Stop using Internet Exploer, even with VPNs

Internet Explorer 10 start screen tile svg

Governments urge Internet Explorer users to switch browsers until fix found | ZDNet

This and many other articles are relaying the information that governments are encouraging users to move to Chrome, Firefox, or Safari until this Microsoft Internet explorer bug is fixed. The vulnerability seems to have been in every version of IE since 6 through the current version 11. It is a remote exploitation vulnerability, so attackers can use it to run arbitrary code on your computer, effectively “owning” it. There are some work arounds within IE that may prevent the attack, but for now it is much safer and easier to simply move to a different browser.

It is important to remember that using a VPN like Anonymizer Universal does NOT provide any protection against this kind of attack. This is an attack directly against the browser using the content you have “requested”. The attack is launched from the site you are visiting, so the hostile content would flow through the VPN unhindered. 

Anonymizer strongly encourages its users to move to Firefox, Safari, or Chrome, at least until this problem is resolved.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Internet Explorer vulnerability allows mouse tracking is talking about a bug they discovered in Microsoft Internet Explorer versions 6-10. Evidently the bug allows tracking of your mouse movement even if the browser window has been minimized and you have a different application active.

They say that at least two companies providing display ad analytics are already using this exploit to improve their analysis.

OUCH! Yet another good reason to use any browser but IE.

Loan rates based on your browser

This article on The Consumerist reports that Capital One provides different car loan rates based on the browser you use when visiting their site. I suspect that there are some strong demographic trends among the users of various browsers. It would be interesting to see if they give different rates to the same browser in different states or zip codes. Once again, evidence that "they" are using your personal information in way that may not be good for you.

Privacy in Chrome and IE8

Both Microsoft's new beta of IE 8 and Google's beta of their new browser Chrome tout new enhanced privacy features. I have seen a few articles like this one, that talk about this issue. The Safari browser has had these features in the production version for a long time. Privacy is a complex multi-headed beast. All of these browsers address one privacy concern while ignoring others. These browsers protect you from risks associated with the stored local data about your web browsing activities. Normally, browsers keep a history of recently visited URLs, a cache of recently visited pages (for faster retrieval) and cookies from the websites you have visited (possibly not at all recently). These browsers enable you to take control of what is recorded by your browser, and how long it is kept. This is a good and important development.

These new security capabilities do nothing to protect you from information gathering by the sites you visit, or from your ISP (see my previous post on that). Your IP address is still completely visible to any site you visit, ISPs can still intercept all your traffic.

These new privacy features are an important part of a user's toolbox, but they should not give one a false sense of security. They are part of the solution, but not a complete solution.