Practical Security: Web Browser Vulnerabilities

Secunia, a computing security clearinghouse, has issued a warning regarding a new, zero day vulnerability in the Internet Explorer web browser.  This includes Internet Explorer 5, Internet Explorer 6, and Internet Explorer 7 on fully patched Windows XP systems.

Attackers can craft web pages in such a way to use this vulnerability to issue commands on your computer.  There are active exploits currently being used on the Internet to do this.

Your safest immediate course of action is to not use Internet Explorer until a patch is issued by Microsoft.  Instead, use Firefox, Safari, or Chrome.  Unless you are using version 9.3 of Opera, you should quit using it as well.

On another note, there was an article in the news recently which named Firefox as the most insecure application of 2008.  The article is highly biased, however, and the criteria for defining insecure applications ruled out the inclusion of Internet Explorer.  Still, it’s worth a read to help raise awareness about the vulnerabilities of computing on the Internet these days.

Whatever browser you use, you should know that exploits are found in all of them.  As exploits are discovered, they are usually patched as soon as possible, and it’s well worth checking for and installing the latest versions often.  Until patches are released, however, it’s a good plan to switch browsers.

About Will Chatham

Will Chatham is a Cyber Security Analyst, Ethical Hacker, and Penetration Tester at a data center in Asheville, NC. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. His varied background, from developer to search engine optimizer to security professional, has helped him build a wide range of skills that help those with whom he works and teaches.
Bookmark the permalink.

Leave a Reply