Technologists and pundits began to write about how Microsoft was trying to dominate the Internet by flooding the market with their web browser and turning the Internet into a Microsoft proprietary domain. Others were concentrating on other issues, such as browser security. There was much to be concerned about. On August 22, 1996, a mere nine days after Internet Explorer 3 was released, the first Internet Explorer security problem was reported – The Princeton Word Macro Virus Loophole.
The Princeton Word Macro Virus Loophole should have been a wake-up call for Microsoft. Discovered by two well-known Princeton researchers – Edward Felten and Dirk Balfanz – this security hole enabled a malicious webmaster to download files to an unsuspecting user’s PC without their knowledge. This could be any file, including a Microsoft Word Macro that could in turn execute DOS commands. Or worse, a malicious webmaster could transmit a virus, a Trojan program that could open a “back door” into the target system, or a program designed to discretely transmit files back to the malicious web site.
The very next day, Microsoft released a patch to close the Princeton Word Macro Virus Loophole. While Microsoft downplayed the significance of the loophole, the Internet community was becoming increasingly concerned. Months before reporting this loophole, Felten reported his discovery of some serious Java vulnerabilities in Netscape Navigator. The picture was becoming clear – this new territory called the Internet could be a dangerous place.
More and more security bugs started appearing. In December, 1996, Felton reported another security flaw in Internet Explorer. This flaw allowed malicious websites to “spoof” other web sites. A spoofed web site is a site that looks real; it can literally be an identical copy of a real site, except that it isn’t hosted on a web server that belongs to the web site you think you’re visiting. In other words, while you think you’ve just purchased the latest subscription to Foo Magazine, you’ve actually just transmitted your credit card number and other personal information to a fake site.
Month after month, one security problem after another was being steadily reported. There were numerous vulnerabilities which exposed computer files to malicious web sites; there were other bugs that inadvertently transmitted encrypted information in plain text to unauthorized sites; and there was the revelation that Internet Explorer maintained a bit-by-bit record of where users went online. Between Java bugs, scripting holes, Year 2000 problems, and a growing anti-Microsoft sentiment, Microsoft was being attacked on all sides, all because of Internet Explorer.
No comments:
Post a Comment