You are in the: Small Business Computing Channelarrow
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

ECommerce-Guide News provides online business owners with information about new ecommerce products, ecommerce laws and taxes, trends in ecommerce and market research on how to run an eBay business.   News, reviews and practical solutions for your online business  
Home News & Trends Solutions Resources eBiz FAQ Selling on eBay Forums Video Products Glossary About
News Research Trends


Search
ECommerce-Guide

ECommerce Glossary
Enter a Term:

Free Newsletters
Small Business Tech Daily
Webopedia

You are in: ECommerce-Guide > News > E-Commerce News

ECommerce-Guide Essentials
eBiz FAQ
Everything you need to know to start your own successful e-business.

Selling on eBay
How to make money in the online marketplace.

PayPal Payments and More
What's new in secure payments for your online store.

Shopping Cart Software
Solutions to close, process and track your online sales.

Related Articles
Microsoft Warns Again on MSN Chat Flaw
Gopher Hole Found in Microsoft IE
CERT Warns of Another Security Flaw in IE
IE/Access Flaw Leaves Windows PCs Vulnerable
Scripting Vulnerability Detected in MS IE and Outlook Express
Bug Opens Microsoft IE to HTML .exe Attachments

ecommerce-guide news and trends

Latest IE Flaw an E-Commerce Threat?
By Beth Cox

August 13, 2002


Yet another bug has been found in Microsoft's Internet Explorer browser, this one said to potentially allow the theft of data from consumers who are banking online or shopping at e-commerce Web sites.

Microsoft is investigating, but has yet to make a formal statement or issue a fix. One security expert was quoted as saying that "the cryptographic protections of SSL don't work if you're a Microsoft IE user."

The loophole could allow hackers to trick computer users into thinking they are shopping at legitimate Web sites, exposing their credit card numbers and other personal information.

The flaw was discovered by Mike Benham, a San Francisco programmer who posted a note to the Bugtraq mailing list on the SecurityFocus Internet site, outlining what he called the possibility of an undetected "man in the middle" attack.

Some security experts said it was a serious concern; others were quoted as saying that the complexity and knowledge required to exploit the vulnerability makes the probability of widespread attacks unlikely.

Benham said in his warning that Internet Explorer versions 5.0, 5.5 and 6.0 have loopholes in handling digital certificates, such as those from VeriSign, which verify Web sites as being legitimate and also include unique code for encrypting information.

Essentially, any Web site operator with a valid certificate could pretend to be any other Web site operator, Benham said.

"I would consider this to be incredibly severe," Benham said in his posting. "Any of the standard connection hijacking techniques can be combined with this vulnerability to produce a successful man in the middle attack." Netscape has no such loophole, he said.

Microsoft reportedly is still investigating and is unsure even whether to call it a vulnerability, Scott Culp, manager of Microsoft's Security Response Center, was quoted as saying. However, Microsoft and VeriSign were said to be working together on the matter and a VeriSign spokesman said that no real cases have been reported in which someone has successfully spoofed a Web site or gained information.

Internet Explorer has a long history of security flaws, almost all of which have been patched at one time or another.

Tools:
Add ecommerce-guide.com to your favorites
Add ecommerce-guide.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed