A security vulnerability came to light recently that affects Internet Explorer 6, Internet Explorer 7 and even Internet Explorer 8 that can be used to record keystrokes of a user even if he is switching domains. That means that a specifically prepared website can launch some Javascript that records everything the user does afterwards including text input which naturally means usernames and passwords as well.
Sounds scary ? There is no fix for this vulnerability yet other than to disable Javascript or allow it only on trusted domains. Some researchers claim that other browsers are affected as well but have failed to deliver proof for those claims yet. It would not hurt however to use the Firefox add-on No Script for instance.
The vulnerability can be tested on this page if you visit it with Internet Explorer. It opens a new window and records the user input on that domain. There is an explanation from the same researcher available.
Related posts:
Internet Explorer Clipboard VulnerabilityReal Player Internet Explorer vulnerability
Internet Explorer 7 Standalone Edition
Check Dead Bookmarks in Firefox, Opera and Internet Explorer
How to migrate from Internet Explorer to Firefox
18 Responses to “You better stop using Internet Explorer for now”
Trackbacks/Pingbacks
-
[...] Vulnerability Notes sirdarckcat: Browser’s Ghost Busters sirdarckcat: Ghosts for IE8 and IE7.5730 You better stop using Internet Explorer for now What can be done by this is embed evil code for example in an add displayed on a non-malicous [...]
-
[...] VĂa | gHacks [...]
-
[...] Fuente: ghacks [...]
-
[...] matter what software you’re using. Today, however, there’s an especially eerie one that Ghacks found which currently affects almost all versions of Internet Explorer 6, 7, and 8. It’s capable of [...]
-
[...] sicuri se utilizzate Firefox scaricatevi questa estenzione chiamata “no script”. Fonte: gHacks Per restare sempre aggiornati con le ultime notizie di GeekSource, abbonatevi ai nostri Feed [...]
-
[...] Source:→ Ghacks [...]
Yes, stop using IE “for now.” After this vulnerability is resolved you can go back to your featureless, bloated and insecure monstrosity.
to “Steven”: “bloated”? “featureless”? Please expand on this. This should be interesting.
But, just my opinion, anyone stupid enough to use their OS to log online and expose their OS to the outside world, deserves to be taken for every cent they have. Or do you consider IE not part of the Windows OS?
So it affects any browser that allows javascript? Why stop using IE then..
I would recommend trying the KeyScrambler add-on for Internet Explorer. I haven’t tested the vulnerability in IE with KeyScrambler because I already switched to Safari and Firefox, but it is worth a try. The “Personal” version is completely free at:
http://www.qfxsoftware.com/
P.S. Make sure that you turn KeyScrambler off at Live Search Club.
to “darkkosmos”: IE does not have NoScript. Firefox does. NoScript blocks execution of java scripts and flash at unknown sites until you give it the ok.
to “David”: I would uninstall Safari if I were you. Read http://news.softpedia.com/news/Safari-Vulnerable-Apple-to-Issue-Fix-for-One-of-Three-Faults-85785.shtml
Apple has a tendency to first sue the finder of a flaw. Than ignore said flaw. Than announce flaw is fixed after the product is discontinued and another product is put out in its place.
The number of firefox users who actually use noscript are tiny, the number of firefox users who have 3 or more addons are slightly more. And IE as a similar function..
Well, it is impractical to ask people to stop using Internet Explorer. That browser accounts for the largest share of users on the planet and bloggers and website designers must test their sites on it to make sure that they see what their users see.
It is more practical to advise people to ramp up their I.E. security settings and avoid questionable sites.
This is shocking.. Can you imagine what can happen if you do financial stuff with explorer. I wouldn’t even think about the financial damage that can be caused with this leak if fallen in the wrong hands. This is definitely something that most be fixed overnight and the path most be updated automaticely without confirmation to be sure nobody would get harmed.
Very painful for Microsoft … again (I hate to say it, but it’s true, again)
You better stop using Internet Explorer forever!
Used to absolutely blow my mind how the AV would light up like a christmas tree while surfing with IE on a newly formatted XP install.
I would never, EVER use it for any type of online transaction of any kind. Strictly for the sites FF hates (can’t think of any).
hmm… well thats add to number of reasons on not using IE, i prefer Firefox.
This is all about the campaign to rid the WWW of Internet Explorer 6 that has devastated web developers and held back the evolution of everything that blocks the tubes for far too long. This can not go on any longer!
BECOME A FRIEND AND SUPPORT THE INITIATIVE TO GET RID OF IE6.