Yet another bug has been found in Microsoft’s Internet Explorer browser,
this one said to potentially allow the theft of data from consumers who are
banking online or shopping at e-commerce Web sites.
Microsoft is investigating, but has yet to make a formal
statement or issue a fix. One security expert was quoted as saying that “the
cryptographic protections of SSL don’t work if you’re a Microsoft IE user.”
The loophole could allow hackers to trick computer users into thinking they
are shopping at legitimate Web sites, exposing their credit card numbers and
other personal information.
The flaw was discovered by Mike Benham, a San Francisco programmer who
posted
a note to the Bugtraq mailing list on the SecurityFocus Internet site,
outlining what he called the possibility of an undetected “man in the
middle”
attack.
Some security experts said it was a serious concern; others were quoted as
saying that the complexity and knowledge required to exploit the
vulnerability makes the probability of widespread attacks unlikely.
Benham said in his warning that Internet Explorer versions 5.0, 5.5 and 6.0
have loopholes in handling digital certificates, such as those from VeriSign , which verify Web sites as being legitimate and also
include unique code for encrypting information.
Essentially, any Web site operator with a valid certificate could pretend to
be any other Web site operator, Benham said.
“I would consider this to be incredibly severe,” Benham said in his posting.
“Any of the standard connection hijacking techniques can be combined with
this vulnerability to produce a successful man in the middle attack.”
Netscape has no such loophole, he said.
Microsoft reportedly is still investigating and is unsure even whether to
call it a vulnerability, Scott Culp, manager of Microsoft’s Security
Response
Center, was quoted as saying. However, Microsoft and VeriSign were said to
be
working together on the matter and a VeriSign spokesman said that no real
cases have been reported in which someone has successfully spoofed a Web
site
or gained information.
Internet Explorer has a long history of security flaws, almost all of which
have been patched at one time or another.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.
