[thelist] IE Security Hole
Lachlan Cannon
tiedefenderdelta6 at yahoo.com
Fri Feb 22 01:55:01 CST 2002
> It was first posted to Bugtraq around the 10th of
> January. I believe this
> was fixed in the newest IE patch, but I'm not 100% about
> that. So it has
> "made it into the news." It's the ones that haven't been
> fixed and are much
> more dangerous that are problems. If you want a 100%
> secure browser, your
> only real option is to not use IE.
Or Netsape. Or Opera. Or Lynx. Seriously - no half complex
piece of software is bug free, and bugs means insecurity.
Microsoft are just the easiest target, but other companies
have bugs too - it's just that people looking for bugs do
it in IE because most people use that. And since this
really isn't helpful to anyone at all...
<tip type="PHP security" author="Lachlan">
If you're using a version of PHP which doesn't have
auto-variables turned off, it's a good idea to always
initialise your variables, especially ones used just by the
program, such as $rightlogin. Otherwise someone can pass
variables in the query string, overwriting variables which
haven't been explicitly set inside your script. Imagine if
someone could use this to log into your admin program, and
delete your database containing 4 years worth of articles.
</tip>
Lach
__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com
More information about the thelist
mailing list