Over on the ARS Technica Security and Hacktivism blog Dan Goodin is reporting that a XSS vulnerability exists that could grab login credentials and inject malicious content during an IE browsing session.
The vulnerability is known as a universal cross-site scripting (XSS) bug. It allows attackers to bypass the same origin policy, a crucially important principle in Web application models that prevents one site from accessing or modifying browser cookies or other content set by any other site. A proof-of-concept exploit published in the past few days shows how websites can violate this rule when people use supported versions Internet Explorer running the latest patches to visit maliciously crafted pages.
According to someone he spoke with from Microsoft they are not aware of this being actively used but they are working on an update. Their (Microsoft's) main advice was to encourage users to not open unknown links and visit sites that are not trusted 100%.
This is the point when the other half of protecting yourself online should kick in and that involves the gray matter in between your ears and the connection to your mouse finger that does all the clicking.
Even without a vulnerability like this floating around it is always a good thing to have solid computing habits.
Stay safe out there.
