Security organisation gives IE9 warning
SANS Institute says security professionals and hackers both to profit from 'kicking the tyres' on IE9
Browser preview launch could presage phishing scams says SANS Institute
Industry-leading security organisation, the System Administration, Networking, and Security (SANS) Institute has warned firms to beware of phishing scams and 'drive-by' hacking based around Microsoft's latest browser preview release, Internet Explorer 9 (IE9).
The warning on SANS' Internet Storm Centre (ISC) website, points up the several security implications for the new release. "Attackers may start using the lure of installing Internet Explorer 9 as part of phishing and drive-by campaigns" in which opportunistic hackers take advantage of proximity to a wireless network to break it.
SANS ISC also sets out the advantages for both security professionals and hackers, of downloading the IE9 preview.
"Attackers may be interested in exploring what vulnerabilities (if any) exist in the code added to Internet Explorer 9," says SANS ISC, adding that, " security professionals may be interested in exploring what security features and enhancements (if any) are built into Internet Explorer 9."
Key to the new browser preview is Microsoft's support for several HTML 5 features, like the latest version of cascading style sheets (CSS3), scalable vector graphics (SVG), and industry standard audio and video codecs, H.264/MPEG4 and MP3/AAC.
The latest global share for installed browsers from Netmarketshare, shows IE on 61.6 per cent, Firefox on 24.2 per cent, Chrome on 5.6 per cent, Safari on 4.5 per cent and Opera on 2.4 per cent. Moving to support more HTML standards could boost IE's market share.
The latest security patches from Microsoft for March also includes the 'browser choice' update. This EU-only patch polls users about whether they want to install other browsers on their systems, like Chrome, Firefox, or Opera, rather than having IE as the default. This could decrease IE's market share.
There is as yet no official release date for IE9.