Rotten cookies are bugging Microsoft

MyCustomer.com
Share this content

A glitch in Microsoft’s Internet Explorer browser allows hackers to track the progress of site users, and redirect them to other sites. The company is looking into the problem, but as yet has not come up with a solution.

The problem lies in the cookies, the software nugget that contains sensitive data about a customer, including names, passwords, and buying patterns.

The vulnerability, according to a Microsoft spokesperson, allows a malicious site to read, change or delete cookies that belong to other sites, assuming the hacker can first entice the user to the rogue site. 
Hotmail, Microsoft’s free e-mail, was the first to show signs of rot, according to Bennett Haselton of Peacefire, an anti-censorship activist, who says that IE can hijack cookies used by other sites to authenticate users. This makes vulnerable the big boys like Amazon, Yahoo and MP3.com, who must be grateful that the user’s credit card number is not cookied.

According to Peacefire (motto – ‘It’s not a crime to be smarter than your parents’) all versions of IE for Windows 95/98/NT and 2000, and IE for Solaris and HP/UX are susceptible, and users should disable JavaScript until Microsoft issues a patch.

A previous security fix issued designed to close a denial-of service vulnerability in Microsoft’s Internet Information Server, appears not to work, according to the Underground Security Systems Research organization.

BugNet, the watchdog that tracks vulnerable software, is still running tests, but will issue a statement soon.

About mycustomer.newsdesk

Replies

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.