Curse

Lasareth · Dec 17, 2008, 02:16 AM // 02:16

Don't really know if this was posted yet, please let me know if it was.

Sucky cut-paste formatting, sorry.

Quote:

Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world's computer users.

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

Browser bait

"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

But Microsoft counselled against taking such action.

"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

He added: "We're trying to get this resolved as soon as possible.

"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."

Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.

"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice [of switching to an alternative web browser] is very sensible," he said.

PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."

"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."

"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.

http://news.bbc.co.uk/1/hi/technology/7784908.stm

Other resources:

http://blog.trendmicro.com/zero-day-...ely-exploited/
http://tech.yahoo.com/blogs/null/111811

If you're using IE7 at the moment it would be a good idea to use something else. I know I'm guilty myself of opening IE out of bad habit, I really should delete that shortcut from my desktop.

Snow Bunny · Dec 17, 2008, 02:27 AM // 02:27

Firefox 3 bitches.

zelgadissan · Dec 17, 2008, 03:17 AM // 03:17

IE still exists?

Arkantos · Dec 17, 2008, 03:27 AM // 03:27

Laugh out loud at internet explorer.

JupiterStarWarrior · Dec 17, 2008, 03:36 AM // 03:36

Wow. So, those people who said "it's your fault you got hacked" really should give the hacked person the benefit of the doubt sometimes.

I use Firefox. Have been for a couple years now. I love it. Won't switch back unless absolutely necessary. Probably will be necessary when I get Vista on my computer. But right now, it isn't. Yeah.

I pwnd U · Dec 17, 2008, 04:29 AM // 04:29

Go go Firefox!

Abedeus · Dec 17, 2008, 10:26 AM // 10:26

People still use IE? I thought everyone sane jumped to Firefox/Google Chrome/MAYBE Opera long time ago.

Mortal Amongst Mere Gods · Dec 17, 2008, 01:56 PM // 13:56

Sheesh, I feel so e-getto. I still use IE, and it doesn't help that I'm using Vista. Vista's a brick of shit anyways, so I don't really have an excuse not to run something else.

Lord Sojar · Dec 17, 2008, 03:46 PM // 15:46

Vista is more secure than XP, so on that note, it isn't so shitty. However... IE is trash, always has been. Microsoft is so full of fail... Steve Ballmer is going to drive the company into the ground with his blind zeal; freak show...

some guy · Dec 17, 2008, 03:51 PM // 15:51

firefawx 3!!!! go go mozilla

Painbringer · Dec 17, 2008, 04:26 PM // 16:26

So IE has to be actively being used to put you at risk?

Diddy bow · Dec 17, 2008, 06:13 PM // 18:13

"So using IE atm is dangerous?" Said Gerard realising he was in fact using IE.

Aera · Dec 17, 2008, 06:14 PM // 18:14

Quote:

Originally Posted by Painbringer

So IE has to be actively being used to put you at risk?

Long answer: Yes, it does.
Short answer: Yes

mrmango · Dec 18, 2008, 04:43 AM // 04:43

I believe they fixed this today.

Lasareth · Dec 18, 2008, 04:49 AM // 04:49

A patch was released via windows update for the problem, yea. If it works is anyone's guess.

Zahr Dalsk · Dec 18, 2008, 05:57 AM // 05:57

Quote:

Originally Posted by Snow Bunny

Firefox 3 bitches.

Absolutely. Why would anyone even use IE anymore?

DarkFlame · Dec 18, 2008, 07:15 AM // 07:15

Quote:

Originally Posted by Zahr Dalsk

Absolutely. Why would anyone even use IE anymore?

To manually run Windows Update. And because you cannot uninstall IE off a windows machine.

Lord Sojar · Dec 19, 2008, 12:13 AM // 00:13

Quote:

Originally Posted by DarkFlame

To manually run Windows Update. And because you cannot uninstall IE off a windows machine.

That is one of the only really great things about Vista. After disabling UAC, you can choose when to run Windows Update. XP's version is intrusive. Otherwise, Vista can DIAF.

JupiterStarWarrior · Dec 19, 2008, 03:16 AM // 03:16

What's DIAF?

But, yeah. XP is very intrusive. It keeps popping up, every 5 minutes or so, 'YOU HAVE TO RESTART! RESTART NOW OR RESTART LATER?'. Ugh. But yup. Firefox is the way to go. I can disable ads with a simple download. ^_^;

Abedeus · Dec 19, 2008, 10:51 AM // 10:51

Yes, Vista is more secure. That's awesome.

My school computer (dual cored Intel Pentium @ 1.8, same as at home + 1GB RAM and GeForce 5600) lags even on FLASH GAMES. Of course using IE, because some idiot has set up 30MB limit per user on HDD and I can't install anything sane.

DIAF + Google = Urban Dictionary = Die in a fire.