Topic: Serious security flaw found in IE (Shock Horror) (Page 1 of 1)

I've just been reading this on the BBC website so I thought I'd share in case there may be the odd one or two of us who were not aware of IE's shortcomings.

quote:

---

Users of the Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

---

[edit] adding quote[/edit]


Those who look for monsters should look to it that
they do not become monsters. For when you gaze
long into the abyss, the abyss also gazes into you.

(Edited by Tao on 12-16-2008 12:27)

You can lead a horse to water,
But you can't make it drink.

*pats his Firefox*

WebShaman | The keenest sorrow (and greatest truth) is to recognize ourselves as the sole cause of all our adversities.
- Sophocles

*pats anything but IE*

This part was way too funny:

quote:

---

Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

But Microsoft counselled against taking such action.

"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

---

Nature & Travel Photography
Main Entrance

quote:

---

Blaise said:

You can lead a horse to water,But you can't make it drink.

---

Chuck Norris can

Later,

C:\

Or as Dorothy Parker once said.

quote:

---

You can lead a horticulture but you can't make her think

---

I'd rather have a bottle in front of me than a frontal lobotomy.

Completely OT: have you seen this:

http://bewareofthedoghouse.com/VideoPage.aspx

Nature & Travel Photography
Main Entrance

quote:

---

CPrompt said:

quote:Blaise said:You can lead a horse to water,But you can't make it drink.Chuck Norris can Later,C:\

---

Chuck Norris doesn't need to lead a horse to water--he can consume all the water in a lake or river in one gulp, saunter over to the horse at will, and then piss out a stream of water that has been purified simply by being passed through his kidneys.


___________________________
Suho: www.liminality.org | Cell 270 | Sig Rotator | the Fellowship of Sup

Brilliant, the security hole seems to go effect all versions of IE from IE5 up to IE8b2. *sigh* one would think that a company as big as M$ has significant capacity to QA its product esp. security vectors. IE5 beta1 is more than 10 years old and some of its flaws still make their way in current versions grrrr!!

Well, in light of what you posted, poi, it just sickens and disgusts me that IE is still the "most used" browser out there...

Especially these days, where there are alternatives that are

A) Easy to DL and install

B) Obviously better

C) Are more standards compliant

Sometimes, I just hate people laziness.

WebShaman | The keenest sorrow (and greatest truth) is to recognize ourselves as the sole cause of all our adversities.
- Sophocles

Well I was shocked to find out that a friend of mine who works for IBM has a company laptop with IE 6 as the default browser.

He had only had the laptop for a few months and it had already been overrun by malware and the like.

One of the largest IT companies still using IE6, from one of their standard images, that's what is sickening.

quote:

---

WebShaman said:

Sometimes, I just hate people laziness.

---

don't confuse laziness with ignorance. Meaning that I actually have a friend that thought to get on the internet, he had to click the big blue E. And by ignorance, I mean that people just don't know.

So are the people at fault all the time. nah.

However, our home office told us not long ago to actually use IE and I was told that they "would not support Firefox". whatever!

Later,

C:\

Most companies do not support anything other than IE. And have a great big department dealing with all the problems occurring due to IE.

Yeah, love those IT departments insisting on "IE" only. We have them too, but at least FF comes as a portable version...

Hehe...

And C, in this case I really do not consider ignorance to be an excuse anymore - anyone who has access to the internet should not be pleading ignorance.

WebShaman | The keenest sorrow (and greatest truth) is to recognize ourselves as the sole cause of all our adversities.
- Sophocles

I find all this hype recently about IE being the devil so weird, why is it all of a sudden so main stream and why is the alternative just firefox? Can anyone get any real information about this vulnerability?

Is it something to do with Firefox now sending all of your surfing information straight to Google by default?

Tools -> Options -> Security

[x] Tell me if the site I'm visiting is a suspected attack site

[x] Tell me if the site I'm visiting is a suspected forgery

All your DNS requests are collected.

(By the way have you noticed Firefox has also added a Microsoft DRM add-on by default too).

(Edited by Hugh on 12-22-2008 13:23)

Yep. Noticed that. It all points to the major networks combining to serve the one world government. Too bad Opera is so unsupported. Chrome's even worse. I'm using it right now and expect everything I do to be logged and on a server somewhere immediately. The asylum isn't safe...

*pets Safari* heheheheheheh.

At the risk of inciting some fanboy frothing, I have to point out that Firefox was the browser at the top of the list for critical vulnerabilities issued and patched in 2008 (http://blogs.zdnet.com/security/?p=2304). Criticality level is determined based on the type of vulnerability, code execution/machine access rate at high and extreme criticality. Any and all security alerts are filed under system access by default.

http://secunia.com/advisories/product/12434/?task=advisories_2008

IE has more unpatched vulnerabilities, but the reason they're unpatched is they're so insubstantial in the effect they have on the user that they aren't worth fixing.

http://secunia.com/advisories/product/12366/?task=advisories_2008

As far as critical security alerts, they are identical, primarily because it was the introduction of new attack methods that effected all browsers, not just firefox or ie.

Other reading for those interested in truly knowing what's going on with their machines follows:

http://blogs.zdnet.com/security/?p=2517
http://www.beyondtrust.com/documentation/whitePapers/wp_VulnerabilityReport.pdf
http://blogs.zdnet.com/security/?p=2419
http://www.schneier.com/blog/
http://cansecwest.com/

Why should any "fanbois" froth at the mouth?

The Dev Team for FF IDs and works pretty fast to fix vulnerabilities, etc for FF.

In fact, much better than M$ for IE.

WebShaman | The keenest sorrow (and greatest truth) is to recognize ourselves as the sole cause of all our adversities.
- Sophocles

You find more bugs when you're allowed to look at the source code. You also patch, let me think... all of them.

You can lead a horse to water,
But you can't make it drink.

Good saying.

__________________
My Favorite Tools:
flash banner | flash menu | flash decompiler

quote:

---

sophielucky said:

You can lead a horse to water,But you can't make it drink.Good saying.__________________My Favorite Tools:flash banner | flash menu | flash decompiler

---

Completely meaningless and out of context, but what would you expect from a bot.

Nature & Travel Photography
Main Entrance