After a stunning track record of being completely insecure and hackable, Microsoft has been hit with negative press about Internet Explorer ("Mozilla Feeds on Rival's Woes").

U.S. Steers Consumers Away From IE

The virus initiated this week inserts javascript into certain web sites [running Microsoft's web server, IIS]. When users visit those sites [using Microsoft's Internet Explorer], it initiates pop-up ads on home and office computers, and allows keystroke analysis of user information. The target is believed to be credit card numbers. CERT estimated that as many as tens of thousands of Web sites may be affected.

The United States Computer Emergency Readiness Team issued this security advisory stating the specifics of the browser vulnerabilities, adding that "functional exploit code is publicly available, and there are reports of incidents involving this vulnerability."

Among their suggested solutions...

Use a different web browser

There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML).

Don't believe the hype? Do ya think someone's out to make Microsoft look bad? Are they being framed? If so, maybe you should do a little reading...

http://62.131.86.111/analysis.htm http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0104.html http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0031.html http://secunia.com/advisories/11793/ http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/execscript.asp http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/showmodaldialog.asp http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx http://www.microsoft.com/security/incident/settings.mspx http://support.microsoft.com/default.aspx?scid=833633 http://support.microsoft.com/default.aspx?kbid=182569 http://www.microsoft.com/security/incident/download_ject.mspx http://isc.sans.org/diary.php?date=2004-06-25 http://www.securityfocus.com/bid/10473 http://xforce.iss.net/xforce/xfdb/16361