Aladdin Security Alert -- How to Protect Against the Internet Explorer Security Hole.Business Editors/High-Tech Writers SEATTLE--(BUSINESS WIRE)--Dec. 27, 1999 THE SECURITY RISK Confirmed by Microsoft -- Hackers could read PC users' private files through a security hole in Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. (IE). By exploiting JavaScript, a Web scripting language A high-level programming, or command, language that is interpreted (translated on the fly) rather than compiled ahead of time. A scripting, or script, language may be a general-purpose programming language or it may be limited to specific functions used to augment the running of an for executing actions on a Web page or HTML e-mail An e-mail message formatted as a Web page (HTML document). Like a Web page, it can include different fonts and graphics, which regular text e-mail does not support. It enables the publishing of fancy newsletters and reports as well as elaborate advertising, all of which is sent as an , without user input, prying pry·ing adj. Insistently or impertinently curious or inquisitive: ignored the prying journalists' questions. pry individuals can circumvent the IE security checks to spy on any file that can be viewed through the browser window. IE can execute a command "NavigateAndFind" within a Web page or an HTML-based e-mail, which directs the browser to a specific Web page to highlight selected text there. Normally, IE will perform a security check to make sure the command is not directing to a file located on the user's computer. However, by directing this command to a JavaScript URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. contained within a frame, hackers can override the security check and execute the JavaScript. As a result, a hacker can read any document that can be viewed in a browser window. Files that can be viewed include: Word documents, HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. pages, text files, cookie files (that can contain passwords and personal information), jpeg and gif images and other files. The security hole does not allow modifying or deleting files. PROTECTING AGAINST THE THREAT Aladdin's eSafe products can protect users against such exploits. Organizations using eSafe Gateway should add the NavigateAndFind JavaScript command to the predefined list of malicious JavaScripts to be blocked. This step will enable eSafe Gateway to automatically block this command. eSafe Desktop and Enterprise users can predefine eSafe's exclusive Total Sandbox A restricted environment in which certain functions are prohibited. For example, deleting files and modifying system information such as Registry settings and other control panel functions may be prohibited. Quarantine(TM) protection to protect any file or directory from being accessed by Internet Applications, including IE. By default, eSafe's Sandbox automatically prevents viruses, vandals and hackers from accessing vital systems files. To protect additional files from prying eyes, users need to remove the access rights to valued files through eSafe's Sandbox definition. For specific instruction on how to protect individual files, users may visit Aladdin's eSafe technical support Web site at http://esafe.com/support.html or call them at 1-888-7SAFEPC. ABOUT eSAFE Aladdin's eSafe product suite, which includes eSafe Desktop, eSafe Enterprise and sSafe Gateway, provides the most comprehensive protection available against hostile elements on the Internet and gives users confidence in their ability to navigate the Internet safely. eSafe is the only comprehensive suite of content security solutions on the market to provide proactive protection from the gateway to the desktop. It also is the only one to provide Total Sandbox Quarantine(TM) protection against all forms of malicious content including viruses, vandals and worms. A unique feature found only in Aladdin's eSafe solutions, the sandbox erects a protective wall around vital system files and isolates all potentially dangerous viruses, vandals and worms in a sterile environment, preventing them from damaging, infecting or stealing from system resources (1) In a computer system, system resources are the components that provide its inherent capabilities and contribute to its overall performance. System memory, cache memory, hard disk space, IRQs and DMA channels are examples. . Much more than anti-virus protection, the eSafe suite of products enables businesses to:
-- block users ability to alter vital system files, thereby reducing
IT maintenance and repair costs.
-- stop access to web sites with inappropriate or malicious content,
such as hate literature or pornography, or those sites known to
propagate viruses.
-- restrict outgoing emails from sending classified or prohibited
content.
ABOUT ALADDIN Aladdin (Nasdaq:ALDN) is a global leader in securing digital content, from applications software to Internet use and access. Aladdin's products include HASP (Houston Automatic Spooling Program) A mainframe spooling program that provides task, job and data management functions. HASP - Houston Automatic Spooling Program and Hardlock, software security systems that protect the revenues of developers and publishers; Privilege, a software licensing platform for the Internet; the eSafe line of anti-vandal, anti-virus and content filtering See Web filtering and parental control software. software for PCs and networks connected to the Internet; and eToken for Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. and authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. . Aladdin serves its customers through eight offices located in the world's major software markets as well as a network of 50 distributors serving more than 100 countries. For more information, visit the Aladdin web site at www.aks.com. Note to Editors: All trademarks and registered trademarks are the property of their respective holders. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion