Thursday, 28 September 2017

Internet Explorer can be exploited to read what you type in the URL bar

If you still use Microsoft’s Internet Explorer, then you should be aware there’s a bug in the browser which leaks the URL (or anything else) you type into the address bar.

The problem affects the latest version of Internet Explorer and was discovered by security researcher Manuel Caballero.

As Ars Technica reports, the flaw allows the website the user is currently visiting to view any text they type into the browser’s address bar, with that text becoming readable as soon as they leave (i.e. as they hit the enter key).

This means that a maliciously-controlled website can exploit the bug to grab the URL of the next website that you’re visiting, or if you’ve typed text into the address bar, it will also snaffle that – because Internet Explorer will automatically convert that to a search (on Bing by default).

And the victim won’t be aware that this has happened, because they’ll simply be whisked off to whatever website or search they entered.

Time to move on?

Given the news yesterday that Windows 8.1 has been hit by a nasty bug which prevents users from logging onto their PC with a Microsoft account – and with no apparent ETA on a fix – maybe it’s time folks started seriously thinking about moving away from ageing Microsoft software.

Of course, if you are on Windows 10, it has the Edge browser as well as Internet Explorer, and the former is obviously where the software giant’s focus lies – particularly when it comes to security aspects.

As Caballero himself observes: “[Microsoft is] really moving forward regarding Edge, design bugs, and they even extended its bug bounty, which seems to be permanent now … but I still believe it is not acceptable to leave IE wide open.”

“In my opinion, Microsoft is trying to get rid of IE without saying it. It would be easier, [and] more honest to simply tell users that their older browser is not being serviced like Edge.”

Naturally some users are forced to go with Internet Explorer due to legacy issues with services or sites, but if you have a choice, it seems like an increasingly good idea to step up to a contemporary piece of software – whether that’s Edge, Chrome or Firefox, or indeed another alternative.



from TechRadar - All the latest technology news http://www.techradar.com/news/internet-explorer-can-be-exploited-to-read-what-you-type-in-the-url-bar

No comments:

Post a Comment