Microsoft reported a hundred vulnerabilities against their products in 2000 alone, most involving Internet Explorer. To Microsoft’s credit, they maintain a nice security web site and publish security bulletins (see Figure 9-1) to warn end users. Microsoft’s security web site and bulletins can be found at http://www.microsoft.com/security.

Figure 9-1. Example Microsoft security bulletin

For the most part, these holes have been closed, or will be closed by the time you read this book. The problem is that security holes keep being discovered at an alarming rate and not with less frequency. Learning about some of the past holes will teach you about what to expect in the future. Having followed Internet browser security since its inception, I can tell you many exploits will be back in some altered form. Chapter 9 does not discuss Java or ActiveX exploits, which are covered in future chapters.

Many exploits are available with little or no program coding. For example, some supposedly protected web sites can be accessed by simple manipulation of the browser. For example, the online banking site, Barclays