Internet Explorer security flaw
Disc Jockey
Posts: 1,013
I just heard about this today but it's apparently been known about for a few days. Mostly centered in China and used to get gaming passwords but can be adapted to get passwords of many types. The exploiter can be installed on legit sites to attack IE
story here: http://voices.washingtonpost.com/securityfix/2008/12/microsoft_big_security_hole_in.html
MS aadvisory here: http://www.microsoft.com/technet/security/advisory/961051.mspx
List of workarounds here: http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx#workarounds
Obviously, easiest thing is to use something other then IE for now.
story here: http://voices.washingtonpost.com/securityfix/2008/12/microsoft_big_security_hole_in.html
MS aadvisory here: http://www.microsoft.com/technet/security/advisory/961051.mspx
List of workarounds here: http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx#workarounds
Obviously, easiest thing is to use something other then IE for now.
"The secret of happiness is freedom. The secret of freedom is courage." Thucydides
Post edited by Disc Jockey on
Comments
-
Google officially released Chrome now(non-beta)...sounds like a good time to switch over.
-CodyMusic is like candy, you have to get rid of the rappers to enjoy it -
IE's been working fine for me right now, but if these security vulnerabilities continue I might consider switching to Firefox.polkaudio RT35 Bookshelves
polkaudio 255c-RT Inwalls
polkaudio DSWPro550WI
polkaudio XRT12 XM Tuner
polkaudio RM6750 5.1
Front projection, 2 channel, car audio... life is good! -
I got wacked about a week ago with adware and a backdoor trojan.
My registry was a mess and wouldn't let me get to Microsoft or AVG.
Took me 2 days to get it straight finally with STOPzilla.
Firefox is now installed and I use it for my critical web work now.
Yamaha RX-A710 90Watt 7.1
Mains: RTi A1's Center: CS150 Sats: RT15i's Sub: Velodyne DPS-10
Music CD: Sony CDP-CE375 5 Disk
HD TV: Vizio 42" LCD 1080p E420VO
Blu-Ray: Sony BDP-S350
DVD: Sony DVP-NC665P 5 Disk
AV Rack: Sanus Euro EFAB-II Audio Base x2 EFAS-II Audio Expansion Shelf x4
Cables Used: Monster Cable HPD Sony HDMI DLCHE18W
Phones: Sennheiser HD280 Pro -
I got wacked about a week ago with adware and a backdoor trojan.
My registry was a mess and wouldn't let me get to Microsoft or AVG.
Took me 2 days to get it straight finally with STOPzilla.
Firefox is now installed and I use it for my critical web work now.
I love Firefox. -
MS is releasing an emergency patch tomorrow.
http://news.yahoo.com/s/afp/20081216/ts_afp/uschinaitinternetsoftwarecrimemicrosoft"Just because youre offended doesnt mean youre right." - Ricky Gervais
"For those who believe, no proof is necessary. For those who don't believe, no proof is possible." - Stuart Chase
"Consistency requires you to be as ignorant today as you were a year ago." - Bernard Berenson -
My IE recently got attacked but everyone was telling me it was because of malware. Turned out to be a hacked router that was redirecting web pages.
So switching to Firefox wouldn't have done anything - I'd have the same problem even if I were on a Mac!!
(speaking of which, a friend of mine got a virus on his Mac)polkaudio RT35 Bookshelves
polkaudio 255c-RT Inwalls
polkaudio DSWPro550WI
polkaudio XRT12 XM Tuner
polkaudio RM6750 5.1
Front projection, 2 channel, car audio... life is good! -
MS is releasing an emergency patch tomorrow.
http://news.yahoo.com/s/afp/20081216/ts_afp/uschinaitinternetsoftwarecrimemicrosoft
Hey Microsloth's middle name "PATCH" :mad:
Can't make nothing right the first time.....charge ya big bux for their programs....makes Guniea Pigs out of it's users....been doing it since day one!!
Yamaha RX-A710 90Watt 7.1
Mains: RTi A1's Center: CS150 Sats: RT15i's Sub: Velodyne DPS-10
Music CD: Sony CDP-CE375 5 Disk
HD TV: Vizio 42" LCD 1080p E420VO
Blu-Ray: Sony BDP-S350
DVD: Sony DVP-NC665P 5 Disk
AV Rack: Sanus Euro EFAB-II Audio Base x2 EFAS-II Audio Expansion Shelf x4
Cables Used: Monster Cable HPD Sony HDMI DLCHE18W
Phones: Sennheiser HD280 Pro -
If you're still using IE instead of the far superior alternatives, you deserve this.If you will it, dude, it is no dream.
-
So switching to Firefox wouldn't have done anything - I'd have the same problem even if I were on a Mac!!
(speaking of which, a friend of mine got a virus on his Mac)
Mac's are so full of holes, it isn't even funny. At some point hackers are
going to get tired of beating up MS and go for the easy pickings."The legitimate powers of government extend to such acts only as are injurious to others. But it does me no injury for my neighbour to say there are twenty gods, or no god. It neither picks my pocket nor breaks my leg." --Thomas Jefferson -
Why are they full of holes? Just wonderin...
I have a Mac and I've never had a problem with anything. Not trying to be a fanboy, just stating my experience. -
Why pick on something full of holes, when PC's are 8 to 1 on causing heck? (Note just my $.02 here, don't quote me on the facts jack)
Speakers
Carver Amazing Fronts
CS400i Center
RT800i's Rears
Sub Paradigm Servo 15
Electronics
Conrad Johnson PV-5 pre-amp
Parasound Halo A23
Pioneer 84TXSi AVR
Pioneer 79Avi DVD
Sony CX400 CD changer
Panasonic 42-PX60U Plasma
WMC Win7 32bit HD DVR -
Airplay355 wrote: »Why are they full of holes? Just wonderin...
I have a Mac and I've never had a problem with anything. Not trying to be a fanboy, just stating my experience.
I'm not really sure why, but I do know they can be susceptible to malicious code (like my friend that got his Mac infected)...
I was just trying to say that no OS is 100% safe, that's allpolkaudio RT35 Bookshelves
polkaudio 255c-RT Inwalls
polkaudio DSWPro550WI
polkaudio XRT12 XM Tuner
polkaudio RM6750 5.1
Front projection, 2 channel, car audio... life is good! -
Airplay355 wrote: »Why are they full of holes? Just wonderin...
I have a Mac and I've never had a problem with anything. Not trying to be a fanboy, just stating my experience.
Because they can be really. They dont have to fix it because not many people target them. But the with the increasing numbers of people getting Apple, I would expect theyre going to start getting a lot more viruses. People are under the false assumption that Mac's are more 'virus-proof' than PCs. In fact, the opposite is true. Its just that there are many, many more numbers of PCs than Macs. And if youre going to make a virus, you might as well make one thats going to affect more people.
-CodyMusic is like candy, you have to get rid of the rappers to enjoy it -
-
disneyjoe7 wrote: »Why pick on something full of holes, when PC's are 8 to 1 on causing heck? (Note just my $.02 here, don't quote me on the facts jack)
You are on the right track with your logic - it is definitely because there are so few Mac's around. If someone is interested in causing trouble they are going to shoot for the largest target. And you are also correct in assuming that your numbers are off. I work for the number 1 PC manufacturer in the world. We build and ship more PC's in 1 day than Apple builds and sells for the entire year. We are just one of the 3 largest - it is more like 10,000 - 1:)
Apple sells a lot of MP3 players and now a respectable number of cell phones. People commonly mistake this as making them a volume player in the world of consumer electronics. I personally own 1 MP3 player and 1 cell phone but I have 6 PC's in my house.
Regards,
JW -
Look, I'm a PC guy, but anyone who thinks that Apples are "full of holes" need to do a tad bit of research. Yes, a large reason they don't get viruses is because they're not targeted, but the other large reason is that they're based on a much more secure foundation. I'd love to know where you guys get your info that it's "full of holes", aside from it being something you want to be true, or heard from someone.If you will it, dude, it is no dream.
-
With regards to Macs - I'm not really sure if they are really "full of holes" like someone said in this thread, but I do know that they are not virus-proof.polkaudio RT35 Bookshelves
polkaudio 255c-RT Inwalls
polkaudio DSWPro550WI
polkaudio XRT12 XM Tuner
polkaudio RM6750 5.1
Front projection, 2 channel, car audio... life is good! -
My IE recently got attacked but everyone was telling me it was because of malware. Turned out to be a hacked router that was redirecting web pages.
So switching to Firefox wouldn't have done anything - I'd have the same problem even if I were on a Mac!!
(speaking of which, a friend of mine got a virus on his Mac)
I'd be interested to know what you did to clean your router, as well as more details about the Mac virus....? -
I'd be interested to know what you did to clean your router, as well as more details about the Mac virus....?
I just did a factory reset on the router. That cleared the DNS settings and then I proceeded to put a new password on the router.polkaudio RT35 Bookshelves
polkaudio 255c-RT Inwalls
polkaudio DSWPro550WI
polkaudio XRT12 XM Tuner
polkaudio RM6750 5.1
Front projection, 2 channel, car audio... life is good! -
exalted512 wrote: »Because they can be really. They dont have to fix it because not many people target them. But the with the increasing numbers of people getting Apple, I would expect theyre going to start getting a lot more viruses. People are under the false assumption that Mac's are more 'virus-proof' than PCs. In fact, the opposite is true. Its just that there are many, many more numbers of PCs than Macs. And if youre going to make a virus, you might as well make one thats going to affect more people.
-Cody
+1 Absolutely-That and Microsoft is a huge target, thus more resources are directed that way.____________________
This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.
HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
Pool: Atrium 60's/45's -
With all this talk about security, no wonder large companies run Intranet over Internet networks.
Speakers
Carver Amazing Fronts
CS400i Center
RT800i's Rears
Sub Paradigm Servo 15
Electronics
Conrad Johnson PV-5 pre-amp
Parasound Halo A23
Pioneer 84TXSi AVR
Pioneer 79Avi DVD
Sony CX400 CD changer
Panasonic 42-PX60U Plasma
WMC Win7 32bit HD DVR -
With regards to Macs - I'm not really sure if they are really "full of holes" like someone said in this thread, but I do know that they are not virus-proof.
+1 - True dat
Mac and other Unix/Linux variants cannot rest on thier laurels. As far as Browser related malware--most apps like Firefox, etc are simply ports with the same base code and thus can suffer the same vulnerabilities regardless of the OS. There may not be as many application and OS level vulnerabilities, but they do exist.____________________
This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.
HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
Pool: Atrium 60's/45's -
disneyjoe7 wrote: »With all this talk about security, no wonder large companies run Intranet over Internet networks.
What do you mean?____________________
This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.
HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
Pool: Atrium 60's/45's -
I got wacked about a week ago with adware and a backdoor trojan.
My registry was a mess and wouldn't let me get to Microsoft or AVG.
Took me 2 days to get it straight finally with STOPzilla.
Firefox is now installed and I use it for my critical web work now.
You do know that you can get malware and viruses other than via a web browser right? Email being one of the biggest purpetrators. Network connected systems being another. Warez is also one of the biggest sources.
Motzart, which unpatched Internet Explorer vulnerability did you have that was exploited that caused you to get infected?____________________
This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.
HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
Pool: Atrium 60's/45's -
Large companies run websites which only work internal to them. Also may run networks which only work internal of them.
Speakers
Carver Amazing Fronts
CS400i Center
RT800i's Rears
Sub Paradigm Servo 15
Electronics
Conrad Johnson PV-5 pre-amp
Parasound Halo A23
Pioneer 84TXSi AVR
Pioneer 79Avi DVD
Sony CX400 CD changer
Panasonic 42-PX60U Plasma
WMC Win7 32bit HD DVR -
disneyjoe7 wrote: »Large companies run websites which only work internal to them. Also may run networks which only work internal of them.
Ah, I see what you're saying. But thats not a total security solution there either. These large companies also have employees that have access to the internal networks that surf the web, read email, install apps, let thier kids install games, connect to unsecure networks, connect to thier home network with the work laptop without ensuring the home network is secure, etc. etc etc...thus providing a catalyst for the spread by the potentially unaware employee. Most breaches of corporate systems, either by the disgruntled employee or the unknowing employee opening that email, etc., happen internally.
Everybody simply needs to be a little more aware of the web sites they connect to, the emails they open, the programs they install, the passwords they use and how they store them, how to verify identity of sites, how to encrypt communications, etc, etc.____________________
This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.
HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
Pool: Atrium 60's/45's -
dumb pc ? if i am using mozilla can i uninstall IE ?Speakers:
Definitive BP7001sc mains
Definitive C/L/R 3000 center
Polk RT800i's rears
Definitive supercube I Sub
Audio:
Onkyo TX-NR3010
Emotiva XPA five Gen 3
OPPO BDP-103 CD, SACD, DVD-A
Video:
Panasonic TC-P65ZT60
OPPO BDP-103 Bluray
Directv x's 2 -
bobman1235 wrote: »Look, I'm a PC guy, but anyone who thinks that Apples are "full of holes" need to do a tad bit of research. Yes, a large reason they don't get viruses is because they're not targeted, but the other large reason is that they're based on a much more secure foundation. I'd love to know where you guys get your info that it's "full of holes", aside from it being something you want to be true, or heard from someone.
http://news.zdnet.co.uk/security/0,1000000189,39291625,00.htm
My IS dept. doesn't want them on the network. Granted, this report is
from last year, but it's a fine example of perception VS. reality."The legitimate powers of government extend to such acts only as are injurious to others. But it does me no injury for my neighbour to say there are twenty gods, or no god. It neither picks my pocket nor breaks my leg." --Thomas Jefferson -
So, if you have IE on your machine but do not use it (use firefox instead) you are ok?Mains.............Polk LSi15 (Cherry)
Center............Polk LSiC (Crossover upgraded)
Surrounds.......Polk LSi7 (Gloss Black - wood sides removed and crossovers upgraded)
Subwoofers.....SVS 25-31 CS+ and PC+ (both 20hz tune)
Pre\Pro...........NAD T163 (Modded with LM4562 opamps)
Amplifier.........Cinepro 3k6 (6-channel, 500wpc@4ohms) -
bobman1235 wrote: »If you're still using IE instead of the far superior alternatives, you deserve this.
He he he...