Just as Scripture compels us to be “all things to all men“, so too our websites need to be as many things as possible to as many browsers as possible. A feat which isn’t always possible because of the “wide variety of standards” plaguing the world of Internet browsers – a variety that has made browser simulation services such as BrowserCam are profitable.
But it is not the oft debated (and seldom agreed upon) geek-only issue of cross-browser compatibility that brings me to this topic, but rather it is yet another Internet Explorer exploit that reared it’s ugly head last week dubbed by Microsoft as “Download.Ject” that may determine which browsers your visitors use – and how they use them.
In other words, someone figured out how to hack a bunch of not-so-up-to-date with the latest patches Microsoft IIS 5.0 servers, adding a script that will infect your computer when you visit the tainted page using Microsoft Internet Explorer via Windows 2000 or XP. What’s worse, this script deposits a nasty little trojan horse ‘phishing’ program that tries to capture your eBay and PayPal information, along with random some pop-ups to trick you into giving them even more sensitive information.
Workaround == More Work for You
Though the Russian server propagating this attack has been shut down, and though Microsoft is now offering a ‘Critical Update‘ to address the problem – a solution that according to ‘The Register‘ is still a workaround and therefore “a non-starter.”
Workaround or not, I suspect this latest exploit is going nudge some stubborn IE users into alternative browser solutions such as Mozilla or Opera. Likewise, I’d bet an Ostrich burger at FuddRuckers that some of you are going to find scripting disabled on your computers at work as IT managers react to this threat by employing the latest CERT recommendations to your browser.
Bottom Line Best Viewed With …
Cross-Browser Related Resources:
- Evolt Browser Archive – install an old browser on your new machine today!
- AnyBrowser.com – Your Source for Browser Compatibility Verification
- BrowserCam.com – IMHO, a better Source for Browser Compatibility Verification
- Silocon Glen – Cross browser compatibility and website design
- NetMechanic – Browser Compatibility Tutorial
- iCapture – your site through the eyes of Apple’s Safari browser.
- ieCapture — See your site in an array of PC browsers now!
Extra Credit Reading Re:Download.Ject:
- Microsoft Statement Regarding Configuration Change to Windows in Response to Download.Ject Security Issue
- NetCraft – IIS Server Malware is Phishing Scam
- US-CERT Cyber Security Bulletin SB04-175 – a summary of software vulnerabilities identified between June 6 and June 21, 2004
- Microsoft – “Avoiding phishing scams“
- NetCraft – “Microsoft Releases Fix for IE Phishing Exploit“
- InSecure.Org – “FullDisclosure: Re: The Vulnerability Still Works After Today’s Patch”
- The Register : “Microsoft half fixes serious IE vuln“