Want to keep thieves out of your PC's cookie jar? If you use Internet Explorer 5.5 or 6.0, you'll want to close the latest security hole--one that lets outsiders swipe cookies from your browser. Cookies are the little chunks of data that Web sites stick on your hard drive so they can recognize you the next time you visit their sites. IE's flaw: A nefarious attacker could steal your computer's cookies.
Most cookies do not carry important information, but some slow-witted shopping sites may record sensitive data (such as credit card numbers) in their cookies. By tricking you into clicking a specially crafted link on the attacker's Web site or in an HTML e-mail message, a hacker could gain access to all your cookies.
Microsoft has posted both a workaround and a patch for the problem. I recommend that you download the patch. Though the workaround will protect your PC from cookie grabbers, it does so by disabling Active Scripting--a type of code that Web sites depend on to carry out various functions. (Note: Any URL ending in the extension .asp uses Active Scripting; the abbreviation stands for "active server pages.") If you use Microsoft's patch instead of its workaround, Active Scripting will continue to operate.
Media Player Fix
If you are a major fan of streaming media and you use Windows Media Player, you need to know about four security problems. You can take care of all four holes in one download with Microsoft's latest patch. Three of the problems relate to Windows Media Player versions 6.4, 7.0, and 7.1, as well as to Windows Media Player for XP; one of the flaws affects version 6.4 only.
The vulnerabilities could let an interloper take charge of your computer. The attacker would send you an Advanced Streaming Format (ASF) file containing hidden code. If you subsequently played the file--or clicked a link on a Web site that played it--slick intruder could crash your computer.
But it could be much worse: An attacker who figured out what operating system was running on your PC could do anything you could do on your computer--even reformat your hard drive, for instance.
Microsoft says that the patch removes the vulnerabilities by setting up a process to validate .asf files that come its way. Get Microsoft's bulletin and a link to the download for your version of the player. If you use the XP version, you'll also find the fix included in Microsoft's Critical Updates (via Windows Update).
Bugged?
Found a hardware or software bug? Tell us about it via e-mail at bugs@pcworld.com.
Stuart J. Johnston is a contributing editor for PC World.- Page 1 of 2
- Next »
Would you recommend this story? YES NO
- SpaceX's Dragon Capsule Splashes Down, Historic Mission Comes to an End The firstever docking mission of the ISS by a commercial company has come to an end, and the Dragon capsule returned to Earth safely with return-cargo onboard.
- Intel Intros Dual-Core Ivy Bridge Chips; Releases Sneak Peek of Upcoming Ultrabooks The chipmaker also ramps up the standards for Ultrabooks.
- Five Fun and Geeky Alternatives to Instagram Is Instagram too mainstream for you? Check out five alternatives for the geek that loves their photo filters.
- How to Download and Install the Microsoft Windows 8 Release Preview The latest fine-tuned beta version of Window 8 is now available for your testing pleasure. It's free.
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
Ad Choices