First a recent warning from McAfee -- if you're still using IE 6, it's time to upgrade. From SecurityNewsPortal.com:
More interesting is that IE 8's XSS filter is being discussed for the first time. From the IE blog at MSDN:Anyone using Internet Explorer 6 should upgrade to the latest version of the browser, IE7, to avoid security risks. A researcher at security firm McAfee said that a scripting flaw in IE6 could lead to hackers gaining access to your computer.
McAfee recommends that users of IE6 should upgrade to IE7 or use an alternative browser such as Firefox. [From SecurityNewsPortal.com: IE 6 users warned to upgrade]
The XSS Filter operates as an IE8 component with visibility into all requests / responses flowing through the browser. When the filter discovers likely XSS in a cross-site request, it identifies and neuters the attack if it is replayed in the server's response. Users are not presented with questions they are unable to answer - IE simply blocks the malicious script from executing.The IE folks have been doing a lot to improve security, and it's worth the time to peruse the other improvements they're making.
With the new XSS Filter, IE8 Beta 2 users encountering a Type-1 XSS attack will see a notification like the following:
The page has been modified and the XSS attack is blocked. [From IEBlog : IE8 Security Part IV: The XSS Filter]
Leave a comment