IE Flaw Gives Hackers Access To User Files 259
snydeq writes "Microsoft warned that a flaw in IE gives attackers access to files stored on a PC under certain conditions. 'Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location,' Microsoft said in a security advisory. The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."
Steam (Score:1, Interesting)
Yet another reason for games to stop using IE as their built in patcher/notification/whatever. If you really need to display an HTML file, let the system display it with whatever the configured default is.
Re:WHY THE FUCK DO PEOPLE STILL USE IE? (Score:3, Interesting)
I read about vulns in Firefox pretty often too. Granted, IE's tend to be stupider and MS's policy of ignoring vulns until they're shoved in their faces with an in-the-wild exploit (and then only patching once a month) is pretty awful, but it's not like other browsers are a magic bullet.
That said, i wouldn't be caught dead using IE, nor let friends or family do it.
Re:c:\Windows\System32\ (Score:4, Interesting)
Re:c:\Windows\System32\ (Score:3, Interesting)
Actually, a very important distinction of the word "access" was not mentioned. This flaw only seem to give read access to the files, so you can not just modify any file you wish.
It's still a major security flaw, of course, but will be slightly more difficult to exploit. It's great for targeted phishing though. You'll be able to find out a lot about the target.
Windows.edb = windows search index (Score:5, Interesting)
get \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (vista)
or \All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (xp)
and http://www.simplecarver.com/tool.php?toolname=Windows Search Index Extractor
Re:Steam (Score:5, Interesting)
Unfortunately, the thread asking for Webkit in Steam at http://forums.steampowered.com/forums/showthread.php?t=861863 [steampowered.com] demonstrates how clueless the average gamer is about standards etc.
Some choice quotations:
"ie is fine"
"I'd rather not have steam bloated with redundant tech right now."
"Also W3C != Web Standards, and IE aren't the only ones not complying with the "standards", Firefox didn't comply with all W3C published recommendations either.(Don't know if that's still the case) [...] Microsoft is a business, and they don't want to take the blame because of a third parties inabillity to properly design websites. That is their design goal, and as the W3C isn't enforcable, as it's not considered a standard"
"It works, it is secure and it isn't that slow"
"IE is fine, and so was Windows 98."
"there is nothing wrong with the day-to-day performance of Trident."
You mean like... (Score:4, Interesting)
You mean like...
C:\users\%username%\AppData\Local\Microsoft\Outlook\outlook.pst?
hmmm...??? like that?
Re:WHY THE FUCK DO PEOPLE STILL USE IE? (Score:3, Interesting)
If a site needs IE today, I don't need that particular site.
Good luck trying to tell that to your boss.
Re:WHY THE FUCK DO PEOPLE STILL USE IE? (Score:2, Interesting)
There's a reason I use my HIPPA rights to make sure my records only live on paper.
Pesky NTOSKRNL.EXE (Score:2, Interesting)
Nobody knows where i keep THIS file.
Re:Flawed (Score:4, Interesting)
The difference is that a lot of software which works on Windows XP is broken on Windows 7, including several games that I tried, whereas for the various Loki games that don't work there's Loki_Compat, and for most everything else you have source and can recompile. There's still ample reason to use Windows XP, because for many tasks it is superior to modern Windows. Of course, there are limited cases where this is true for Linux as well, such as when you desire to run OpenMOSIX which AFAIK last worked on 2.4 series kernels.