New Attack Fells Internet Explorer 202
Posted
by
Soulskill
from the tricking-an-old-dog dept.
from the tricking-an-old-dog dept.
alphadogg writes "Attack code has been identified that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser. The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer."
Is that supposed to be news?? (Score:5, Insightful)
Re:Virus warning (Score:3, Insightful)
FTFY.
Re:Is that supposed to be news?? (Score:5, Insightful)
old != unpatched.
The article says IE 6 and IE7. It does not say unpatched. For many people these are their current browsers as they have not upgraded to IE 8. For business users, their companies may still insist they use older browsers until they are able to migrate certain software to the new version.
Re:Is that supposed to be news?? (Score:3, Insightful)
If MS is going to be taking money for something like this then they should still be supporting IE6 and patching up its holes.
Re:Is that supposed to be news?? (Score:4, Insightful)
Considering how long people hold onto their version of IE, it will be ages until IE7 disappears.
I really don't think you are right about that. There will always be those home users on dialup that don't run automatic updates ever but they are not very useful in a bot net anyway. Most people will get update to IE8 weather they mean to do it or not. IE 6 lives in the corporate space because it was around long enough for its own software ecosystem to develop in and on it. IE7 was around for like a year before 8 was released as beta and 8 does not break much compatibility with 7 its much less significant than 6 -> 7.
I doubt there is much code out there target at 7 that does not work on 8. The projects that do would have to have been pretty small and would have been designed and completed in a pretty narrow time window between 7's release and the pretty clear public information on what was coming in 8.
Re:In other news... (Score:5, Insightful)
What does that have to do with anything? Fully patched IE 6 and IE 7 are _supported_ products, the ones you list are not.
Re:Is that supposed to be news?? (Score:5, Insightful)
Re:Firefox (Score:3, Insightful)
The only people still using internet exploder are people who don't care about security.
Or perhaps they just don't know about that sort of thing, and expect their computer to just work, just as their TV, fridge, microwave, phone, etc all just work?
or whatever the OS X browser is called
First you lambaste people for not knowing enough about IE and its alternatives, then you admit to not knowing enough about Safari. Beautiful.
Hypocrits! (Score:5, Insightful)
So, isn't the responsible thing to do to notify Microsoft, and given them adequate time to produce a patch?
By posting the exploit to a public list, this guy is basically handing the bad guys a weapon. That's criminal. But because it's a Microsoft product, the Slashdot folks just eat that up -- Hey, fuck'em, they're running Wind0ze!!!111
Re:Really? (Score:1, Insightful)
Re:Not aware of a patch? (Score:4, Insightful)
Surely one of the main reasons for having web based applications in the first place is to get some independence from the clients' platform.
You haven't been in IT long, have you?
Re:Is that supposed to be news?? (Score:3, Insightful)
With an atitude like that, you are a nuisance to everyone else on the road.
Re:A great reason to choose Firefox (Score:3, Insightful)
More likely the users would complain, management would haul the IT chief in to a room to ask what was going on, and he'd explain that the users were wasting lots of time filing frivalous tickets trying to access sites for non-work purposes, and management would issue a statement telling them to stop wasting time and money.
In the home space, people would simply go "Huh? But then I won't be able to use my other webs!" and go somewhere else - especially if it's a commercial site they were looking to make a purchase from. Amazon won't serve me? I'll go to B&N, or eBay, or any of a huge number of other companies that will be more than happy to take my business.
Re:Is that supposed to be news?? (Score:3, Insightful)
If inpections are too heavy a burden on people, those people should not have cars then. As far as getting stuck with "repairs" you don't want, either you're not going to someone trustworthy and should find another mechanic, or you should do the inspection yourself upfront so you can call their BS. Most inspections are just quick checks on belts, brake wear, etc, it should be trivial to do it yourself.
As far as the cost of the inspection, tell that to the state; here its only $20, and only if you pass.