3rd try’s the charm? IE8 and cross-site scripting
A built-in filter designed to to prevent cross-stie scripting (XSS) attacks in Internet Explorer 8 (IE8) has become a VEHICLE for such attacks, instead, as we learned from the Black Hat Europe conference in Barcelona last week. Researchers “showed how problems with the filter could be used to inject malicious code onto sites including Google, Microsoft’s Bing search site, and Twitter.”
Microsoft will update the IE8 XSS filter in June to fix the hole. This will be Microsoft’s THIRD attempt to fix the XSS filter in IE8
“The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002),” David Ross wrote on the Microsoft Security Response Center blog.”
That was followed by a critical update in March. (MS10-018)
The update scheduled for June “will address a SCRIPT tag attack scenario described in the Blackhat EU presentation,” Ross wrote. “In the case of the Internet Explorer XSS Filter, researchers found scenarios that are generally applicable across XSS filtering technologies in all currently shipping browsers with this technology built-in.”
Maybe it’s just me, but I think that it would be nice if Microsoft would spend a bit more of its time on PRODUCT QUALITY issues and less of its time trying to establish yet another Web standard. I also find it irritating when one of the richest men in the world, a son-of-privilege college drop-out who found philanthropy late in life (as so many of such men do) wanders from college to college telling students who are “up to their eyeballs” in debt that they should “give back.”
Such students have not yet “received” in the first place!
Or MAYBE he’s just “picking their brains” for ideas that could turn a profit…. 
I don’t know – it has happened before….
Oh, you can get a version of the Firefox browser in over 70 languages for Windows, MacOS X and Linux, here. (Not a recommendation….) Around 75% of the visitors to my site use Firefox browsers (according to Google Analytics).
-Bill at
Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”
You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! Framed prints and prints on canvas can be ordered from our galleries on imagekind® and redbubble®. All four locations are accessible from here. Be a “Facebook Fan” of Cheshire Cat Photo here! If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.
©2010 William F. Hackett. All Rights Reserved.
