Use Internet Explorer? think again...

leninbenjamin

this was already posted in the Windows forum, but i think it deserves a bit more exposure as many people don't go there. if it's been posted already or not suitable for here, apologies mods.

news.bbc.co.uk wrote:

Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world's computer users.

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

But Microsoft counselled against taking such action.

"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

He added: "We're trying to get this resolved as soon as possible.

"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."

Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.

"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice [of switching to an alternative web browser] is very sensible," he said.


PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."

"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."

"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.

this could be one of the biggest security flaws found in IE for a long long time... or it could be a whole load of anti-Microsoft propaganda. I don't know, or care tbh. just thought it worth bringing to the attention of the masses.

4zn76tysfajdxp

tl;dr, I use Firefox ftw.

Naikon

Unix based OS's + iptables/pf tbh.

Turd Ferguson

Whats a browser?




/runs off giggling

Wagon

""I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group."

Prick :rolleyes:

Fratton Fred

damn it, that means i will have to delete the browsing history in Firefox now. The wife only uses IE

Mena

There a direct source for this?

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.

seems a little out of place :pac:

OmarChase

Aadhya Flat Headache wrote: »

tl;dr, I use Firefox ftw.

ditto!

dr.bollocko

Who was it?

eVeNtInE

This post has been deleted.

eZe^

Safari fo lyfe

aidan_walsh

Meanwhile on the other foot
Firefox is proclaimed to be the number 1 most vulnerable application on Windows.

IvySlayer

I use Firefox, so much better.

Mark200

CHROME!!!!!!!

projectmayhem

Mac ftw.

mike65

Opera 9.5 ftw

javaboy

IE > Firefox ;)

Mark200

Chrome > IE > Firefox

smellslikeshoes

What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals,"

What so people who steal game passwords aren't criminals?

towel401

smellslikeshoes wrote: »

What so people who steal game passwords aren't criminals?

no. not unless you're in south korea or holland where they take e-life quite seriously

galwayguy22

Mark200 wrote: »

Chrome > IE > Firefox

Chrome is ok but is a little gay looking. Also very new and has very annoying problems. Simple thing like trying to scroll on a laptop touch pad and it goes mental.

IE > Firefox?

pah, you must have a fetish for chubby buttons and chubby text. Why in the name of Jesus is the refresh button on the right hand side of the address bar, when for years its been on the left hand side, in every browser. Do they not pay attention to the "laws" of HCI?

Anything without adblock is not worth my time TBH LULZ!!11!

ImDave

eVeNtInE wrote: »

This post has been deleted.

+1. I've been using it since it came out and couldn't go back to IE now.

Overheal

Mark200 wrote: »

Chrome > IE > Firefox

https://www.youtube.com/watch?v=zqx2Bt5bnKE

Wonga

I started using opera and then firefox a few years ago and could never go back to IE

Guy:Incognito

Chrome is a bag os ****e. it crashes on me all the time. It's also too similar to IE to bother switching.


People need to get over the whole "MS is evil and its cool to hate them" crap. If these same hackers put their efforst into hating apple products or any of the other browsers the results would be the same. But of course they wouldnt be "cool" the.

Overheal

be sure to take this opportunity to email your loved ones who have to date been too docile to make the switch over from IE.

The Mighty Ken

Stekelly wrote: »

People need to get over the whole "MS is evil and its cool to hate them" crap.

Or maybe it's just because IE is a crappy, non-standards compliant browser the people shouldn't be using?

galwayguy22

The Mighty Ken wrote: »

Or maybe it's just because IE is a crappy, non-standards compliant browser the people shouldn't be using?

Unfortunately "normal" people don't care how a website is made or how long it took the developer to cater for every retarded Internet Explorer related bug.

The Mighty Ken

galwayguy22 wrote: »

Unfortunately "normal" people don't care how a website is made or how long it took the developer to cater for every retarded Internet Explorer related bug.

That's about the height of it. Education ftw.

bailefionn

Chrome all the way! Love the simple layout, none of the crap like IE. 9 most viewed pages open all the time is handy too..

phantom_lord

chrome is awesome, switched over from opera which i only use for downloading stuff now. it's so quick, reliable, has a nice clean layout, and handy to use. haven't used ie since i had dial up.

skywalker_208

What is this Internet Explorer you speak of?

bailefionn

Its what the cave men used

Capt'n Midnight

Patch released for it
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

The Mighty Ken

That patch doesn't work. This one is better.

Guy:Incognito

The Mighty Ken wrote: »

That patch doesn't work. This one is better.

For the love fo god why is there still no yawn smilie.

5starpool

When I heard this story first, my reaction was:

"Internet explorer has a security flaw? They might as well run a news story saying they found Jews in Israel"

The Mighty Ken

Stekelly wrote: »

For the love fo god why is there still no yawn smilie.

Because it would be used by idiots with nothing to contribute to the forum? :P

Guy:Incognito

The Mighty Ken wrote: »

Because it would be used by idiots with nothing to contribute to the forum? :P

Well that covers you. I however, would have a use for it.

The Mighty Ken

Stekelly wrote: »

Well that covers you. I however, would have a use for it.

I know you are but what am I?

Guy:Incognito

The Mighty Ken wrote: »

I know you are but what am I?

7

The Mighty Ken

Stekelly wrote: »

7

I know you are but... never mind.

Download Firefox

javaboy

Shill! :pac:

The Mighty Ken

javaboy wrote: »

Shill! :pac:

Damn. My cover's blown. Back to Mozilla HQ to plot my next dastardly plan.

rainbow kirby

Firefox + Leopard ftw

Overheal

Microsoft has released the new security patch. I still strongly recommend not jumping right back on a browser that just got hacked though.

Nehaxak

Opera for me. New version 10 is out as an alpha release and is fantastic !

Mimikyu

This post has been deleted.

Ciaran500

Solitaryman666 wrote: »

This post has been deleted.

Yep, never found a suitable replacement for FF + addons.

Mimikyu

This post has been deleted.

Capt'n Midnight

Stekelly wrote:

People need to get over the whole "MS is evil and its cool to hate them" crap. If these same hackers put their efforst into hating apple products or any of the other browsers the results would be the same. But of course they wouldnt be "cool" the.

IE is the only mainstream browser integrated into the OS so exploits can have greater access than on other browsers
ActiveX browser exploits are more or less limited to IE

As for Apple, their users are perceived to be less security aware, don't generally use anti virus and are probably richer, so you would think they would be perfect targets. yet OSX went from 1999 to 2006 before it got it's first trojan.

Microsoft released an SMB patch last month for a flaw demonstrated in 2000
http://www.theregister.co.uk/2008/11/12/ms_patch_tuesday_november


And it's not about hackers hating M$, these days Spam , Phishing , browser hijacking , botnets and such are big business , it's mostly about the money.