Microsoft’s Internet Explorer browser is still vulnerable to a data leakage flaw that could have serious security implications.

Despite the vulnerability being reported to Microsoft back in December 2008 the exploit remains unfixed despite numerous articles and reports that have made the company aware of the problem.

Chris Evans, A Google security researcher said this minor flaw can have major consequences:

The bug is pretty simple: IE supports a window.onerror callback which fires whenever a Javascript parse or runtime error occurs. Trouble is, it fires even if www.evil-website.com registers its own window.onerror handler and then uses < script src=”http://www.onlinebanking.com/”>

As can be seen from Microsofts statement below they don’t seem to be too bothered about their users security:

“Microsoft is aware of the public posting of a low severity information disclosure issue in Internet Explorer. A successful attack requires a victim website to be configured in a specific way which is non-standard for most sites. We are not aware of any attacks seeking to exploit this issue and will update customers if that changes.”

Firesheep, A new Firefox plugin created by Eirc Butler that enables users to hack into the likes of Facebook and Twitter accounts when used on a public WiFi network. The plugin has already been downloaded over 110,000 times. The plugin takes advantage of the fact that cookies from these websites are sent over the network in plain text and not encrypted. By simply grabbing the cookie it enables the hacker to login to the account of the unsuspecting user.

This plugin enables the average Joe with no hacking skills or capabilities to gain access to your social network account.

There are a number of ways to circumvent such an attack, for corporate users through VPN’s or SSH tunneling but for the every day user HTTPS Everywhere is an option.

By enabling the average user to simply download and install this exploit it may force Facebook & Twitter to enhance the security of their platforms.

Instructions on how to install the plugin if your using Windows:

Simply go to the following address:

http://github.com/codebutler/firesheep

• Click on downloads
• Download the firesheep-0.1-1.xpi file
• Go to tools and Add-ons in Firefox
• Drag the firesheep-0.1-1.xp file into the box.
• Couldn’t be easier!

A recent exploit discovered for Microsoft’s ASP.NET software has left all Windows users vulnerable to attack.

ASP.Net is a Web application framework by Microsoft that is used to create websites and applications. It has been estimated that 1/4 of all Internet websites use ASP.Net.

Microsoft has announced that it will patch all supported versions of Windows, from XP Service Pack 3 and Server 2003 to Windows 7 and Server 2008 R2, along with other software, including its IIS and SharePoint server software.

Hackers are said to be able to exploit ASP.Net’s encryption to decrypt session cookies or other encrypted data on a remote server, and access and grab files from a site or Web application that relies on the ASP.NET framework.

Microsoft has released a Visual Basic script that should detect applications that are at risk and has also created a dedicated support forum to handle any queries from website and application developers. A patch has been promised but it is still unknown as to when this may arrive.

An exploit for Windows XP that Google Engineer Tavis Ormandy made public last week is not actively being exploited Microsoft confirms. Machines running windows XP can be compromised by simply visiting an infected website. Microsoft have issued a Security advisory on it’s website and also made  a temporary fix available.

Two weeks ago Google made an announcement in which it stated that employees should no longer use the Windows Operating system and begin migration to either Linux or Apple.