Slashdot Mirror


Controversy Surrounds Huge IE Hole

Suchetha wrote in with a Wired News bit talking about security hole in IE that allows malicious web pages to reformat a hard drive. The Wired talks more about bugtrack's handling of the whole thing, and how it essentially posted working code for the exploit. Was it irresponsible or not?

13 of 740 comments (clear)

  1. The Wired, huh? by Millennium · · Score: 5, Funny

    The Wired talks more about bugtrack's handling of the whole thing...

    Dude; since when did Lain start writing technical articles?

  2. Re:Yes!!! by AresTheImpaler · · Score: 5, Funny
    It might be my sadistic side, but I prefer for working exploits to be posted by the security sites... It gives you a way of checking to see if you are vulnerable. In the case of M$ bugs, it also puts more pressure on the company to come up with a fix for the problem quickly.

    Right in the point man. Now, I'm running the code right now to see if im vulne

  3. This Linux's big chance! by jvmatthe · · Score: 5, Funny
    "Showing people how to automatically format hard disks from a Web page isn't 'full disclosure,'" Smith said. "It is malicious code writing."

    Now all we need is a way to embed an ISO image of a Linux system into the web page and use the same exploit to install an alternative operating system. Just think of the banner ads! "Click here to Install Linux!" and "Get That Windows Monkey Off Your Back! Hit the Monkey to Try!" and "Eliminate Windows Instabilities Forever. Click Now!". Then it won't be malicious. It'll be setting all those people FREE! ;^D
  4. Where's the Mac version of the exploit? by toupsie · · Score: 5, Funny

    I just tried using the exploit code on my Mac OS X box running Internet Explorer and it didn't work. My hard disk was not formatted. I am disappointed. Why is Microsoft treating Mac users different than Windows users? Its not often that Mac OS X users get to use those nice 'Recovery CDs' that get shipped with Macs. We pay top dollar for our computers, we might as get to use everything that comes with them. Thanks a lot Microsoft! Just for leaving me out, I'm switching to Mozilla where are all the security problems and bugs are cross platform!

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.
  5. Re:Irresponsible? by ahaning · · Score: 5, Funny

    ssh into your box, su to root, then fsck your harddrive

    I wouldn't be so pissed as long as the attacker did this often. It's such a hassle to wait for my system to do a monthly e2fsck when the partitions have readched their maximal mount count.

    --
    Withdrawal before climax is very ineffective and those who try this are usually called "parents."
  6. Another Link by sdjunky · · Score: 5, Funny

    Here's some more info... click this link it's ok.. you can trust it... go on.. you know you want to.

    Nothing to fear. Just a link.

  7. Re:Yes!!! by GenericJoe · · Score: 5, Funny

    Yeah, but now you *aren't*

    It's a self-fixing exploit!

  8. Dissapointing WINE performance by sonra · · Score: 5, Funny

    Found the code, made a web page and verified the exploit with ie5 win200...
    Tried it on WINE using CrossOver Office.
    and was very disappointed to find that WINE once again did not live up to it goal of being bug for bug compatible with windows.

    All i got was HTML help and a script error. No files written to my "C:" and no exploit.

    *sigh* Guess WINE still needs some work.

  9. Re:BAD BAD BAD! Why? Now the script kiddies have i by adb · · Score: 5, Funny

    Right, because script kiddies don't hang out on IRC and get this stuff before Bugtraq. Also, the sky is not blue and there is no porn on the internet.

  10. Re:Shooting the messenger .. by xrayspx · · Score: 5, Funny

    Go ahead, shoot Messenger. It's had its fair share of bugs too...

    Whoopsie
    Daisy

  11. Thanks for the Help Microsoft! by litewoheat · · Score: 5, Funny

    So I figured that I could avoid this by just deleting the key in my registry for IE help so that the OCX would never load and the exploit wouldn't work. I did that and it solved the problem! But wait... Windows is now trying to "help" me by putting that registry key back the way it was! Thank you so much Windows for saving me from myself and reopening the door to my harddrive. What would I do without you?

  12. Re:Of course it was irresponsible by Pyrometer · · Score: 5, Funny
    What's a worse situation? A bug that goes completely unnoticed by the general population, but is quietly exploited for months by hackers that have done their homework....or...maybe a few more script kiddies find out about it but now Joe Public is WELL aware of it, due in no small part to the discussions that happen on boards like this.

    Riiighhhhtttttt ... so "Joe Public" is reading /. and Wired now is he(/she)? :)

  13. Re:Of course it was irresponsible by Anonymous Coward · · Score: 5, Funny

    You will have a hard time proving this, because all of your data would be gone...