Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest IE Hole Lets Gopher Root You

Posted by ryuzaki0 on from the well-isn't-that-special dept.

rvaniwaa writes "Another hole in internet explorer has been discovered. This hole allows a hacker to root a user's computer whenever the user clicks on a gopher link. All versions of IE are affected and a Microsoft spokesman stated that the company is "moving forward on the investigation with all due speed""

5 of 533 comments (clear)

  1. Re:Too damn obvious by garcia · · Score: 1, Redundant

    Dude, he said there would be 6 months before the next security hole was patched!

  2. Google Search Returns about 421 results... by jea6 · · Score: 1, Redundant

    Searched the web for link:gopher://. Results 1 - 10 of about 421. Search took 0.03 seconds.

    Not an excuse for Microsoft, just an excuse to get modded 'Informative' :)

    --

    sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
  3. Re:And how's that working for ya? by dpilot · · Score: 1, Redundant

    They should ask for their money back on that study that claimed that Open Source would open us up to terrorists.

    --
    The living have better things to do than to continue hating the dead.
  4. Re:Wow... by thesolo · · Score: 1, Redundant

    most imporatant of these that gopher is absolutly archaic. I personally havn't seen a gopher server since 1996 (at MIT).

    Had you read the article, you do not need to have a Gopher server running. It is a URL buffer overflow in the Gopher protocol.

    Second, as always, Microsoft will have a patch out fairly quickly

    Again, had you read the article, you'd see that MS was informed of this back in May. I would hardly consider 3-4 weeks for a critical patch to be "fairly quickly". I would consider that to be atrociously slow. We are talking about full-on compromise of a system just by clicking a link. 3-4 weeks is NOT acceptable.

    Oh, and as for your comment about Mozilla, the Moz team had the last critical security error patched in less than 24 hours.

  5. Re:My thoughts: by hkmwbz · · Score: 2, Redundant
    Your journal entry looks like a carefully crafted troll. Of course people complain about Microsoft. Just look at their track record when it comes to security flaws. Compare a product like Apache, which has the greatest market share in the web server market, to IIS. IIS har far more serious flaws, including security holes that have lead to viruses and worms spreading even easier than before. Why? Because their e-mail clients and browsers are vulnerable as well.

    They should have worked with security in mind in the first place. Now, we are at their mercy. We have to wait for them to release patches. If they screw up the patch, it just makes things worse. What are we to do when the patch fixes one thing but messes up something else? It has happened before, and it will most likely happen again.

    I see no reason to cut Microsoft any slack until they get a grip and fix their security.

    The problem is that it's too late, at least for now. Most people will probably never patch their systems. Let's take my aunt as an example. She is a PC user, but doesn't understand what's going on. I could explain to her in detail what security holes are about and what they can do. She still wouldn't have a clue as to how install security updates.

    Perhaps Microsoft's next line of products will be released with proper security in mind. If so, perhaps in 5-10, or even 15-20 years, no one will be using the current flawed products. That is when the problem is gone.

    For now, Microsoft can try to put out the fire, but it's no use putting out a huge forest fire with a water pistol.

    People's criticism of Microsoft is well deserved, and there is no "bigotry" or "elitism" involved for the most part. It is people being sick and tired of the monopolist which doesn't even take the responsibility involved in having such a huge market share in these areas.

    --
    Clever signature text goes here.