« XHTML/CSS/JS Scrabble | Main | Firebird 0.8 on the horizon »

IE file download extension spoofing hole

January 30, 2004

InfoWorld reports on the new Internet Explorer security hole that allows file download extensions to be spoofed. The hole allows the site author to make it appear that a downloaded file is safe by spoofing it’s extension, when in fact it could be anything, including malicious executables.

Security company Secunia has a demo of this security hole over at their Internet Explorer File Download Extension Spoofing Test.

The author of the InfoWorld article goes so far as to say:

The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer’s viability as a browser.

The other aforementioned spoof issue is, of course, the URL spoofing vulnerability. Some good news on this front though, with Neowin.net reporting that Microsoft will fix this with an IE update to remove support for usernames in http urls.

Can’t say the damage hasn’t been done. Has it got your average non-technical Joe/Jane looking for alternative browsers? Maybe grandma is starting to ask for “a better Internet”? No one knows for sure, but I’m sure if this is publicized further in the mass media, there’ll be some very pleased converts.

Posted by Chu Yeow at January 30, 2004 SGT | Permalink | | Category: Browsers

3 Comments & TrackBacks ()

Paper doll icon
Full(o)bloG's Gravatar

firebird 0.8
sta per essere rilasciata la versione 0.8 di firebird, la faccenda si fa interessante…

Posted by: Full(o)bloG on January 30, 2004 1am

Paper doll icon
Richard's Gravatar

If a security problem ever becomes enough of a problem to seriously hit John Q. User I don’t think he’ll look at other browsers. (Barring, say, a big story on Mozilla and Opera on CNN.) They’ll just become afraid to do anything interactive over the internet.

Posted by: Richard on January 30, 2004 2am

Paper doll icon
Cheah Chu Yeow's Gravatar

While that may be true for grandma, I find it highly unlikely that most people would stop surfing or downloading stuff. Sure, there are people who become so afraid as to stay away, but my conjecture is that these people are few in number and mostly are those who are far too technically disinclined.

The Internet is pervasive and much a part of our lives - but you don’t need me to tell you that. Most people would either continue using IE, for all it’s flaws, or switch (which would be a much smaller proportion).

Posted by: Cheah Chu Yeow on January 30, 2004 2am

You can subscribe to the RSS feed for comments on this post.

« XHTML/CSS/JS Scrabble | Main | Firebird 0.8 on the horizon »

Sorry, this entry is no longer accepting comments. If you have something you really want to say, you can write me.

« XHTML/CSS/JS Scrabble | Main | Firebird 0.8 on the horizon »