How secure is Internet Explorer 6…
In the past few weeks I have been notified of a website that claimed to be able to read users files off of their hard drive. I received a lot of messages from users that were panicking. They downloaded all of the latest security patches but they still could see the contents of their hard drive on the website. I decided to investigate this and find out if there really was a severe bug in Internet Explorer. After looking at the source code for the web page I noticed that it was just a simple trick the webmasters were playing on their visitors.
See… I can view your files. Not really, the box above is just an inline frame with the source set to file:///c|/ which will display the contents of your C: drive. Additionally, the actual website can not view your files. There is no way that they can get files from your computer, or even see what files you have.
Is this a bug in Internet Explorer? Not likely, there is no harm is being able to view your files on a web page. As I said before, no one but you can view your files so there is no danger in security. Personally, I see this as a great opportunity to create your own explorer like interface to browse your hard drive that you can view in IE.
In wrapping this up, do not panic, your security has not been compromised. I am not saying that IE is perfect, but if you keep up with the current patches you should have nothing to worry about.
No comments:
Post a Comment