Ruby, Rails, Firefox, Anime, Mac
In: Browsers30 Jan 2004
InfoWorld reports on the new Internet Explorer security hole that allows file download extensions to be spoofed. The hole allows the site author to make it appear that a downloaded file is safe by spoofing it’s extension, when in fact it could be anything, including malicious executables.
Security company Secunia has a demo of this security hole over at their Internet Explorer File Download Extension Spoofing Test.
The author of the InfoWorld article goes so far as to say:
The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer’s viability as a browser.
The other aforementioned spoof issue is, of course, the URL spoofing vulnerability. Some good news on this front though, with Neowin.net reporting that Microsoft will fix this with an IE update to remove support for usernames in http urls.
Can’t say the damage hasn’t been done. Has it got your average non-technical Joe/Jane looking for alternative browsers? Maybe grandma is starting to ask for “a better Internet”? No one knows for sure, but I’m sure if this is publicized further in the mass media, there’ll be some very pleased converts.