Serious security flaw found in Internet Explorer

Started by Minder, December 16, 2008, 11:53:06 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions

Minder

December 16, 2008, 11:53:06 AM
"When it's too tough for them, it's just right for us"

Our Nail Loney

#1
December 17, 2008, 01:01:07 PM
Just as well I use Firefox then!

under the bar

#2
December 17, 2008, 01:22:20 PM
Funny I used it yesterday and it closed itself.  Everytime I went to re-open it said it wanted to send a strange looking error report.  When I hit "don't send" it kept reopening wanting to send the report again.    I thought it unusual so just deleted internet exlorer and used firefox.

Minder

#3
December 17, 2008, 02:02:00 PM
This security issue aside is IE better than Firefox or vice versa. I was having trouble for ages logging into a forum on IE and tried it on Firefox last night and Bob was very much my uncle.
"When it's too tough for them, it's just right for us"

saffron sam2

#4
December 17, 2008, 02:55:07 PM
The emboldened bit of the BBC report is particularly interesting.

Quote

Serious security flaw found in IE

Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world's computer users.

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.  The most high profile victim to date is believed to be Ballymena UUP councillor Neill Armstrong, whose gaaboard account, under the pseudonym the bard of dunclug, was hacked into. Police are still investigating this incident.

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

But Microsoft counselled against taking such action.

"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

He added: "We're trying to get this resolved as soon as possible.

"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."

Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.

"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice [of switching to an alternative web browser] is very sensible," he said.

  This could be the moment when the minnows in the browser wars finally score a significant victory

PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."

"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."

"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.

Looks like we all owe Councillor Armstrong an apology.
the breathing of the vanished lies in acres round my feet

TORGAEL

#5
December 17, 2008, 03:15:49 PM
Aye, you would really have to feel sorry for what has happened him, "poor diddums".

Orior

#6
December 17, 2008, 04:06:06 PM
QuoteLooks like we all owe Councillor Armstrong an apology.

Hell no!

Guilty until proved beyond doubt of his innocence, including 3 clear reports from an independant monitoring organisation, photographs showing nothing bad happened, and sack cloth and ashes, and his brain stood down.
Cover me in chocolate and feed me to the lesbians

Our Nail Loney

#7
December 17, 2008, 04:10:36 PM
Quote from: Minder on December 17, 2008, 02:02:00 PM
This security issue aside is IE better than Firefox or vice versa. I was having trouble for ages logging into a forum on IE and tried it on Firefox last night and Bob was very much my uncle.

I have used Firefox now for I don't know how long... Started using it in Queens libraries as you could gt on websites that they had blocked on IE, now I would never use IE. Firefox is a lot handier I think, plus the computer guys in my work always say to use it and they wouldn't be seen dead using IE.

ziggysego

#8
December 17, 2008, 09:16:39 PM
Quote from: Minder on December 17, 2008, 02:02:00 PM
This security issue aside is IE better than Firefox or vice versa. I was having trouble for ages logging into a forum on IE and tried it on Firefox last night and Bob was very much my uncle.

I can't access the board on IE either, but no problems accessing it via Firefox.
Testing Accessibility

corn02

#9
December 17, 2008, 09:19:45 PM
Quote from: Our Nail Loney on December 17, 2008, 04:10:36 PM
the computer guys in my work always say to use it and they wouldn't be seen dead using IE.

I know that is so 2007. Your social standing would be wrecked if you were seen using IE.

Minder

#10
December 17, 2008, 09:25:49 PM
Why is Firefox "handier" though? What benefit has one got over the other?
"When it's too tough for them, it's just right for us"

ziggysego

#11
December 17, 2008, 09:28:13 PM
Quote from: Minder on December 17, 2008, 09:25:49 PM
Why is Firefox "handier" though? What benefit has one got over the other?

Don't know if it's any handier, but I find it crashes and freezes less than IE.
Testing Accessibility

thewobbler

#12
December 17, 2008, 09:29:18 PM
No advantages at all.

Firefox snobbery is an infectious disease abound in the world of IT.

ONeill

#13
December 17, 2008, 09:30:52 PM
Quote from: saffron sam2 on December 17, 2008, 02:55:07 PM
The emboldened bit of the BBC report is particularly interesting.

Quote

Serious security flaw found in IE

Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world's computer users.

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.  The most high profile victim to date is believed to be Ballymena UUP councillor Neill Armstrong, whose gaaboard account, under the pseudonym the bard of dunclug, was hacked into. Police are still investigating this incident.

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

But Microsoft counselled against taking such action.

"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

He added: "We're trying to get this resolved as soon as possible.

"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."

Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.

"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice [of switching to an alternative web browser] is very sensible," he said.

  This could be the moment when the minnows in the browser wars finally score a significant victory

PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."

"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."

"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.

Looks like we all owe Councillor Armstrong an apology.

I knew this was a piss-take when I read 'Neill Armstrong' as opposed to Neil Armstrong. The BBC would never make such an elementary error.
I wanna have my kicks before the whole shithouse goes up in flames.

J70

#14
December 17, 2008, 11:16:38 PM
Quote from: Minder on December 17, 2008, 02:02:00 PM
This security issue aside is IE better than Firefox or vice versa. I was having trouble for ages logging into a forum on IE and tried it on Firefox last night and Bob was very much my uncle.

Been using Firefox for over four years and I've been well pleased. I don't find IE user-unfriendly at all, but there are just far too many tales of security vulnerabilities surrounding it, although apparently, until this episode, things had been much better since the release of IE7 (incredibly they still use IE6, reputably the worst internet browser ever, at my workplace, but that's what you get with very large organizations I guess). Firefox has its vulnerabilities as well, but on the whole appears to be a much safer browser. If you want to be really safe, you could probably try Opera or Chrome, as they may not have been targeted to the same extent as the former pair.
Print
Go Up Pages1 2
User actions