Serious security flaw found in IE

Here's a News Article carried today by the BBC at
http://news.bbc.co.uk/2/hi/technology/7784908.stm

Serious security flaw found in IE

Users of Microsoft's Internet Explorer are being urged by experts to switch
to a rival until a serious security flaw has been fixed.

The flaw in Microsoft's Internet Explorer could allow criminals to take
control of people's computers and steal their passwords, internet experts
say.

Microsoft urged people to be vigilant while it investigated and prepared an
emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world's computer
users.


"Microsoft is continuing its investigation of public reports of attacks
against a new vulnerability in Internet Explorer," said the firm in a
security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the
"underlying vulnerability" was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
to the flaw Microsoft has identified.

Browser bait

"In this case, hackers found the hole before Microsoft did," said Rick
Ferguson, senior security advisor at Trend Micro. "This is never a good
thing."

As many as 10,000 websites have been compromised since the vulnerability was
discovered, he said.

"What we've seen from the exploit so far is it stealing game passwords, but
it's inevitable that it will be adapted by criminals," he said. "It's just a
question of modifying the payload the trojan installs."


Said Mr Ferguson: "If users can find an alternative browser, then that's
good mitigation against the threat."

But Microsoft counselled against taking such action.

"I cannot recommend people switch due to this one flaw," said John Curran,
head of Microsoft UK's Windows group.

He added: "We're trying to get this resolved as soon as possible.

"At present, this exploit only seems to affect 0.02% of internet sites,"
said Mr Curran. "In terms of vulnerability, it only seems to be affecting
IE7 users at the moment, but could well encompass other versions in time."

Richard Cox, chief information officer of anti-spam body The Spamhaus
Project and an expert on privacy and cyber security, echoed Trend Micro's
warning.

"It won't be long before someone reverse engineers this exploit for more
fraudulent purposes. Trend Mico's advice [of switching to an alternative web
browser] is very sensible," he said.

PC Pro magazine's security editor, Darien Graham-Smith, said that there was
a virtual arms race going on, with hackers always on the look out for new
vulnerabilities.

"The message needs to get out that this malicious code can be planted on any
web site, so simple careful browsing isn't enough."

"It's a shame Microsoft have not been able to fix this more quickly, but
letting people know about this flaw was the right thing to do. If you keep
flaws like this quiet, people are put at risk without knowing it."

"Every browser is susceptible to vulnerabilities from time to time. It's
fine to say 'don't use Internet Explorer' for now, but other browsers may
well find themselves in a similar situation," he added.

Here is the official notification from Microsoft which was first published
on December 10, 2008 and updated on December 15:
http://www.microsoft.com/technet/sec...ry/961051.mspx

Alan

"Alan" <> wrote in message
news:...
> Here's a News Article carried today by the BBC at
> http://news.bbc.co.uk/2/hi/technology/7784908.stm
>
> Serious security flaw found in IE
>
> Users of Microsoft's Internet Explorer are being urged by experts to
> switch to a rival until a serious security flaw has been fixed.
>
> The flaw in Microsoft's Internet Explorer could allow criminals to take
> control of people's computers and steal their passwords, internet experts
> say.
>
> Microsoft urged people to be vigilant while it investigated and prepared
> an emergency patch to resolve it.
>
> Internet Explorer is used by the vast majority of the world's computer
> users.
>
>
> "Microsoft is continuing its investigation of public reports of attacks
> against a new vulnerability in Internet Explorer," said the firm in a
> security advisory alert about the flaw.
>
> Microsoft says it has detected attacks against IE 7.0 but said the
> "underlying vulnerability" was present in all versions of the browser.
>
> Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
> to the flaw Microsoft has identified.
>
> Browser bait
>
> "In this case, hackers found the hole before Microsoft did," said Rick
> Ferguson, senior security advisor at Trend Micro. "This is never a good
> thing."
>
> As many as 10,000 websites have been compromised since the vulnerability
> was discovered, he said.
>
> "What we've seen from the exploit so far is it stealing game passwords,
> but it's inevitable that it will be adapted by criminals," he said. "It's
> just a question of modifying the payload the trojan installs."
>
>
> Said Mr Ferguson: "If users can find an alternative browser, then that's
> good mitigation against the threat."
>
> But Microsoft counselled against taking such action.
>
> "I cannot recommend people switch due to this one flaw," said John Curran,
> head of Microsoft UK's Windows group.
>
> He added: "We're trying to get this resolved as soon as possible.
>
> "At present, this exploit only seems to affect 0.02% of internet sites,"
> said Mr Curran. "In terms of vulnerability, it only seems to be affecting
> IE7 users at the moment, but could well encompass other versions in time."
>
> Richard Cox, chief information officer of anti-spam body The Spamhaus
> Project and an expert on privacy and cyber security, echoed Trend Micro's
> warning.
>
> "It won't be long before someone reverse engineers this exploit for more
> fraudulent purposes. Trend Mico's advice [of switching to an alternative
> web browser] is very sensible," he said.
>
> PC Pro magazine's security editor, Darien Graham-Smith, said that there
> was a virtual arms race going on, with hackers always on the look out for
> new vulnerabilities.
>
> "The message needs to get out that this malicious code can be planted on
> any web site, so simple careful browsing isn't enough."
>
> "It's a shame Microsoft have not been able to fix this more quickly, but
> letting people know about this flaw was the right thing to do. If you keep
> flaws like this quiet, people are put at risk without knowing it."
>
> "Every browser is susceptible to vulnerabilities from time to time. It's
> fine to say 'don't use Internet Explorer' for now, but other browsers may
> well find themselves in a similar situation," he added.
>
>
>

Alan wrote:
> Here's a News Article carried today by the BBC at
> http://news.bbc.co.uk/2/hi/technology/7784908.stm

<snip>

Good reason to use Firefox and not Internet Exploder.

Alias

"Alias" <> wrote in message
news:gi8va1$d40$...
> Alan wrote:
>> Here's a News Article carried today by the BBC at
>> http://news.bbc.co.uk/2/hi/technology/7784908.stm
>
> <snip>
>
> Good reason to use Firefox and not Internet Exploder.
>
> Alias


Hahaha!

Do you still use Firefox when utilising Linux?

Dave

~BD~ wrote:
> "Alias" <> wrote in message
> news:gi8va1$d40$...
>> Alan wrote:
>>> Here's a News Article carried today by the BBC at
>>> http://news.bbc.co.uk/2/hi/technology/7784908.stm
>> <snip>
>>
>> Good reason to use Firefox and not Internet Exploder.
>>
>> Alias
>
>
> Hahaha!
>
> Do you still use Firefox when utilising Linux?
>
> Dave
>
>

Yeah, I do. No IE on this puppy.

Alias

Alan wrote:
> Here's a News Article carried today by the BBC at
> http://news.bbc.co.uk/2/hi/technology/7784908.stm
<snip>

Alias wrote:
> Good reason to use Firefox and not Internet Exploder.

~BD~ wrote:
> Hahaha!
>
> Do you still use Firefox when utilising Linux?

Why not?
http://www.mozilla.com/en-US/firefox/all.html

It's not like you are limited all that much.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

"Alias" <> wrote in message
news:gi92cu$h4b$...
<snip>
>>> Good reason to use Firefox and not Internet Exploder.
>>>
>>> Alias
>>
>>
>> Hahaha!
>>
>> Do you still use Firefox when utilising Linux?
>>
>> Dave
>
> Yeah, I do. No IE on this puppy.
>
> Alias

Thanks for your answer, Alias.

Btw, did you see this response I gave you - it was deleted almost
immediately from the 'news.microsoft.com' server.

I really appreciate that, Alias - even though you found nothing of
interest. Thank you.

Maybe PABear will explain to someone like you why he thinks I'm special.
He has often said "Please don't feed the trolls...especially
/that/troll".

Have you ever visited Aumha (Robear's home territory) and challenged
anyone to a duel over technical matters? You might find *that*
interesting!!

Dave

~BD~ wrote:
> "Alias" <> wrote in message
> news:gi92cu$h4b$...
> <snip>
>>>> Good reason to use Firefox and not Internet Exploder.
>>>>
>>>> Alias
>>>
>>> Hahaha!
>>>
>>> Do you still use Firefox when utilising Linux?
>>>
>>> Dave
>> Yeah, I do. No IE on this puppy.
>>
>> Alias
>
> Thanks for your answer, Alias.
>
> Btw, did you see this response I gave you - it was deleted almost
> immediately from the 'news.microsoft.com' server.
>
> I really appreciate that, Alias - even though you found nothing of
> interest. Thank you.
>
> Maybe PABear will explain to someone like you why he thinks I'm special.
> He has often said "Please don't feed the trolls...especially
> /that/troll".
>
> Have you ever visited Aumha (Robear's home territory) and challenged
> anyone to a duel over technical matters? You might find *that*
> interesting!!
>
> Dave
>
>

Yes, and I replied to it. I don't use the MS servers as you can see from
my headers. I guess my posts are being censored there. BFD.

Alias

"Shenan Stanley" <> wrote in message
news:...
> Alan wrote:
>> Here's a News Article carried today by the BBC at
>> http://news.bbc.co.uk/2/hi/technology/7784908.stm
> <snip>
>
> Alias wrote:
>> Good reason to use Firefox and not Internet Exploder.
>
> ~BD~ wrote:
>> Hahaha!
>>
>> Do you still use Firefox when utilising Linux?
>
> Why not?
> http://www.mozilla.com/en-US/firefox/all.html
>
> It's not like you are limited all that much.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>

Hello Shenan!

My question was not intended to be controvertial (this time! <g>)

I've not yet used Linux and simply wondered if, without Windows, there
was another way of browsing rather than by using IE or Firefox.

I hope that makes sense.

Dave

On Tue, 16 Dec 2008 16:56:19 -0500, Jack the Ripper <>
wrote:

>Alias wrote:
>> Alan wrote:
>>> Here's a News Article carried today by the BBC at
>>> http://news.bbc.co.uk/2/hi/technology/7784908.stm
>>
>> <snip>
>>
>> Good reason to use Firefox and not Internet Exploder.
>>
>
>What makes you think that FF is any better?
>
>http://www.vnunet.com/vnunet/news/22...-vulnerability

It's not susceptible to the current IE vulnerability - that's why.

DDW
--
Reply via this group
No email please