ElectricNews.net:News:Malicious applet affects major browsers

ADS & MARKETING

APPOINTMENTS

BUSINESS

E-COMMERCE

HOME & GADGETS

INTERNET & TELECOMS

INVESTMENT

MARKETS

OPINION

ROUNDUPS

SECURITY

WIRELESS

CORRECTIONS

Let us know how to make ENN better!
Take our reader's survey.

Who wants multimedia messaging?
I'm talking mobile again, but this time it's a question of how/if the public are going to be able to access the new services being planned by the mobile manufacturers and the networks.

The following e-mail will be sent on your behalf.

 has sent the following story to you from ElectricNews.net.

The story is available from https://electricnews.net/news.html?code=6452754

Malicious applet affects major browsers
Tuesday, March 05 2002
by The Register


Crackers can use a malicious Java applet to hijack Internet sessions, according
to a new warning from Microsoft.

Exploiters can re-direct Web traffic once it has left the proxy server to a
destination of the attacker's choice, writes John Leyden. 



The software giant has issued a patch which it describes as "critical" for
client systems. Netscape advises users to upgrade to either version 6.2 and 6.2.1
of its browser (which includes an updated Sun JVM plug-in) that guards against
this potential risk. 



Because of the vulnerability, a variety of man-in-the middle attacks are
possible; attackers could also use the bug to filch session information, such
as user names or passwords sent without using SSL encryption. 



Sensitive information sent using SSL will be protected from potential attackers
exploiting the vulnerability in unpatched systems, Microsoft advises. 



A system is vulnerable only if Internet Explorer is used in conjunction with a
proxy server; this limits the risk to home users but isn't much help to
businesses, where the proxy server architecture is very common. 



The Register and its contents are
copyright 2002 Situation Publishing. Reprinted with permission.