Microsoft looks into loopholes. (Up front: news, trends & analysis).
Attackers taking advantage of the loophole could trick computer users into thinking they are visiting legitimate Web sites and convince them to divulge personal information. Internet Explorer versions 5.0, 5.5, and 6.0 may have loopholes in handling Web sites' digital certificates, such as those from VeriSign, which verify Web sites as being legitimate and also include unique code for encrypting information. Essentially, any Web site operator with a valid certificate could pretend to be any other Web site operator. Attackers could hijack computer users over a company's internal network as users visit e-commerce sites and intercept their information. Or they could send hijacked users to dummy Web sites and get users to provide their private information.
Microsoft said it's too soon to judge whether a flaw exists and, if so, how severe it is, but such a problem has the potential to compromise more than 100 million Microsoft software users' names, passwords, and credit card numbers. The problem can be fixed by downloading a software patch from www.microsoft.com/technet. The company issued a bulletin advising customers to install the patch immediately.
|Printer friendly Cite/link Email Feedback|
|Publication:||Information Management Journal|
|Article Type:||Brief Article|
|Date:||Nov 1, 2002|
|Previous Article:||A digital archiving standard. (Up front: news, trends & analysis).|
|Next Article:||Who's afraid of Sarbanes-Oxley? Accountability legislation creates additional document retention requirements and responsibilities for records...|