IE5 Bug Circumvents Passwords
Security hole may threaten those who share PCs.
Matthew Nelson and Bob Trott, InfoWorld Electric
The bug occurs when one user accesses a Web site that does not employ standards-based HTTP cache controls, thereby enabling another user on the same machine to view the same password-protected site visited by the first user and cached on the PC--without entering the original user's log-in and password.
The password itself would not be viewed.
Some users believe the bug has the possibility of being an annoying problem.
"If the [local] cache is compromised in such a way as to allow secure data to be accessed without using proper credentials--or in this case, without any credentials at all--then you have a big problem," said Scott Schnoll, a Portland, Oregon-based Windows developer.
Manual Work-Arounds
Schnoll said work-arounds exist for the bug, such as manually emptying the local cache, or configuring IE5 to automatically purge the cache when it is closed.
"The best solution would be in the form of a patch from Microsoft," Schnoll said. "It would be nice if IE5 users were able to take advantage of the benefits of a local Web cache without having to worry about security breaches such as this."
Microsoft is investigating ways to address this issue in a future release, the company said.
- Sponsored Resource:Improve your network with the right mix of features, performance and pricing.
- Sponsored Resource:Growing your business requires the right tools. Dell's networking servers can help.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Twitter: A how-to guide for using Twitter as a business tool.
- Sponsored Resource:Smartphone security threats are on the rise. Is it time to safegaurd your device?
For more IT analysis and commentary on emerging technologies, visit InfoWorld.com. Story copyright © 2007 InfoWorld Media Group. All rights reserved.
Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.
Business Security 101
Featured APC Accessories For Your System
10% Off Entire Cart at Online Store
-
APC Back-UPS ES
Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
- APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.
People who read this also read:
- Cisco Small Business Center Find out how to keep employees mobile, connected and productive with secure wireless networking.
- Dell Servers for Small Business Click here to see how a Dell server can help you back up your company's data and save you valuable time.




