The recent discovery of a security vulnerability in Microsoft Internet Explorer has become a hot topic on the security wires, but experts say it may have been blown out of proportion.
In the last few weeks, security experts Oy Online has published details about a flaw in IE that would allow a malicious website to spoof file extensions in the download dialog to make a potentially dangerous executable program look like a text, image, audio or any other file.
The discovery was followed up by a scathing attack on techie favourite Slashdot which claimed: "If you routinely browse with IE or read mail with Outlook, keep in mind that any web page you visit or any email you open can take over your computer, steal sensitive files, destroy your machine, anything."
But while the attack was justified to a degree, Ollie Whitehouse, manager of security architecture for @stake, said that, although the vulnerability is a real threat, "we see real threats everyday".
"The potential effects of this vulnerability can be contained through due diligence. You have to get someone to visit an obscure booby trapped server, which you probably wouldn't come across in casual browsing," he explained.
The basis of the vulnerability is that a piece of HTML code could be set up linking to a downloadable file such as 'Readme.txt'.
If the user clicks on this, and when the prompt comes up chooses 'open from current location', the malicious file disguised as Readme.txt is be executed.
Essentially, on a specially configured server the HTTP headers on a file could be hacked up to give it a different content type, so our malicious .exe file could masquerade as a .txt file.
"You have to go to a lot of effort to exploit this flaw," said Whitehouse. "You actually have to set up a server and a website with the intention of carrying out the exploit. And you have to get victims to visit it."
Microsoft has been informed of the flaw and is working on a fix. However, Whitehouse and other experts have expressed some concern that the vulnerability is known about, if not in fine detail, but that no patch is yet available.
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert
J1043+2408 was observed for more than 10 years, and its radio light curve exhibited a periodic signal repeating in about 563 days