,” Ross explained.

    The promise from the Redmond company is that additional work will be done in order for the Internet Explorer XSS Filter to continually improve. At the same time, Ross underlined that updating the browser was a task that Microsoft did looking to minimize the strain in terms of resources and effort for customers, as much as possible.

    “In the case of the Internet Explorer XSS Filter, researchers found scenarios that are generally applicable across XSS filtering technologies in all currently shipping browsers with this technology built-in. In January (MS10-002) and again in March (MS10-018), we took steps to mitigate this threat class and we’ll take the next major step in the June timeframe. Overall we maintain that it’s important to use a browser with an XSS Filter, as the benefits of protection from a large class of attacks outweigh the potential risks from vulnerabilities in most cases,” Ross added.

    The XSS Filter is a security feature added to Internet Explorer 8 in an effort by Microsoft to help secure the browser against attacks targeting Cross-Site Scripting (XSS) vulnerabilities. By exploiting an XSS hole, attackers can steal cookies, monitor keystrokes, and even masquerade as the victim on websites.

    -----------------------------------------------------------------
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Let's hope :D
     
  3. SIR****TMG

    SIR****TMG

    Joined:
    Aug 12, 2003
    Messages:
    47,118
    Good Read
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Made More Secure
  1. lunarlander
    Replies:
    1
    Views:
    10,163
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918039

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice