Home

IE BackButton Security Issues

Wed, 04/17/2002 - 05:49 — charlie.collins

Microsoft issue of the day (we had to limit it to one, I know, sorry, there were many good candidates for this award, but we cannot post every exploit, only one PER DAY can get the award) is:

Back button in IE ignores the security zones that IE so carefully allows you to establish (technically doesnt ignore, just assigns to wrong zone, uses the last zone viewed, not the current zone, the last zone could of course have totally different permissions.)

For more info see the linked slashdot post.   IE BackButton Security Issues: slashdot

Comments

Thu, 04/18/2002 - 13:21 — dscribner (not verified)

Re: IE BackButton Security Issues

And what really sucks (but is NOT surprising, as this is what they do best) is that MS was notified of this on Nov 12, 2001, then reminded again on Mar 25, 2002, yet you've never heard a squeek out of them about this.

It really is a pitty when a company sweeps issues like this under the rug. The least they could do is warn users of their browser's problems so they would at minimum be aware that pressing "Back" could lead to problems, but then again, this lets people know the quality of the product they REALLY have in their hands (and is why MS wants to keep all security issues private until THEY decide what's best for us to know).

Oh well, this is old news (MS ways) and is anything but shocking, so I'll get off my soap box and get back to reading. Thank goodness I use a quality Linux box, where there are no "secrets"!

Fri, 04/19/2002 - 08:15 — atrox (not verified)

Re: IE BackButton Security Issues

totally agreed, well put. every software program is going to have issues, its inherent, one of the key differences between open and closed is disclosure of said issues. its simply better to know whats broke that to use the ole "security through obscurity" crap.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.