Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source Firm Releases Patch for IE Bug [UPDATED]

Posted by CowboyNeal on from the anything-you-can-do dept.

An anonymous reader writes "An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information." Naturally, the source for the patch is available as well. Update: 12/19 15:06 GMT by M : Sadly, the patch appears to contain a buffer overflow and some possibly-malicious code - see an analysis and news story, and this comment which suggests the patch author is trying to figure out who is taking advantage of the original vulnerability. Caveat patcher.

33 of 544 comments (clear)

  1. No Trusted Computing logo on patch? by Anonymous Coward · · Score: 5, Funny

    I'm not downloading anything that isn't part of a MS plan. Sounds like a trojan attempt to me.

    1. Re:No Trusted Computing logo on patch? by Anonymous Coward · · Score: 5, Funny

      Did you know that MS are now sending out these patches direct via email? Be sure to install it when it arrives.

    2. Re:No Trusted Computing logo on patch? by zin · · Score: 3, Funny

      Yeah next XP service pack won't install because you have a corrupt OS file (due to an unauthorized patch).

      --
      -ZiN-
    3. Re:No Trusted Computing logo on patch? by nacturation · · Score: 4, Funny

      Of course it isn't a trojan. It's a legitimate security update which gets run on your system and makes IE invulnerable to that particular spoof attack. Why, openwares.org even has a definition on their site of what a trojan is:
      • Trojan and/or Worm loaders

        Trick unsuspecting users into downloading harmful viruses
        by disguising them as legitimate security updates.

      So you see, this is nothing more than a legitimate security upd... wait a second!!
      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  2. Re:Acceptance? by TellarHK · · Score: 4, Funny

    Why is the group releasing this on their own?
    To quote the wise sages of the Quake 3 voiceover...

    HUMILIATION!

    --
    My own pointless vanity vintage computing page
  3. New MS Security Fix by Ironclad2 · · Score: 5, Funny

    This patch fixes a security bug in Internet Explorer that could allow someone who actually knows what they're doing to repair buggy programs on your computer.

  4. What the "patch" really does.... by mikewren420 · · Score: 5, Funny

    What the article doesn't say is that the "patch" just removes IE and installs Mozilla. :)

  5. No thanks by Anonymous Coward · · Score: 5, Funny

    Sorry, but its going to be a cold day in hell when I run something from a website named "openwarez.org".

  6. OMG!!! by Infernon · · Score: 4, Funny

    It didn't ask me to reboot afterwards!!!
    Someone start knitting a sweater for Satan...

  7. did anyone else feel it... by Stevyn · · Score: 4, Funny

    when hell just froze over? Will microsoft actually have to acknowledge them? Thank them?

    1. Re:did anyone else feel it... by WolfWithoutAClause · · Score: 5, Funny
      Will microsoft actually have to acknowledge them?

      Yes, of course! The subpoena will mention them by name.

      --

      -WolfWithoutAClause

      "Gravity is only a theory, not a fact!"
  8. The patch was released a while back!!! by Eberlin · · Score: 2, Funny

    An open source firm issued the patch a while back -- It was called mozilla.

    How does this affect IE, the MS EULA, and all the other wonderful legal stuff that could be dragged out simply because you modified software that wasn't meant to be modified outside the confines of One Microsoft Way?

    Patch on, I guess...if you must. I sleep much more soundly with my RH9 and Firebird.

  9. Re:... huh? by arvindn · · Score: 4, Funny
    Try some of these (funny yet scary at the same time):
    • Next time there's a hole in MSIE so big you can drive a cart through it, MS will release a patch in a week and say: "See! We told you we're more secure than open source. We have a patch out already and openwares.org hasn't yet!"
    • People will believe them when they say that
    • Openwares is going to get sued by MS claiming there's no way they could have released a patch unless they illegally obtained the source
    • I'm sure there's a joke or three out there about the name (wares->warez) but I can't find it :)
  10. Crikey, mate. by IvyMike · · Score: 2, Funny

    That's not a link! This is a link:

    http://www.openwares.org/downloads/IEpatch.EXE

    P.S. I haven't actually tried the executable out, I just added the clickable goodness. I also couldn't pass up the chance to make a Crocodile Dundee joke.

  11. In other news... by BladeMelbourne · · Score: 5, Funny

    Open Source Firm Releases Patch for IE Bug

    In other news...

    Today Micro$oft contributed code to the Linux kernel, and announced plans to help iron out differences between Mozilla and MSIE :-)

  12. Poor Microsoft... (Not really, but...) by Pathway · · Score: 2, Funny

    Poor MicroSoft!

    Microsoft's biggest software threat gets a huge update, one of their own products gets a patch by a third party, Real Networks sues them for monopolistic activities, and Lord of the Rings - Return of the King (a movie made with cheap Linux boxes) is realeased. All this in a 48 hour period!

    Man, it's been a rough couple of days.

    Sm:)e.

  13. Re:Seriously. by NamShubCMX · · Score: 2, Funny
    he's actually in a "too-much-win" situation :P

    (t'was easy, sorry)

    --
    We've always been at war with Eurasia.
  14. Re: isnt reverse engineering against the EULA? by NortWind · · Score: 2, Funny

    Maybe they forgot to sign the EULA?

  15. Free IE patch and fix. by ratfynk · · Score: 4, Funny

    Found a wonderful fix it is called cfdisk! and slackware 9.1 setup, works great and no IE security issues!

    --
    OH THE SHAME I fell off the wagon and use sigs again!
  16. Re:And this matters why? by aled · · Score: 4, Funny

    Sued by... by customers bwahaha haha... not... 'nough...ha haha... air...got...to...breath...hahah sued.... customers....

    --

    "I think this line is mostly filler"
  17. How about this one .... by taniwha · · Score: 4, Funny

    M$ picks up an open source bug fix off the net, rolls it into IE and releases it real fast ..... 2 weeks later the FSF comes a knocking wanting to know where the source for IE is and "didn't you say in court your browser is so highly integrated into your OS it can't be removed ... we'll have the source to that too please" ....

  18. Re:... huh? by Niten · · Score: 5, Funny

    If this patch gets the press coverage that it deserves, maybe people will learn to take Microsoft's claims of better security response rates than those open-source folk, with a grain of salt.

    Or maybe Microsoft will actually start working harder to keep their software secure in a timely manner?

    </fingers_crossed>
  19. Re:This doesn't actually fix the problem by Ironica · · Score: 3, Funny

    While it's a nice step, it's no replacement for an official Microsoft patch.

    It's no replacement for... nothing, in other words?

    Microsoft hasn't even said they're *going* to patch this yet, you may be waiting an awful long time.

    --
    Don't you wish your girlfriend was a geek like me?
  20. Re:Can we really trust this patch? by Mikey-San · · Score: 4, Funny

    How do we know the executable doesn't have crap in there?

    You know, the same could be asked of Internet Explorer.

    --
    Mikey-San
    Karma: +Eleventy billion (mostly affected by watching Celebrity Jeopardy)
  21. Re:Inept and free! by lurker412 · · Score: 5, Funny

    Yeah, patch Q824145. In my case, it turned out to be a blessing. I got so pissed off that MSFT broke standard UI scrolling behavior that I switched to Firebird. I don't understand how a large, successful software company can do such sloppy QA and think that nobody will notice. But then, there are many things that I don't understand.

  22. Deee-licious by Saeed+al-Sahaf · · Score: 1, Funny

    Oh but wouldn't it be so deee-licious if people FED UP with Windoz bugs started relieasing fixes independent of M$? What do you suppose Bill and Friends would do?

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  23. Re:DMCA violator by webtre · · Score: 0, Funny

    in other news M$ sues SCO over patented intentional operating system backdoors

    --
    litigious bastards
    suck it sco!
  24. Re:How were they able to make such a patch... by Geek+of+Tech · · Score: 4, Funny
    >> Hmm, don't like that, it would be better to redirect it to someplace harmless like http://127.0.0.1

    Don't bother. I'm so 31337 that I just hacked that 127.0.0.1 loser... In a minute someone should be noticing their root file system missing.... Heheheh

    Hmmmm.... That's funny.... Where'd my MP3's go......

    --
    Stop the Slashdot effect! Don't read the articles!
  25. Re:Do Not Use It-It's Got a Huge Vulnerability Its by qtp · · Score: 4, Funny

    It seems you've got a good handle on this, so when can Openwares expect your patch for the vulnerability in thier patch?

    --
    Read, L
  26. In Other Other News... by Anonymous Coward · · Score: 4, Funny

    SCO Group of Lindon Utah announces that it has filed suit against Microsoft for including Unix/Linux code in Microsoft's Internet Explorer. Darl McBride says "There's no way these burger flipping losers could fix IE without our help. Microsoft couldn't even fix it without our lawyers."

    Shrewd investors continue to laugh at the SCO Group's activities and have the following comments:

    "The funniest thing I've seen since the Paris Hilton tapes!" - MSN

    "A gut buster worthy of John Belushi - but SCO does more drugs" - Timothy Leary

    SCO also announced that Caldera Linux licences still outpace all other SCO products - excluding lawsuits - by a 2:1 margin. Darl announced that they expect to make that 3 to 1 by next summer before they are purchased outright by IBM for $1.50 and a can of Red Bull.

  27. Gasp! You violated copyright! by Dwonis · · Score: 2, Funny

    // Terms of Agreement:
    //
    // By using this source code, you agree to the
    // following terms:
    //
    // 1) You may use the source code, resource
    // files for educational purposes only.
    // 2) You MAY NOT redistribute this source code
    // without written permission. Failure to do
    // so is a violation of copyright laws.
    // 3) The author of this code may have retained
    // certain "additional copyright rights".
    // If so, this is indicated in the author's
    // description.

  28. Re:How were they able to make such a patch... by jhoffoss · · Score: 2, Funny
    ...this is exactly the sort of shit that MS is talking about when it brings up it's FUD...
    Bet'cha five bucks these guys are under-cover MS operatives ordered to spoil the image of open-source developers by writing shitty code to break people's operating systems. Wait, why would they have to be undercover?
    --
    Linux: The world's best text-adventure game.
  29. Re:Use MyIE2 0.9.11 by insomaniac · · Score: 2, Funny

    I know I'm going to get modded to hell for this but how about a w3c compliant html/css implementation?

    --
    The way to corrupt a youth is to teach him to hold in higher value them who think alike than those who think differently