243
CASE STUDY: INTERNET EXPLORER 7
SECURITY CHANGES
In October 2006, Microsoft released version 7 of its Internet Explorer web browser (IE 7).
It had been five years since the release of IE 6 and a great deal had changed in the
Internet??™s security landscape. While buffer-overflow attacks were well known in 2001,
attackers still managed to exploit overly permissive security settings as well as find a
large number of such vulnerabilities in IE 6 and ActiveX objects. For awhile, it seemed
major vulnerabilities were being found every few days, and a whole new anti-spyware
industry emerged. The anti-spyware market helped us combat and recover from the
many browser-based ???drive-by??? attacks that took over our computers as they browsed
the web. Furthermore, the explosion of online fraud involving monetary funds, targeting
a user??™s operating system to steal their MP3s no longer compared to stealing account
information from a user??™s bank account.
As more and more valuable activity began to occur online, entire new classes of
attacks began to emerge, with criminals targeting online banking and shopping sites.
Issues such as phishing and cross-site scripting (XSS) took advantage of basic design
flaws in web sites, browsers, and the Web itself to steal victims??™ money and identities.
Pages:
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422