Serious Security Flaw in Internet Explorer
16 Dec 2008 16:38:31 UTC
Topic 194088
(moderation:
BBC reports the problem in article and
Is it safe to Explore
For those who insist on using IE then MS Security Advisor
Serious Security Flaw in Internet Explorer
)
And this, people, is why you should always use Firefox. ;)
~It only takes one bottle cap moving at 23,000 mph to ruin your whole day~
RE: And this, people, is
)
Just wait until it become favourite target... (if popular it will be target)
I will stick to IE8 beta2,it's good,so far no infection and got features which would be unavailable in other browsers (at least not built in and I don't like hunting add-ons for very common things in other product...)
I know it was partially non-serious reply,just I could not resist... :-)
4 rigs patched
)
4 rigs patched
Shih-Tzu are clever, cuddly, playful and rule!! Jack Russell are feisty!
RE: And this, people, is
)
I seem to recall that there were at least 3 updates to Firefox within the last 2-3 months dealing with security... In fact, when I just checked for updates, version 3.0.5 is waiting for me to download and install to patch some security issues that version 3.0.4 (just released around a month ago) didn't patch...
Interestingly enough, all software products are developed by people. People are fallable, ergo all software can have problems.
RE: RE: And this, people,
)
The difference is they catch their issues in time. This has been an IE flaw since IE5 and wasn't addressed until just now. That's quite a bit of time for it to have been exploited if you ask me. On another note, lighten up people. Don't get so defensive about IE. I rotate through browsers all the time. Right now I'm trying out the new Google Chrome myself.
~It only takes one bottle cap moving at 23,000 mph to ruin your whole day~
RE: RE: And this, people,
)
And some are more blasé and fallible than others.
More interesting is to compare the "clangers" dropped and whether the fix came out before or after exploitation.
Unfortunately, the ActiveX that is an 'integral' part of IE appears to be painfully vulnerable to abuse. Do you trust any random website to have full control of your computer user account?!
Happy crunchin',
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
I moved this to Cafe Einstein
)
I moved this to Cafe Einstein because there is no immediate link to BOINC or E@H.
CU
Bikeman
RE: More interesting is to
)
True. This is a post-exploitation discussion. From what I've read, the incidence of the exploit is very low.
See, this is where all of you are approaching this wrong. What you do is you just set up a VM, then if the VM gets hacked, who cares? Blow away the VM image and make a new VM or restore an unhacked backup of the VM.
RE: RE: More interesting
)
Meh, far less trouble to just run a better browser (Firefox) on a better OS (Linux).
BOINC FAQ Service
Official BOINC wiki
Installing BOINC on Linux
RE: True. This is a
)
Over a week of being generally known, and initially targeted at gamers (in China?).
Playing the percentages game, you can claim anything to be 'very low'. The absolute numbers were obviously high enough to get Microsoft into enough of a panic to issue an ASAP band-aid fix or whatever...
For that sort of exploit, Microsoft are damned by the media or the consequences AND the media regardless of what they do. I guess suffering just the media is the lesser of a Marketing problem.
WOW! Now that is one highly elaborate band-aid!! Phew!
It's a bit like banishing IE onto some desert island and using remote control to tickle its interfaces! :-(
But regardless, doesn't it get rather annoying to lose all your carefully crafted bookmarks whenever IE gets nuked?
;-p
Cheers,
Martin
ps: 10/10 for the VM solution :-)
pps: Humour alert for anyone humourless!
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)