Microsoft haunted by old IE security flawsource: CNET News.comURL: http://zdnet.com.com/2100-1105-5253112.html
A security flaw that had been fixed in older versions of Microsoft Internet Explorer has reappeared in the latest version of the browser software.
Security company Secunia issued a bulletin warning of the flaw in versions 5.01, 5.5 and 6.0 of Internet Explorer (IE). The problem had been fixed six years ago, when it appeared in versions 3.0 and 4.0 of the IE browser.
'It's a concern that a company like Microsoft has a problem that's already been fixed in older versions resurface in newer ones,' said Thomas Kristensen, chief technology officer of Secunia.
Microsoft has been plagued by a recent spate of IE vulnerabilities. The latest attack was reported Tuesday. Through a flaw in IE, victims can pick up a program through a pop-up ad that is used to read keystrokes and steal passwords when people visit any of nearly 50 banking sites.
Vulnerabilities in IE have become so common that some security researchers are recommending that people adopt alternate browsers. The U.S. Computer Emergency Response Team, the official U.S. body responsible for defending against online threats, also advised security administrators to consider moving to a non-Microsoft browser among six possible responses.
According to the latest bulletin, the vulnerability affects people who have multiple IE browsers open. Through one of the open browsers, hackers can change the content of another Web site without users ever knowing that it has been altered.
Using this attack method, hackers could insert links into legitimate Web pages and direct people to malicious sites where they could solicit personal information such as bank account or credit card information. Because the link comes from a legitimate and trusted site, victims may not realize they have been redirected to a harmful site. Hackers could also insert links that would trick users into downloading malicious software.
'It's a major problem when people can't trust what they are seeing in their browser,' Kristensen said.
Another flaw discovered last week turns some Web sites into points of digital infection. The vulnerability was nipped in the bud on Friday, when Internet engineers shut down a server in Russia that had been the source of the malicious code.
Another flaw, discovered earlier this month, installed a toolbar on victims' computers that triggered pop-ups.
ZDNet: Printer Friendly - Microsoft haunted by old IE security flaw
T-Mobile launches Wi-Fi PDA, but not in UKT-Mobile has launched a new version of its Mobile Digital Assistant (MDA) that incorporates support for Wi-Fi, but as yet there are no official plans to sell the device in Britain.
The MDA III supports GSM and Wi-Fi, and includes a retractable QWERTY keyboard that slips within the device when not in use. It will go on sale in Germany this September, where T-Mobile says it has already captured 40 percent of the PDA phone market with the MDA II.
'Thanks to integrated W-LAN technology, the MDA III allows very fast data exchange via wireless local networks, or at T-Mobile and T-Com HotSpot locations,' said the company, adding that battery capacity has been increased by about 25 percent compared to the MDA II.
A spokesman for T-Mobile in the UK said that 'nothing had been announced yet' regarding the launch of the MDA III in Britain.
Combining access to mobile phone networks and 802.11b is a key part of T-Mobile's strategy. In the UK it operates a string of Wi-Fi hot spots as well as its GSM network, and it is due to launch 3G services this summer.
T-Mobile launches Wi-Fi PDA, but not in UK
Windows CE 5.0 Coming in JulySource: pdaBlastWindows CE 5.0 will be released on July 9, 2004. The announcement was made at the Microsoft Windows Embedded Developers' Conference. Microsoft said that it will share more of the operating system's source code and allow device makers to make changes to that code.
In the past, companies that modified the operating system for their own devices were required to share these changes with Microsoft. Microsoft said today that hereafter licensees will maintain ownership of their code and will not be required to share modifications with Microsoft, partners or competitors. This represents a major shift in Microsoft's policies towards open source code.
New Features in Windows CE 5.0
One of the biggest changes in Windows CE 5.0 is Direct3D Mobile (D3DMobile), a graphics solution built on DirectX. This will allow Windows CE devices to support even higher-performance graphics and multimedia.
Windows CE 5.0 will also include networking performance improvements that Microsoft says will increase data processing speeds."
Pocket PC Blast!: Windows CE 5.0 Coming in July
