Microsoft IE 8 puts cross-site scripting (XSS) attack on notice

Engineers in Microsoft's Internet Explorer group are devising a new means to stamp out one of the web's biggest security banes: “attacks that steal email, bank account credentials and other sensitive information by injecting malicious code into trusted websites”. Some of the web's biggest names - including Google, Yahoo and MySpace - have fallen victim […]

Engineers in Microsoft's Internet Explorer group are devising a new means to stamp out one of the web's biggest security banes: “attacks that steal email, bank account credentials and other sensitive information by injecting malicious code into trusted websites”.

Some of the web's biggest names - including Google, Yahoo and MySpace - have fallen victim to so-called cross-site scripting (XSS) attacks. Tens of thousands of other sites, some belonging to banks and health care providers, have also been been shown to be vulnerable. For the past few years, Firefox users have had the useful - but by no means perfect - NoScript plugin to insulate them, but currently no such protection exists for IE, which remains far and away the most popular browser.

View: IE 8 XSS Filter Architecture / Implementation

Source:→ The Register