Zero-Day IE Exploit Takes Control of PCs 567
anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."
This is why... (Score:5, Insightful)
Ouch. (Score:5, Insightful)
Yeah, me neither.
...or by not using Internet Explorer (Score:2, Insightful)
I hope this gets into a doubleclick ad (Score:5, Insightful)
That'd be SO funny
Someday, an IE exploit is going to come along that wipes your HD. Then we'll see sparks fly.
Re:Ouch. (Score:2, Insightful)
Thanks goodness browsers and the WWW got beyond academia because even with all the shit we have to put up with today (like this JScript exploit), the experience is far better and vastly outweighs the problems. Of course, there will always a small number of irrelevant people who like to portray themselves as elite by complaining about how the concept of the browser has changed. I really don't miss the early web with Mosaic downloading slowly and Netscape with its pulsing N, and lots of very bad personal web pages. I really don't need to use Lynx either.
Oh, and no I'm not forgetting that there are people trying to browse the web on mobile devices with ridiculously small screen. Good luck to you! But, I don't see why every web page should cater to the lowest common denominator.
Re:...or by not using Internet Explorer (Score:5, Insightful)
Take Preinstalled Browser,
Add to Lazy User,
and mix in a healthy dose of Ignorance.
Alternate Receipe:
Take Preinstalled Browser,
Add Fear Of Change.
Despite having Firefox installed at home, my wife insists on MSExploder .... I think the linux migration time-table is getting shortened.
Re:This is why... (Score:2, Insightful)
Re:The facts please (Score:5, Insightful)
Now, mod me whatever you want, but the info you provide should be FACTS.
Fact: A critical security flaw has been found in IE, and the SANS ISC is recommending that people use one of the "other browsers".
Howzat?
Re:Link to a copy? (Score:4, Insightful)
So you'd deliberately and maliciously cause problems, just to prove you were on some imaginary moral high ground?
Gah! (Score:5, Insightful)
users do, but they're much further down the food chain
Except that regular users comprimise a greater number of Internet users. So if Joe Average uses IE, more people are going to be affected by this flaw.
we'll get the usual set of arguments about browser and OS supremacy.
If something has fewer security problems, isn't it "superior" in that respect?
If you can't trust Lynx to be secure, then really nothing is secure.
Right. Because if something has one flaw, then you might as well not even bother trying, because everything has flaws. I mean, just because IE has had double-or-triple-digit flaws, clearly this one flaw in lynx makes all arguments against IE moot.
What an inane comment.
Say goodnight, AJAX (Score:3, Insightful)
Re:I don't care (Score:3, Insightful)
Why rob a bank? Because that's where the money is.
Why write viri for Windows/IE? Because that's where the users are.
-Rick
Re:This is why... (Score:5, Insightful)
Re:...or by not using Internet Explorer (Score:5, Insightful)
It's very, very simple. People are stupid and lazy.
Re:This is why... (Score:2, Insightful)
Re:Say goodnight, AJAX (Score:5, Insightful)
Re:...or by not using Internet Explorer (Score:5, Insightful)
I don't understand this. You aren't the first person to tell me their Wife doesn't wanna run Firefox. You know what I did. I said to my wife "Wife. IE will break the computer and then I will have to spend all night fixing it rather than doing whatever else it is you wanted me to do.". My wife actually respects that I know what the crap I am talking about (just as I respect what the crap she is talking about in her area of expertice...which isn't IT) and goes with what I say.
Why don't you people just try explaining the problems to your wife and get over it?
My IE not at risk (Score:2, Insightful)
Block all, only allow what is legitimate.
A security principal we should be using... Whitelists are much better then black lists.
This vuln will only affect my network if one of the trusted sites gets infected, but that is a much reduced risk from the phishin emails etc with links to bad sites... I.e., like anything is only as secure as how the administrator configured it.
Now for home users.. Microsoft WHAT THE HELL ARE YOU THINKING
Re:The facts please (Score:3, Insightful)
Who knows how long other people have been exploiting this bug - potentially in ways not involving Javascript as well?
Insecure.. firefox.. (Score:1, Insightful)
You know, javascript on for some sites, off as the default.
Re:This is why... (Score:2, Insightful)
Re:Ouch. (Score:2, Insightful)
http://www.google.com/ [google.com]
^^^NERDS! Obviously their business will fail.
Re:This is why... (Score:2, Insightful)
go with the F-cage
Onepoint
Re:I don't care (Score:3, Insightful)
You are implying that the person breaking the law has an average level of intellegence. Haven't you seen "Maximum Exposure", "Real Police Videos", or any of the other caught on tape shows. They prove one thing, most criminals are dumb. True, there are a few gems in the rough, but by and large, the criminal element of society is not the brightest bulb in the box.
"Where's the notoriety in this? Oooh. I hacked a windows box. I'm so l33t."
Try, I hacked 3.4 million Windows boxes. I'm so l33t. I now have a bot network that can cripple massive pipes. Spam emails to millions of people per hour. Shut down major media outlets. Decimate online services (sales/games/gambling). Run distributed key cracking engines, etc.
Compared to: I hacked 20 debian boxes. I can flex my online epeen and spam an IRC channel!
CNN doesn't care about 20 nuebs who left their systems unsecured. CNN doesn't even care about Windows vulnerbilities. CNN cares about the monitary impact. So CNN will report on the person who creates a huge botnet and attacks high profile online organizations with it.
-Rick
Re:This code (Score:2, Insightful)
Re:My IE not at risk (Score:3, Insightful)
The damn data janitors around here forget their job is first to provide a useful network.
Re:Ouch. (Score:3, Insightful)