Internet Explorer security flaw

Disc Jockey
Disc Jockey Posts: 1,013
edited December 2008 in The Clubhouse
I just heard about this today but it's apparently been known about for a few days. Mostly centered in China and used to get gaming passwords but can be adapted to get passwords of many types. The exploiter can be installed on legit sites to attack IE

story here: http://voices.washingtonpost.com/securityfix/2008/12/microsoft_big_security_hole_in.html

MS aadvisory here: http://www.microsoft.com/technet/security/advisory/961051.mspx

List of workarounds here: http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx#workarounds

Obviously, easiest thing is to use something other then IE for now.
"The secret of happiness is freedom. The secret of freedom is courage." Thucydides
Post edited by Disc Jockey on
«1

Comments

  • exalted512
    exalted512 Posts: 10,735
    edited December 2008
    Google officially released Chrome now(non-beta)...sounds like a good time to switch over.
    -Cody
    Music is like candy, you have to get rid of the rappers to enjoy it
  • Serendipity
    Serendipity Posts: 6,975
    edited December 2008
    IE's been working fine for me right now, but if these security vulnerabilities continue I might consider switching to Firefox.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • Motzart
    Motzart Posts: 1,075
    edited December 2008
    I got wacked about a week ago with adware and a backdoor trojan.
    My registry was a mess and wouldn't let me get to Microsoft or AVG.
    Took me 2 days to get it straight finally with STOPzilla.
    Firefox is now installed and I use it for my critical web work now.

    Yamaha RX-A710 90Watt 7.1
    Mains: RTi A1's Center: CS150 Sats: RT15i's Sub: Velodyne DPS-10
    Music CD: Sony CDP-CE375 5 Disk
    HD TV: Vizio 42" LCD 1080p E420VO
    Blu-Ray: Sony BDP-S350
    DVD: Sony DVP-NC665P 5 Disk
    AV Rack: Sanus Euro EFAB-II Audio Base x2 EFAS-II Audio Expansion Shelf x4
    Cables Used: Monster Cable HPD Sony HDMI DLCHE18W
    Phones: Sennheiser HD280 Pro
  • Conradicles
    Conradicles Posts: 6,079
    edited December 2008
    Motzart wrote: »
    I got wacked about a week ago with adware and a backdoor trojan.
    My registry was a mess and wouldn't let me get to Microsoft or AVG.
    Took me 2 days to get it straight finally with STOPzilla.
    Firefox is now installed and I use it for my critical web work now.

    I love Firefox.
  • shack
    shack Posts: 11,154
    edited December 2008
    "Just because you’re offended doesn’t mean you’re right." - Ricky Gervais

    "For those who believe, no proof is necessary. For those who don't believe, no proof is possible." - Stuart Chase

    "Consistency requires you to be as ignorant today as you were a year ago." - Bernard Berenson
  • Serendipity
    Serendipity Posts: 6,975
    edited December 2008
    My IE recently got attacked but everyone was telling me it was because of malware. Turned out to be a hacked router that was redirecting web pages.

    So switching to Firefox wouldn't have done anything - I'd have the same problem even if I were on a Mac!!

    (speaking of which, a friend of mine got a virus on his Mac)
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • Motzart
    Motzart Posts: 1,075
    edited December 2008
    shack wrote: »

    Hey Microsloth's middle name "PATCH" :mad:

    Can't make nothing right the first time.....charge ya big bux for their programs....makes Guniea Pigs out of it's users....been doing it since day one!!

    Yamaha RX-A710 90Watt 7.1
    Mains: RTi A1's Center: CS150 Sats: RT15i's Sub: Velodyne DPS-10
    Music CD: Sony CDP-CE375 5 Disk
    HD TV: Vizio 42" LCD 1080p E420VO
    Blu-Ray: Sony BDP-S350
    DVD: Sony DVP-NC665P 5 Disk
    AV Rack: Sanus Euro EFAB-II Audio Base x2 EFAS-II Audio Expansion Shelf x4
    Cables Used: Monster Cable HPD Sony HDMI DLCHE18W
    Phones: Sennheiser HD280 Pro
  • bobman1235
    bobman1235 Posts: 10,822
    edited December 2008
    If you're still using IE instead of the far superior alternatives, you deserve this.
    If you will it, dude, it is no dream.
  • sucks2beme
    sucks2beme Posts: 5,601
    edited December 2008
    appadv wrote: »
    So switching to Firefox wouldn't have done anything - I'd have the same problem even if I were on a Mac!!

    (speaking of which, a friend of mine got a virus on his Mac)

    Mac's are so full of holes, it isn't even funny. At some point hackers are
    going to get tired of beating up MS and go for the easy pickings.
    "The legitimate powers of government extend to such acts only as are injurious to others. But it does me no injury for my neighbour to say there are twenty gods, or no god. It neither picks my pocket nor breaks my leg." --Thomas Jefferson
  • Airplay355
    Airplay355 Posts: 4,298
    edited December 2008
    Why are they full of holes? Just wonderin...

    I have a Mac and I've never had a problem with anything. Not trying to be a fanboy, just stating my experience.
  • disneyjoe7
    disneyjoe7 Posts: 11,435
    edited December 2008
    Why pick on something full of holes, when PC's are 8 to 1 on causing heck? (Note just my $.02 here, don't quote me on the facts jack)

    Speakers
    Carver Amazing Fronts
    CS400i Center
    RT800i's Rears
    Sub Paradigm Servo 15

    Electronics
    Conrad Johnson PV-5 pre-amp
    Parasound Halo A23
    Pioneer 84TXSi AVR
    Pioneer 79Avi DVD
    Sony CX400 CD changer
    Panasonic 42-PX60U Plasma
    WMC Win7 32bit HD DVR


  • Serendipity
    Serendipity Posts: 6,975
    edited December 2008
    Airplay355 wrote: »
    Why are they full of holes? Just wonderin...

    I have a Mac and I've never had a problem with anything. Not trying to be a fanboy, just stating my experience.

    I'm not really sure why, but I do know they can be susceptible to malicious code (like my friend that got his Mac infected)...

    I was just trying to say that no OS is 100% safe, that's all :)
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • exalted512
    exalted512 Posts: 10,735
    edited December 2008
    Airplay355 wrote: »
    Why are they full of holes? Just wonderin...

    I have a Mac and I've never had a problem with anything. Not trying to be a fanboy, just stating my experience.

    Because they can be really. They dont have to fix it because not many people target them. But the with the increasing numbers of people getting Apple, I would expect theyre going to start getting a lot more viruses. People are under the false assumption that Mac's are more 'virus-proof' than PCs. In fact, the opposite is true. Its just that there are many, many more numbers of PCs than Macs. And if youre going to make a virus, you might as well make one thats going to affect more people.
    -Cody
    Music is like candy, you have to get rid of the rappers to enjoy it
  • PolkThug
    PolkThug Posts: 7,532
    edited December 2008
  • jeffwalter
    jeffwalter Posts: 43
    edited December 2008
    disneyjoe7 wrote: »
    Why pick on something full of holes, when PC's are 8 to 1 on causing heck? (Note just my $.02 here, don't quote me on the facts jack)

    You are on the right track with your logic - it is definitely because there are so few Mac's around. If someone is interested in causing trouble they are going to shoot for the largest target. And you are also correct in assuming that your numbers are off. I work for the number 1 PC manufacturer in the world. We build and ship more PC's in 1 day than Apple builds and sells for the entire year. We are just one of the 3 largest - it is more like 10,000 - 1:)

    Apple sells a lot of MP3 players and now a respectable number of cell phones. People commonly mistake this as making them a volume player in the world of consumer electronics. I personally own 1 MP3 player and 1 cell phone but I have 6 PC's in my house.

    Regards,
    JW
  • bobman1235
    bobman1235 Posts: 10,822
    edited December 2008
    Look, I'm a PC guy, but anyone who thinks that Apples are "full of holes" need to do a tad bit of research. Yes, a large reason they don't get viruses is because they're not targeted, but the other large reason is that they're based on a much more secure foundation. I'd love to know where you guys get your info that it's "full of holes", aside from it being something you want to be true, or heard from someone.
    If you will it, dude, it is no dream.
  • Serendipity
    Serendipity Posts: 6,975
    edited December 2008
    With regards to Macs - I'm not really sure if they are really "full of holes" like someone said in this thread, but I do know that they are not virus-proof.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • John30_30
    John30_30 Posts: 1,024
    edited December 2008
    appadv wrote: »
    My IE recently got attacked but everyone was telling me it was because of malware. Turned out to be a hacked router that was redirecting web pages.

    So switching to Firefox wouldn't have done anything - I'd have the same problem even if I were on a Mac!!

    (speaking of which, a friend of mine got a virus on his Mac)

    I'd be interested to know what you did to clean your router, as well as more details about the Mac virus....?
  • Serendipity
    Serendipity Posts: 6,975
    edited December 2008
    John30_30 wrote: »
    I'd be interested to know what you did to clean your router, as well as more details about the Mac virus....?

    I just did a factory reset on the router. That cleared the DNS settings and then I proceeded to put a new password on the router.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • mmadden28
    mmadden28 Posts: 4,283
    edited December 2008
    exalted512 wrote: »
    Because they can be really. They dont have to fix it because not many people target them. But the with the increasing numbers of people getting Apple, I would expect theyre going to start getting a lot more viruses. People are under the false assumption that Mac's are more 'virus-proof' than PCs. In fact, the opposite is true. Its just that there are many, many more numbers of PCs than Macs. And if youre going to make a virus, you might as well make one thats going to affect more people.
    -Cody

    +1 Absolutely-That and Microsoft is a huge target, thus more resources are directed that way.
    ____________________
    This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

    HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
    2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
    Pool: Atrium 60's/45's
  • disneyjoe7
    disneyjoe7 Posts: 11,435
    edited December 2008
    With all this talk about security, no wonder large companies run Intranet over Internet networks.

    Speakers
    Carver Amazing Fronts
    CS400i Center
    RT800i's Rears
    Sub Paradigm Servo 15

    Electronics
    Conrad Johnson PV-5 pre-amp
    Parasound Halo A23
    Pioneer 84TXSi AVR
    Pioneer 79Avi DVD
    Sony CX400 CD changer
    Panasonic 42-PX60U Plasma
    WMC Win7 32bit HD DVR


  • mmadden28
    mmadden28 Posts: 4,283
    edited December 2008
    appadv wrote: »
    With regards to Macs - I'm not really sure if they are really "full of holes" like someone said in this thread, but I do know that they are not virus-proof.

    +1 - True dat
    Mac and other Unix/Linux variants cannot rest on thier laurels. As far as Browser related malware--most apps like Firefox, etc are simply ports with the same base code and thus can suffer the same vulnerabilities regardless of the OS. There may not be as many application and OS level vulnerabilities, but they do exist.
    ____________________
    This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

    HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
    2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
    Pool: Atrium 60's/45's
  • mmadden28
    mmadden28 Posts: 4,283
    edited December 2008
    disneyjoe7 wrote: »
    With all this talk about security, no wonder large companies run Intranet over Internet networks.

    What do you mean? :confused:
    ____________________
    This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

    HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
    2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
    Pool: Atrium 60's/45's
  • mmadden28
    mmadden28 Posts: 4,283
    edited December 2008
    Motzart wrote: »
    I got wacked about a week ago with adware and a backdoor trojan.
    My registry was a mess and wouldn't let me get to Microsoft or AVG.
    Took me 2 days to get it straight finally with STOPzilla.
    Firefox is now installed and I use it for my critical web work now.

    You do know that you can get malware and viruses other than via a web browser right? Email being one of the biggest purpetrators. Network connected systems being another. Warez is also one of the biggest sources.

    Motzart, which unpatched Internet Explorer vulnerability did you have that was exploited that caused you to get infected?
    ____________________
    This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

    HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
    2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
    Pool: Atrium 60's/45's
  • disneyjoe7
    disneyjoe7 Posts: 11,435
    edited December 2008
    Large companies run websites which only work internal to them. Also may run networks which only work internal of them.

    Speakers
    Carver Amazing Fronts
    CS400i Center
    RT800i's Rears
    Sub Paradigm Servo 15

    Electronics
    Conrad Johnson PV-5 pre-amp
    Parasound Halo A23
    Pioneer 84TXSi AVR
    Pioneer 79Avi DVD
    Sony CX400 CD changer
    Panasonic 42-PX60U Plasma
    WMC Win7 32bit HD DVR


  • mmadden28
    mmadden28 Posts: 4,283
    edited December 2008
    disneyjoe7 wrote: »
    Large companies run websites which only work internal to them. Also may run networks which only work internal of them.

    Ah, I see what you're saying. But thats not a total security solution there either. These large companies also have employees that have access to the internal networks that surf the web, read email, install apps, let thier kids install games, connect to unsecure networks, connect to thier home network with the work laptop without ensuring the home network is secure, etc. etc etc...thus providing a catalyst for the spread by the potentially unaware employee. Most breaches of corporate systems, either by the disgruntled employee or the unknowing employee opening that email, etc., happen internally.

    Everybody simply needs to be a little more aware of the web sites they connect to, the emails they open, the programs they install, the passwords they use and how they store them, how to verify identity of sites, how to encrypt communications, etc, etc.
    ____________________
    This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

    HT:Onkyo 805, Emotiva XPA-5, Mitsu 52" 1080p DLP / polkaudio RTi12, CSIa6, FXi3, uPro4K
    2-chnl : Pio DV-46AV (SACD), Dodd ELP, Emotiva XPA-1s, XPA-2, Odyssey Khartago, LSi9, SDA-SRS 2 :cool:, SB Duet, MSB & Monarchy DACs, Yamaha PX3 TT, SAE Tuner...
    Pool: Atrium 60's/45's
  • ntculenuff
    ntculenuff Posts: 1,146
    edited December 2008
    dumb pc ? if i am using mozilla can i uninstall IE ?
    Speakers:
    Definitive BP7001sc mains
    Definitive C/L/R 3000 center
    Polk RT800i's rears
    Definitive supercube I Sub
    Audio:
    Onkyo TX-NR3010
    Emotiva XPA five Gen 3
    OPPO BDP-103 CD, SACD, DVD-A
    Video:
    Panasonic TC-P65ZT60
    OPPO BDP-103 Bluray
    Directv x's 2
  • sucks2beme
    sucks2beme Posts: 5,601
    edited December 2008
    bobman1235 wrote: »
    Look, I'm a PC guy, but anyone who thinks that Apples are "full of holes" need to do a tad bit of research. Yes, a large reason they don't get viruses is because they're not targeted, but the other large reason is that they're based on a much more secure foundation. I'd love to know where you guys get your info that it's "full of holes", aside from it being something you want to be true, or heard from someone.

    http://news.zdnet.co.uk/security/0,1000000189,39291625,00.htm
    My IS dept. doesn't want them on the network. Granted, this report is
    from last year, but it's a fine example of perception VS. reality.
    "The legitimate powers of government extend to such acts only as are injurious to others. But it does me no injury for my neighbour to say there are twenty gods, or no god. It neither picks my pocket nor breaks my leg." --Thomas Jefferson
  • McLoki
    McLoki Posts: 5,231
    edited December 2008
    So, if you have IE on your machine but do not use it (use firefox instead) you are ok?
    Mains.............Polk LSi15 (Cherry)
    Center............Polk LSiC (Crossover upgraded)
    Surrounds.......Polk LSi7 (Gloss Black - wood sides removed and crossovers upgraded)
    Subwoofers.....SVS 25-31 CS+ and PC+ (both 20hz tune)
    Pre\Pro...........NAD T163 (Modded with LM4562 opamps)
    Amplifier.........Cinepro 3k6 (6-channel, 500wpc@4ohms)
  • zingo
    zingo Posts: 11,258
    edited December 2008
    bobman1235 wrote: »
    If you're still using IE instead of the far superior alternatives, you deserve this.

    He he he...