lynn98109 Posted December 16, 2008 Report Share Posted December 16, 2008 Users of the world's most common web browser have been advised to switch to a rival until a serious security flaw has been fixed. The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say. Microsoft is investigating the problem and preparing an emergency software patch to resolve it, it says. <snip> "Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw. Microsoft says it has detected attacks against version seven of the browser - its most widely used edition. But the company warned that other versions were also potentially vulnerable. As many as 10,000 websites have been compromised since last week to take advantage of the security flow, said antivirus software maker Trend Micro. full article here - http://news.bbc.co.uk/2/hi/technology/7784908.stm Lynn Link to comment Share on other sites More sharing options...
vid2man97 Posted December 16, 2008 Report Share Posted December 16, 2008 So, the eternal (infernal) game of cat and mouse (louse) continues. I was wary of going to FF until a few years back and prefer it over IE. Hopefully it's more than just luck but I've never had a problem (even with IE) as long as I surfed sensibly (I know, it doesn't always matter but it probably helps) and kept AV software up to date. Interesting that they'd advise a browser switch. MS must be red faced at that one. Link to comment Share on other sites More sharing options...
lynn98109 Posted December 16, 2008 Author Report Share Posted December 16, 2008 newer info from PCWorld - http://www.pcworld.com/article/155585/micr...tch_for_ie.html Patch to be issued tomorrow, 17 Dec, 1pm EST (10amPST). More than 2 million computers are believed to be infected (how do you tell and how do you get it out ?) And it seems it wasn't Microsoft suggesting an alternate browser Lynn Link to comment Share on other sites More sharing options...
vid2man97 Posted December 17, 2008 Report Share Posted December 17, 2008 More than 2 million computers are believed to be infected (how do you tell and how do you get it out ?) --Don't know. Probably the usual slow running and lights flashing on your ethernet box for no apparent reason (if used for spamming)? But I'll bet that many of those computers have absolutely no AV programs installed. I personally know far too many people who still have no AV installed, one of the excuses being it's all a scam to make money. I don't think any computer should be allowed to connect until you have up to date functional AV. And it seems it wasn't Microsoft suggesting an alternate browser I know....I was just amused that yet another flaw had someone (not MS) suggesting using an alternative and that MS can't be liking the bad press. As if this was the first big deal flaw ever. It sure won't be the last. Lynn Link to comment Share on other sites More sharing options...
gi7omy Posted December 17, 2008 Report Share Posted December 17, 2008 A couple of points on that - it also exists in IE6 and MS response was 'turn off active scripting' (which will effectively kill a lot of websites that use scripting) Also, they were highly indignant that someone published that without telling them that they were going to do it: "The flaw was made public in Chinese language discussion forums two days ago by a security group called the Knownsec team. In tests, it worked on IE 7 running on Windows XP, Service Pack 2. It has already been used by attackers who have hosted it on hacked Web sites to attack unsuspecting visitors, said Wayne Huang, CEO of security vendor Armorize Technologies. Now that the bug has been publicly disclosed, he expects attacks based on the flaw to become much more widespread." However: "According to Metasploit, an open source security software company, the flaw has been known since 2001. Security firm Symantec traces the public disclosure of the flaw back even further to 2000. Let's do the math here: Microsoft has taken somewhere between seven and eight years to plug a security hole that can be executed with publicly available software and an e-mail." I'll stick with the Russian thought controlled fighter (where IS the ex-mayor of Carmel when you need him? ) Link to comment Share on other sites More sharing options...
REDWAGON Posted December 17, 2008 Report Share Posted December 17, 2008 Security breech---patch, patch, patch. I don't care if it's MS, FF, or any other browser, if the professional hackers want to find a hole they will !!! So my suggestion is to do as vid2man97 suggested---keep a good security program installed on your computer and just hope you don't become a victim. That will help. Frank... Link to comment Share on other sites More sharing options...
CLS Posted December 18, 2008 Report Share Posted December 18, 2008 Security breech---patch, patch, patch. I don't care if it's MS, FF, or any other browser, if the professional hackers want to find a hole they will !!! So my suggestion is to do as vid2man97 suggested---keep a good security program installed on your computer and just hope you don't become a victim. That will help. Frank... Microsoft issued an emergency IE7 update today. Link to comment Share on other sites More sharing options...
Big_Dave Posted December 18, 2008 Report Share Posted December 18, 2008 Yes the patch is out and I installed it on my laptop. You just can't trust any website these days. Link to comment Share on other sites More sharing options...
Brendon Posted December 18, 2008 Report Share Posted December 18, 2008 I have FireFox 3.0.5, so no worries. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.