A glitch in Microsoft’s Internet Explorer browser allows hackers to track the progress of site users, and redirect them to other sites. The company is looking into the problem, but as yet has not come up with a solution.
The problem lies in the cookies, the software nugget that contains sensitive data about a customer, including names, passwords, and buying patterns.
The vulnerability, according to a Microsoft spokesperson, allows a malicious site to read, change or delete cookies that belong to other sites, assuming the hacker can first entice the user to the rogue site.
Hotmail, Microsoft’s free e-mail, was the first to show signs of rot, according to Bennett Haselton of Peacefire, an anti-censorship activist, who says that IE can hijack cookies used by other sites to authenticate users. This makes vulnerable the big boys like Amazon, Yahoo and MP3.com, who must be grateful that the user’s credit card number is not cookied.
A previous security fix issued designed to close a denial-of service vulnerability in Microsoft’s Internet Information Server, appears not to work, according to the Underground Security Systems Research organization.
BugNet, the watchdog that tracks vulnerable software, is still running tests, but will issue a statement soon.