Linked by Thom Holwerda on Mon 26th Sep 2011 22:25 UTC, submitted by HAL2001
Privacy, Security, Encryption Well, this is embarrassing. MySQL.com has been hacked (fixed by now), and was turned into a platform serving malware to unsuspecting visitors. The criminals did this by injecting a script which redirected visitors to a website which uses the BlackHole exploit pack, which probes the browser used and serves up an appropriate exploit. Computer security blogger Brian Krebs saw root access to MySQL.com being offered for $3000 only a few days ago.
Thread beginning with comment 490878
To read all comments associated with this story, please click here.
IE 9 will block this.
by ramasubbu_sk on Tue 27th Sep 2011 05:59 UTC
ramasubbu_sk
Member since:
2007-04-05

IE9 by default block cross site scripting and also by turning on the "Tracking Protection". You are more secure!!. Firefox & Chrome should adopt this feature.

Reply Score: 3

RE: IE 9 will block this.
by Gullible Jones on Tue 27th Sep 2011 12:49 in reply to "IE 9 will block this."
Gullible Jones Member since:
2006-05-23

XSS blocking != wholesale Javascript blocking. Though last I checked it is possible to get Noscript-like functionality on IE using Proxomitron.

(And IIRC Chrome does include some measures against XSS, just not as many as Noscript.)

IE 8 and 9 are sandboxed on Windows Vista and 7 though, if you enable UAC. Not sure how effective that would be in this case. I personally wouldn't know, since I never use IE - I find the user interface annoying.

Reply Parent Score: 2