CERT Alert: Malicious HTML tags in web pages

A CERT Advisory has been posted entitled: "Malicious HTML Tags Embedded in Client Web Requests" (thanks, Monty Solomon). It describes a problem whereby "a web site may inadvertently include malicious HTML tags or script in a dynamically generated page." The result may be that a web browser executes embedded scripts that compromise the security of the information on your drive. The primary recommendation to prevent this threat is to disable the scripting language options in your browser. For example, with Internet Explorer 4.5, you would do this by selecting Preferences/Security Zones. Then select Custom and click the Settings button. From here, scroll to the bottom to see the options to disable Scripting. By the way, all of this is one reason that we do not allow HTML code in the MacFixIt Forums (we only allow the more limited UBB code).