BE it for airports and star hotels or the all too comŽmon browsers that we use everyday, security has become a buzz word around them. December 2008 was an especially busy month for browser developers as the three most comŽmon ones - Internet Explorer, Opera and Firefox received major patches to plug security holes.
The Internet Explorer flaw, which was accidentally made public by Chinese security researchers, has been used in a growing number of Web-based attacks over the past few weeks.

Criminals have posted.attack code that exploits this flaw on thouŽsands of Web sites so far, according to Rick Howard, intelligence director with VeriSign's iDefense group. VeriSign has now seen six variants of the attack software, all of which attempt to steal Chinese online gaming credentials. Unlike other computer exploits, this one does not require users to click on fishy links or download mysterious software: PC's can be targeted simply by visiting an infect site.

Internet Explorer is currently used by 69 percent of web surfers. The flaw hides inside the data binding function of the browser and causes IE to quit unexpectedly and reopen vulnerable to prying eyes. So far most of the attacks have been geographically centred on China and have been used for the purposes of stealing computer game passwords. But the possibilŽities of nefarious action could include the massive theft of personal information such as administrative computer passwords and financial data.

Microsoft issued the patch to fix the security hole and web surfers were advised to immediately update. Microsoft even pushed out the update through an emergency Windows update. Typically Microsoft releases security patches just once a month in order to simplify the lives of system administrators. Its next set of updates is due Jan. 13. Microsoft's patch is for users of IE version 5 and up.

Opera on its part has released a security fix for seven flaws in its web browser, Opera 9.6. Opera follows in the footsteps of Microsoft and Mozilla, which have released security updates for Internet Explorer and Firefox, this week. Opera says the fix, which only applies to machines running Windows, covers two flaws categorised as 'extremely severe' and three listed as 'highly severe'. The 'extremely severe' flaws could allow a hacker to take control of a PC while those rated as 'highly severe' leave PCs open to attack if users open websites hosting malicious software. A "clerical error" by Mozilla Corp. omitted one of the security patches that was supposed to be included in the Windows version of Tuesday's Firefox 2.0.0.19 release, a company executive said Wednesday.

We don't believe users are at risk right now," said Mike Beltzner, director of Firefox. Beltzner declined to pinpoint the missing patch -- one of 10 that were to be included in the update -- to make it more difficult for attackers to exploit the snafu.
Mozilla has been aggresŽsively urging users to upgrade to Firefox 3.0 since that edition launched last June, and since then has twice offered Firefox 2.0 users an update, most recently as a month ago. Mozilla estimated Wednesday that approximately two million users accepted the second upgrade.

Mozilla isn't the only softŽware rrtaker that has had to re-issue an update. Last June, for example, Microsoft Corp. re-released a patch for Windows XP's implementation of Bluetooth because the fix didn't really fix anything. And in September, Apple had to repeat a release of iTunes 8.0 after a buggy driver crashed Vista PCs with the "blue screen of death."