Sponsored by the makers of WS_FTP       Download the latest version now!
FTPplanet.com

FTPplanet.com Blog

« Using FTP to update Blogger | Main | Unfortunate Breach - Importance of data transfer encryption »

March 18, 2008

IE bug causes FTP security concern

Well, looks like there is a newly discovered bug in Microsoft Internet Explorer that could impact folks using their browsers for FTP.

"A flaw in the way Microsoft's Internet Explorer browser processes FTP commands could let attackers steal or erase data from a victim's FTP site.

The bug, which affects users of IE 6 and the unsupported IE 5 browser, gives an attacker a way of hijacking the victim's FTP sessions. But a successful attack would be very hard to pull off and would only work in very precise, targeted attacks, security experts said.

The attacker would need to know the victim's username on the FTP server and the victim would have to already be logged into the server, using IE. Under those conditions, the victim could be sent a malicious FTP link that would then execute commands on the victim's FTP server."

Of course, I'm tempted to point out that this flaw is reportedly almost identical to a similar bug that was identified and fixed in 2006....

Posted by Hugh Garber at March 18, 2008 07:30 AM digg this add to del.icio.us add to My Web Furl this page

Trackback Pings

TrackBack URL for this entry:
http://www.ftpplanet.com/cgi-bin/mt-tb.cgi/715

Comments

Post a comment




Remember Me?


 
  Quick Links
 Discussion Forums
 Online Tutorials
 Site Map
  Guide Books
  Newsletter Archive
 
  Featured Item
WS_FTP 2007: New version of popular FTP client