Controversy Surrounds Huge IE Hole
Suchetha wrote in with a Wired News bit talking about
security hole
in IE that allows malicious web pages to reformat a hard drive. The Wired
talks
more about bugtrack's handling of the whole thing, and how it essentially posted working
code for the exploit. Was it irresponsible or not?
The Wired talks more about bugtrack's handling of the whole thing...
Dude; since when did Lain start writing technical articles?
Right in the point man. Now, I'm running the code right now to see if im vulne
Now all we need is a way to embed an ISO image of a Linux system into the web page and use the same exploit to install an alternative operating system. Just think of the banner ads! "Click here to Install Linux!" and "Get That Windows Monkey Off Your Back! Hit the Monkey to Try!" and "Eliminate Windows Instabilities Forever. Click Now!". Then it won't be malicious. It'll be setting all those people FREE!
Curmudgeon Gamer: Not happy
I just tried using the exploit code on my Mac OS X box running Internet Explorer and it didn't work. My hard disk was not formatted. I am disappointed. Why is Microsoft treating Mac users different than Windows users? Its not often that Mac OS X users get to use those nice 'Recovery CDs' that get shipped with Macs. We pay top dollar for our computers, we might as get to use everything that comes with them. Thanks a lot Microsoft! Just for leaving me out, I'm switching to Mozilla where are all the security problems and bugs are cross platform!
Strange women lying in ponds distributing swords is no basis for a system of government.
ssh into your box, su to root, then fsck your harddrive
I wouldn't be so pissed as long as the attacker did this often. It's such a hassle to wait for my system to do a monthly e2fsck when the partitions have readched their maximal mount count.
Withdrawal before climax is very ineffective and those who try this are usually called "parents."
Here's some more info... click this link it's ok.. you can trust it... go on.. you know you want to.
Nothing to fear. Just a link.
Yeah, but now you *aren't*
It's a self-fixing exploit!
Found the code, made a web page and verified the exploit with ie5 win200...
Tried it on WINE using CrossOver Office.
and was very disappointed to find that WINE once again did not live up to it goal of being bug for bug compatible with windows.
All i got was HTML help and a script error. No files written to my "C:" and no exploit.
*sigh* Guess WINE still needs some work.
Right, because script kiddies don't hang out on IRC and get this stuff before Bugtraq. Also, the sky is not blue and there is no porn on the internet.
Go ahead, shoot Messenger. It's had its fair share of bugs too...
Whoopsie
Daisy
I like music
So I figured that I could avoid this by just deleting the key in my registry for IE help so that the OCX would never load and the exploit wouldn't work. I did that and it solved the problem! But wait... Windows is now trying to "help" me by putting that registry key back the way it was! Thank you so much Windows for saving me from myself and reopening the door to my harddrive. What would I do without you?
Riiighhhhtttttt ... so "Joe Public" is reading /. and Wired now is he(/she)? :)
You will have a hard time proving this, because all of your data would be gone...