A security hole in Internet Explorer that opened the browser to hackers since early July was caused by a single typo in Microsoft's code.
An errant ampersand ("&") took the blame for the exploit, admitted Microsoft in a blog published Tuesday at its Security Development Lifecycle (SDL) Web site.
Michael Howard, a security program manager at Microsoft, explained in his blog that the typo corrupted the code of an ActiveX control used by the browser. The control was created by Microsoft using an older library of code, which Howard admitted has flaws. Because of those flaws, the … Read more