SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Technology Stocks : All About Sun Microsystems
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: Mephisto who wrote (27148)2/3/2000 2:33:00 PM
From: Mephisto  Read Replies (2) of 64865
 
Experts Warn of Web Surfing Risk

By TED BRIDIS Associated Press Writer

WASHINGTON (AP) - Computer experts are warning of a serious new Internet security threat that allows hackers to launch malicious programs on a victim's computer or capture information a person volunteers on a Web site, such as
credit card numbers.

The threat, called ``cross-site scripting,' involves computer code that can be hidden within innocuous-looking links to popular Internet sites. The links can be e-mailed to victims or published to online discussion groups and Web pages.

The vulnerability is especially unusual because it is not limited to software from any particular company. Any Web
browser on any computer visiting a complex Web site is at risk.

No one apparently has been victimized yet. But the risks are described as potentially so serious and affect such a breadth of even the most successful Web sites that the industry's leading security group says nothing consumers can do will completely protect them.

Only a massive effort by Web site designers can eliminate the threat, according to the CERT Coordination Center of
Carnegie Mellon University and others. Software engineers at CERT issued the warning Wednesday together with the
FBI and the Defense Department.

"This is a serious security issue, with potential implications that are only starting to be understood,' said a warning from the Apache Software Foundation, which supports widely used software running many of the world's Web sites.

The problem, discovered weeks ago but publicly disclosed Wednesday, occurs when complex Internet sites fail to verify
that hidden software code sent from a consumer's browser is safe.

Experts looking at how often such filtering occurred found that Internet sites failing to perform that important safety check were ``the rule rather than the exception,' said Scott Culp, the top security program manager at Microsoft.

``Any information that I type into a form, what pages I visit on that site, anything that happens in that session can be sent to a third-party, and it can be done transparently,' Culp warned. He added: ``You do have to click on a link or follow a link in order for this to happen.'

The dangerous code also can alter information displayed in a consumer's Web browser, such as account balances or
stock prices at financial sites. And it can capture and quietly forward to others a Web site's ``cookie,' a small snippet of data that could help hackers impersonate a consumer on some Internet pages.

"It really goes across a huge number of sites," said Marc Slemko, a Canadian software expert who studied the problem.
Slemko said Internet-wide repairs will be,"a very, very major undertaking.'

In the interim, experts strongly cautioned Internet users against clicking on Web links from untrusted sources, such as unsolicited e-mail or messages sent to discussion forums.

They also recommended that consumers at least consider preventing their Web browser software from launching small
programs, called scripts. But they acknowledged that many Internet sites require that function to operate.

Microsoft published full details and step-by-step instructions for consumers at its Web site, www.microsoft.com/security.

Sun Microsystems Inc (NasdaqNM:SUNW - news)., whose software powers many of the world's largest Internet sites,
also published information at its Web site, sun.com.

And the Apache Software Foundation also published information at its Web site, www.apache.org/info/css-security.  
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News