Serious Security Flaw in Internet Explorer

Winterknight
Winterknight
Joined: 4 Jun 05
Posts: 1450
Credit: 376761489
RAC: 141061
Topic 194088

BBC reports the problem in article and
Is it safe to Explore

For those who insist on using IE then MS Security Advisor

Mary
Mary
Joined: 2 Jun 08
Posts: 76
Credit: 634013
RAC: 0

Serious Security Flaw in Internet Explorer

And this, people, is why you should always use Firefox. ;)

~It only takes one bottle cap moving at 23,000 mph to ruin your whole day~

Klimax
Klimax
Joined: 27 Apr 07
Posts: 87
Credit: 1370205
RAC: 0

RE: And this, people, is

Message 89082 in response to message 89081

Quote:
And this, people, is why you should always use Firefox. ;)


Just wait until it become favourite target... (if popular it will be target)

I will stick to IE8 beta2,it's good,so far no infection and got features which would be unavailable in other browsers (at least not built in and I don't like hunting add-ons for very common things in other product...)

I know it was partially non-serious reply,just I could not resist... :-)

John Clark
John Clark
Joined: 4 May 07
Posts: 1087
Credit: 3143193
RAC: 0

4 rigs patched

4 rigs patched

Shih-Tzu are clever, cuddly, playful and rule!! Jack Russell are feisty!

Brian Silvers
Brian Silvers
Joined: 26 Aug 05
Posts: 772
Credit: 282700
RAC: 0

RE: And this, people, is

Message 89084 in response to message 89081

Quote:
And this, people, is why you should always use Firefox. ;)

I seem to recall that there were at least 3 updates to Firefox within the last 2-3 months dealing with security... In fact, when I just checked for updates, version 3.0.5 is waiting for me to download and install to patch some security issues that version 3.0.4 (just released around a month ago) didn't patch...

Interestingly enough, all software products are developed by people. People are fallable, ergo all software can have problems.

Mary
Mary
Joined: 2 Jun 08
Posts: 76
Credit: 634013
RAC: 0

RE: RE: And this, people,

Message 89085 in response to message 89084

Quote:
Quote:
And this, people, is why you should always use Firefox. ;)

I seem to recall that there were at least 3 updates to Firefox within the last 2-3 months dealing with security... In fact, when I just checked for updates, version 3.0.5 is waiting for me to download and install to patch some security issues that version 3.0.4 (just released around a month ago) didn't patch...

Interestingly enough, all software products are developed by people. People are fallable, ergo all software can have problems.

The difference is they catch their issues in time. This has been an IE flaw since IE5 and wasn't addressed until just now. That's quite a bit of time for it to have been exploited if you ask me. On another note, lighten up people. Don't get so defensive about IE. I rotate through browsers all the time. Right now I'm trying out the new Google Chrome myself.

~It only takes one bottle cap moving at 23,000 mph to ruin your whole day~

ML1
ML1
Joined: 20 Feb 05
Posts: 347
Credit: 86563414
RAC: 554

RE: RE: And this, people,

Message 89086 in response to message 89084

Quote:
Quote:
And this, people, is why you should always use Firefox. ;)

I seem to recall that there were at least 3 updates to Firefox within the last 2-3 months dealing with security... ...

Interestingly enough, all software products are developed by people. People are fallable, ergo all software can have problems.


And some are more blasé and fallible than others.

More interesting is to compare the "clangers" dropped and whether the fix came out before or after exploitation.

Unfortunately, the ActiveX that is an 'integral' part of IE appears to be painfully vulnerable to abuse. Do you trust any random website to have full control of your computer user account?!

Happy crunchin',
Martin

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Bikeman (Heinz-Bernd Eggenstein)
Bikeman (Heinz-...
Moderator
Joined: 28 Aug 06
Posts: 3522
Credit: 729801421
RAC: 1197452

I moved this to Cafe Einstein

I moved this to Cafe Einstein because there is no immediate link to BOINC or E@H.

CU
Bikeman

Brian Silvers
Brian Silvers
Joined: 26 Aug 05
Posts: 772
Credit: 282700
RAC: 0

RE: More interesting is to

Message 89088 in response to message 89086

Quote:

More interesting is to compare the "clangers" dropped and whether the fix came out before or after exploitation.

True. This is a post-exploitation discussion. From what I've read, the incidence of the exploit is very low.

Quote:

Unfortunately, the ActiveX that is an 'integral' part of IE appears to be painfully vulnerable to abuse. Do you trust any random website to have full control of your computer user account?!

See, this is where all of you are approaching this wrong. What you do is you just set up a VM, then if the VM gets hacked, who cares? Blow away the VM image and make a new VM or restore an unhacked backup of the VM.

Dagorath
Dagorath
Joined: 22 Apr 06
Posts: 146
Credit: 226423
RAC: 0

RE: RE: More interesting

Message 89089 in response to message 89088

Quote:
Quote:

More interesting is to compare the "clangers" dropped and whether the fix came out before or after exploitation.

True. This is a post-exploitation discussion. From what I've read, the incidence of the exploit is very low.

Quote:

Unfortunately, the ActiveX that is an 'integral' part of IE appears to be painfully vulnerable to abuse. Do you trust any random website to have full control of your computer user account?!

See, this is where all of you are approaching this wrong. What you do is you just set up a VM, then if the VM gets hacked, who cares? Blow away the VM image and make a new VM or restore an unhacked backup of the VM.

Meh, far less trouble to just run a better browser (Firefox) on a better OS (Linux).

ML1
ML1
Joined: 20 Feb 05
Posts: 347
Credit: 86563414
RAC: 554

RE: True. This is a

Message 89090 in response to message 89088

Quote:
True. This is a post-exploitation discussion. From what I've read, the incidence of the exploit is very low.


Over a week of being generally known, and initially targeted at gamers (in China?).

Playing the percentages game, you can claim anything to be 'very low'. The absolute numbers were obviously high enough to get Microsoft into enough of a panic to issue an ASAP band-aid fix or whatever...

For that sort of exploit, Microsoft are damned by the media or the consequences AND the media regardless of what they do. I guess suffering just the media is the lesser of a Marketing problem.

Quote:
See, this is where all of you are approaching this wrong. What you do is you just set up a VM, then if the VM gets hacked, who cares? Blow away the VM image and make a new VM or restore an unhacked backup of the VM.


WOW! Now that is one highly elaborate band-aid!! Phew!

It's a bit like banishing IE onto some desert island and using remote control to tickle its interfaces! :-(

But regardless, doesn't it get rather annoying to lose all your carefully crafted bookmarks whenever IE gets nuked?

;-p

Cheers,
Martin

ps: 10/10 for the VM solution :-)

pps: Humour alert for anyone humourless!

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.