 |
 Gopher flaw found in IE
June 6, 2002
A Finnish security company has warned that a security flaw in a long abandoned Internet protocol could allow a hacker to take control of a remote computer.
The attack involves IE's built-in gopher client. Gopher is a nearly outdated protocol for accessing remote directories and files. Gopher has nearly disappeared from use, for the most part replaced by the Web and Hypertext Transfer Protocol (HTTP).
But most web browsers of today, including Internet Explorer (IE), Netscape and others, still support the abandoned protocol what makes users computers vulnerable.
According to Online Solutions, a security firm that discovered the flaw, a hacker could seize control of a user's machine simply by having the user click on a link that redirects the user to a malicious Gopher server. After that the hacker could do anything on the system, such as download/upload, install or delete files, run programs, etc.
All versions of Internet Explorer are believed to be vulnerable.
Microsoft was contacted by Online Solutions on May 20 and has since started designing a patch for IE. However Redmond media giant has not yet given any indication of when the fix will be released.
Until a fix is released, users of IE are urged to follow a simple way to disable processing and displaying gopher pages:
Go to the "Tools" menu then to "Internet Option" and then to "Connections"
Click on "LAN settings"
Open the "Use proxy server for your LAN" box and access the "Advanced Tab"
Go to the Gopher text field and enter "localhost" and "1" in the port setting box.
The new flaw is just one in a recent series of Microsoft security problems, since in January Chairman Bill Gates instructed employees to make software security a top priority.
|
|
