You better stop using Internet Explorer for now
A security vulnerability came to light recently that affects Internet Explorer 6, Internet Explorer 7 and even Internet Explorer 8 that can be exploited to record keystrokes users even when that user is loading different domains in the browser.
That means that a specifically prepared website can launch JavaScript code that records every user interaction once it has been launched including when the keyboard is being used which naturally means that username and password can be recorded as well by it.
Sounds scary? There is no fix for this vulnerability yet other than to disable JavaScript or allow it only on trusted domains. Some researchers claim that other browsers are affected as well but have failed to deliver proof for those claims yet. It would not hurt however to use the Firefox add-on No Script for instance.
If you need to use Microsoft's Internet Explorer, you may either limit JavaScript in the browser as explained above, or only visit websites that you trust for the time being.
The vulnerability can be tested on this page if you visit it with Internet Explorer. It opens a new window and records the user input on that domain. There is an explanation from the same researcher available in case you want to know more about it.
Update: Microsoft has fixed the vulnerability in the meantime, and if you make sure that Internet Explorer is up to date on your system you should not be in danger anymore in regards to the vulnerability.
You can check out our Internet Explorer download page for information about the latest version of the web browser for your operating system. Microsoft in recent years made the decision to limit Internet Explorer versions to specific operating systems. Windows XP users for instance can only download and install Internet Explorer 8, while Windows 7 users get access to IE9 and IE10.
Advertisement
I appreciate you taking to time to conitrbtue That’s very helpful.
I want to say, stop developing for all versions of IE, stop supporting IE, stop making IE Hacks, when it looks differently in IE so be it.
Put something like this on your site:
http://www.flickr.com/photos/ieghostbuster/
Let the user of your site know that IE is not the best browser on this planet.
Greetz
This is all about the campaign to rid the WWW of Internet Explorer 6 that has devastated web developers and held back the evolution of everything that blocks the tubes for far too long. This can not go on any longer!
BECOME A FRIEND AND SUPPORT THE INITIATIVE TO GET RID OF IE6.
hmm… well thats add to number of reasons on not using IE, i prefer Firefox.
Used to absolutely blow my mind how the AV would light up like a christmas tree while surfing with IE on a newly formatted XP install.
I would never, EVER use it for any type of online transaction of any kind. Strictly for the sites FF hates (can’t think of any).
You better stop using Internet Explorer forever!
This is shocking.. Can you imagine what can happen if you do financial stuff with explorer. I wouldn’t even think about the financial damage that can be caused with this leak if fallen in the wrong hands. This is definitely something that most be fixed overnight and the path most be updated automaticely without confirmation to be sure nobody would get harmed.
Very painful for Microsoft … again (I hate to say it, but it’s true, again)
Well, it is impractical to ask people to stop using Internet Explorer. That browser accounts for the largest share of users on the planet and bloggers and website designers must test their sites on it to make sure that they see what their users see.
It is more practical to advise people to ramp up their I.E. security settings and avoid questionable sites.
The number of firefox users who actually use noscript are tiny, the number of firefox users who have 3 or more addons are slightly more. And IE as a similar function..
to “darkkosmos”: IE does not have NoScript. Firefox does. NoScript blocks execution of java scripts and flash at unknown sites until you give it the ok.
to “David”: I would uninstall Safari if I were you. Read http://news.softpedia.com/news/Safari-Vulnerable-Apple-to-Issue-Fix-for-One-of-Three-Faults-85785.shtml
Apple has a tendency to first sue the finder of a flaw. Than ignore said flaw. Than announce flaw is fixed after the product is discontinued and another product is put out in its place.
I would recommend trying the KeyScrambler add-on for Internet Explorer. I haven’t tested the vulnerability in IE with KeyScrambler because I already switched to Safari and Firefox, but it is worth a try. The “Personal” version is completely free at:
http://www.qfxsoftware.com/
P.S. Make sure that you turn KeyScrambler off at Live Search Club.
So it affects any browser that allows javascript? Why stop using IE then..
to “Steven”: “bloated”? “featureless”? Please expand on this. This should be interesting.
But, just my opinion, anyone stupid enough to use their OS to log online and expose their OS to the outside world, deserves to be taken for every cent they have. Or do you consider IE not part of the Windows OS?
Yes, stop using IE “for now.” After this vulnerability is resolved you can go back to your featureless, bloated and insecure monstrosity.