« What Did the Professor Say? Check Your iPod | Main | Belated Happy Birthday Wikipedia »
January 18, 2008
Researchers: Beware the IE Cache on a Public Terminal
Interesting article from eWeek.com:
"If you use Internet Explorer to access Google's Gmail on public terminals, you may be leaving a lot of sensitive information exposed in the browser's cache, according to a warning from Web application security specialist Cenzic. However, Microsoft has downplayed the risk, insisting this is "not a product vulnerability." Cenzic spokesman Mandeep Khera said his company's researchers figured out a way to use CSRF (cross-site request forgery) in combination with the improper use of caching directives to hijack Gmail credentials from the IE cache.
The issue is specific to Gmail on IE and Cenzic believes both Microsoft and Google should apply fixes to secure customers, especially those using computer kiosks in a library or Internet café. After a "thorough investigation," Microsoft has dismissed the threat as overblown. "In the scenario in question an attacker would need authenticated access to the system in order to modify files located in the cache. With that level of access, an attacker could install malicious programs that would have more impact than the scenarios described," a Microsoft spokesman said in a statement sent to eWEEK."
Obviously overblown. Who ever heard of Microsoft IE being vulnerable...[RJ]
January 18, 2008 in Information Technology | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341bfae553ef00e54fd286798834
Listed below are links to weblogs that reference Researchers: Beware the IE Cache on a Public Terminal :
