Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Internet Explorer The Internet Bug Security IT

Zero-Day IE Exploit Takes Control of PCs 567

Posted by CmdrTaco from the here-we-go-again dept.
anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."
This discussion has been archived. No new comments can be posted.

Zero-Day IE Exploit Takes Control of PCs More

Zero-Day IE Exploit Takes Control of PCs

Comments Filter:

  • This is why... (Score:1, Interesting)

    by Anonymous Coward on Tuesday November 22, 2005 @10:54AM (#14090151)
    I use Opera.

  • Wouldn't a better workaround be.. (Score:1, Interesting)

    by Anonymous Coward on Tuesday November 22, 2005 @10:55AM (#14090169)
    To just not use Internet Explorer?

  • Oh no.. (Score:3, Interesting)

    by Dynamoo ( 527749 ) * on Tuesday November 22, 2005 @10:57AM (#14090191) Homepage
    Oh no.. here we go again. No, it's not that there's another flaw in IE that I say that because some things are inevitable.. death, taxes and IE flaws. But any self-respecting IT professional or geek won't be using IE anyway. Sure.. users do, but they're much further down the food chain.

    No, the reason I'm saying it is that this being Slashdot we'll get the usual set of arguments about browser and OS supremacy. Again. It's like Groundhog Day!

    Shucks, everything has security flaws. Yeah, some more than others. To be honest, I found it more of a shock that Lynx has a security flaw [idefense.com]. If you can't trust Lynx to be secure, then really nothing is secure. Except unplugging your computer and putting it back in the box, perhaps.

  • I don't care (Score:1, Interesting)

    by Anonymous Coward on Tuesday November 22, 2005 @10:58AM (#14090205)
    I have a dual boot system:

    1. Windows for games and the occasional Windows-only software. Nothing sensitive there. Rootkit me all you want.

    2. Linux for the serious stuff.

    Everyone should do the same.

  • Re:Ouch. (Score:3, Interesting)

    by Overzeetop ( 214511 ) on Tuesday November 22, 2005 @10:59AM (#14090206) Journal
    Well, actually, yeah. I remember back in the early 90s when a secretary showed my this Mosaic thing she'd found. I told her it looked interesting, but that I could get anything I needed off of gopher. It didn't seem like anything that would take off. Fast forward a year or so, and I remarked to a couple of friends, after starting to use mosaic and looking at HTML, that in a couple of years you'd see web addresses instead of 800 numbers in advertising pretty soon. They looked at me like I told them computers would grow legs and walk around the office. 0.500 isn't too bad, right?

    No real point to this post - just an old fart trying to avoid real work by surfing slashdot...

  • good example of why Microsoft is bad at security? (Score:5, Interesting)

    by diegocgteleline.es ( 653730 ) on Tuesday November 22, 2005 @11:00AM (#14090225)
    This exploit exploits a vulnerability on a already found denial-of-service attack which Microsoft classified six months ago as "low-priority"...

  • Re:Ouch. (Score:2, Interesting)

    by s20451 ( 410424 ) on Tuesday November 22, 2005 @11:12AM (#14090352) Journal
    Yeah, I remember all those white pages with black text and blue links. Back when every nerd had to have a personal web site.

    I may be a nerd, but I like to think of my page design [andreweckford.com] as "clean" and "fast-loading", thank you very much.

  • Re:Give it 5 (Score:5, Interesting)

    by intmainvoid ( 109559 ) on Tuesday November 22, 2005 @11:30AM (#14090531)
    Have you had a look at the source on a slashdot page recently?

            _uacct = "UA-32013-5";
            urchinTracker();

  • Opera affected too? (Score:2, Interesting)

    by DoddyUK ( 884783 ) <doddyuk@@@gmail...com> on Tuesday November 22, 2005 @11:34AM (#14090593) Homepage
    Since this exploit is critical in IE, and DoS's both Safari and Firefox, does anyone know if this bug also affects Opera 8.5?

  • Lynx (Score:5, Interesting)

    by Frankie70 ( 803801 ) on Tuesday November 22, 2005 @11:35AM (#14090607)
    To be honest, I found it more of a shock that Lynx has a security flaw.

    Why? I haven't looked at Lynx recently, but Lynx used to be a very insecure
    browser - Lynx code had lots & lots of Buffer Overflows.

  • Re:Ouch. (Score:3, Interesting)

    by Yartrebo ( 690383 ) on Tuesday November 22, 2005 @11:53AM (#14090906)
    Sure is fast I must say. About 200-250 ms load time vs as long as 10 seconds (mostly rendering time, not download time) for some news sites and other ill-designed sites.

    And I have a fast (1.8 GHz processor running Konqueror) setup and broadband. I can just imaging the difference if I was on an old sub-GHz machine or on dial up. I'm also using Konqueror. For the odd site that doesn't work (forcing me to resort to Firefox), the render time is substantially increased.

  • Re:This is why... (Score:5, Interesting)

    by orangesquid ( 79734 ) <orangesquid@nOspaM.yahoo.com> on Tuesday November 22, 2005 @12:22PM (#14091302) Homepage Journal
    Why not just put your IE and web stuff in a special subtree and chroot before fork+exec'ing?

    Oh, wait, does windows even have anything like that...?

    I'm not trying to start a flame war, I'm honestly wondering.

  • Re:Ouch. (Score:4, Interesting)

    by cloudmaster ( 10662 ) on Tuesday November 22, 2005 @12:40PM (#14091552) Homepage Journal
    You have a strange definition of "better" if you think that using flash and graphics where text makes sense is "better". Hooray for wasting bandwidth in roder to provide a "media-rich" experience, when utilizing actual valid HTML would work just as well *and* provide a means of formatting for a variety of different output devices.

    You don't have to design to the "lowest common denominator" if you use proper HTML 4.1 with CSS, but you do have to think about making a page that degrades gracefully. It's not really even hard - but thanks to IE and Netscape adding their own screwy tags + cheerfully accepting ill-formed HTML, web developers are among the laziest, worst informed developers around. Yeah, things sure are better now.

  • Re:This is why... (Score:2, Interesting)

    by b4k3d b34nz ( 900066 ) on Tuesday November 22, 2005 @01:21PM (#14092009)

    I know the Firefox fanboys won't care, but Opera opens the proof of concept page without a DoS.

    Yes, I realize that saying this makes me an Opera fanboy.

  • Re:Give it 5 (Score:3, Interesting)

    by MemeRot ( 80975 ) on Tuesday November 22, 2005 @02:48PM (#14092846) Homepage Journal
    Interesting. I know Slashdot breaks their million page view per month limit (like in a couple hours), and I thought only users of AdWords were exempt from that limit? What's the deal guys? Anyone know anything else about Google Analytics?

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close