Zero-Day IE Exploit Takes Control of PCs 567
anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."
This is why... (Score:1, Interesting)
Wouldn't a better workaround be.. (Score:1, Interesting)
Oh no.. (Score:3, Interesting)
No, the reason I'm saying it is that this being Slashdot we'll get the usual set of arguments about browser and OS supremacy. Again. It's like Groundhog Day!
Shucks, everything has security flaws. Yeah, some more than others. To be honest, I found it more of a shock that Lynx has a security flaw [idefense.com]. If you can't trust Lynx to be secure, then really nothing is secure. Except unplugging your computer and putting it back in the box, perhaps.
I don't care (Score:1, Interesting)
1. Windows for games and the occasional Windows-only software. Nothing sensitive there. Rootkit me all you want.
2. Linux for the serious stuff.
Everyone should do the same.
Re:Ouch. (Score:3, Interesting)
No real point to this post - just an old fart trying to avoid real work by surfing slashdot...
good example of why Microsoft is bad at security? (Score:5, Interesting)
Re:Ouch. (Score:2, Interesting)
I may be a nerd, but I like to think of my page design [andreweckford.com] as "clean" and "fast-loading", thank you very much.
Re:Give it 5 (Score:5, Interesting)
_uacct = "UA-32013-5";
urchinTracker();
Opera affected too? (Score:2, Interesting)
Lynx (Score:5, Interesting)
Why? I haven't looked at Lynx recently, but Lynx used to be a very insecure
browser - Lynx code had lots & lots of Buffer Overflows.
Re:Ouch. (Score:3, Interesting)
And I have a fast (1.8 GHz processor running Konqueror) setup and broadband. I can just imaging the difference if I was on an old sub-GHz machine or on dial up. I'm also using Konqueror. For the odd site that doesn't work (forcing me to resort to Firefox), the render time is substantially increased.
Re:This is why... (Score:5, Interesting)
Oh, wait, does windows even have anything like that...?
I'm not trying to start a flame war, I'm honestly wondering.
Re:Ouch. (Score:4, Interesting)
You don't have to design to the "lowest common denominator" if you use proper HTML 4.1 with CSS, but you do have to think about making a page that degrades gracefully. It's not really even hard - but thanks to IE and Netscape adding their own screwy tags + cheerfully accepting ill-formed HTML, web developers are among the laziest, worst informed developers around. Yeah, things sure are better now.
Re:This is why... (Score:2, Interesting)
I know the Firefox fanboys won't care, but Opera opens the proof of concept page without a DoS.
Yes, I realize that saying this makes me an Opera fanboy.
Re:Give it 5 (Score:3, Interesting)