Slashdot Mirror


Another Serious MSIE Hole

pjrc writes "Infoworld is reporting another new security hole that allows links to executable files to appear to be any other type of file, such as text or pdf. When combined with a previously reported spoofing bug, that Microsoft still hasn't fixed, Infoworld claims the result could be 'devastating'"

17 of 731 comments (clear)

  1. In other words,... by burgburgburg · · Score: 5, Funny
    it's Wednesday.

  2. this will show them by atari2600 · · Score: 5, Funny

    A demonstration of the hole is currently on security company Secunia's website and demonstrates that if you click on a link, and select "Open" it purports to be downloading a pdf file whereas in fact it is an HTML executable file.

    Haha this will show them - i am downloading the latest patch from www.mikerowesoft.com - m defen is str..o..noo!!..hel..elp

  3. I wonder by Anonymous Coward · · Score: 3, Funny

    I wonder how well I can navigate the internet with out clicking on any hyperlinks.

  4. From the article by nate1138 · · Score: 4, Funny

    From the article text:

    Doom worm currently reeking havoc across the globe.

    So it's a smelly worm? Or are they trying to say that Windows stinks?

    --
    Where's my lobbyist? Right here.
  5. But, but, but Bill said... by Space+cowboy · · Score: 4, Funny

    ... that Windows is far more secure than Linux or OSX because it gets tested so many more times out there in the wild..

    [Editors note: replace 'tested' with 'tested and found wanting']

    Simon.

    --
    Physicists get Hadrons!
  6. Re:Hmmmm... by eclectro · · Score: 4, Funny

    Wasn't good ol' Bill just extolling the virtues of Windows Security in comparison to other 'unnamed' operating systems the other day?

    He was busy being "knighted"

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  7. Re:But MS is "fixing" other issues... by poot_rootbeer · · Score: 3, Funny

    Microsoft is deprecating the use of "@" in URLS.

    The popularity of IE is about to drop sharply as the entire XXX-site-password-hacking community finds their reliable tricks no longer work.

    Should knock MS's browser marketshare down 10-15% just from that alone.

  8. If I had a dollar by BoomerSooner · · Score: 5, Funny

    for every person who constantly bitches about "pop-ups" or something messing up my computer related to IE. I'd retire. All I say is go to mozilla.org and leave me the hell alone.

    I guess being a computer professional is like being a doctor. Everyone asks you anything related to your field regardless of the situation (ie, dinner, getting dental work done, ...). I try to explain I'm a $100/hour (yes, outsourcing is my fault) contract software engineer. If you want me to reinstall your OS, Drivers, Applications and backup your data that will be about 6-8 hours (assuming they have any legit install disks) and roughly $600 to $800 total. They usually quit calling after that.

    It's like calling a mechanical engineer to change your fucking tire. Figure it out, it isn't that hard.

    1. Re:If I had a dollar by Luscious868 · · Score: 5, Funny
      I guess being a computer professional is like being a doctor. Everyone asks you anything related to your field regardless of the situation (ie, dinner, getting dental work done, ...). I try to explain I'm a $100/hour (yes, outsourcing is my fault) contract software engineer. If you want me to reinstall your OS, Drivers, Applications and backup your data that will be about 6-8 hours (assuming they have any legit install disks) and roughly $600 to $800 total. They usually quit calling after that.

      You hit the nail on the head there brother. I'm so sick and tired of people that I barely know calling me when their computer breaks asking for help. It always turns into a friggin 2 - 6 hour event. You know the routine. Uninstalling all the crap that people have downloaded. "Hey, let's install this cool looking Bonzi Buddy thingy, what can it hurt?". The idiots should be shot. Removing spyware, removing the 80 virues that have found there way onto the system. "Hey look at this funny attachment, it's called 'Dont Open Me I'm a Fucking Virus and I'll Fuck Up Your Computer.exe' why don't I open it and see what happens. Maybe it's a funny joke or something."

      I think I'm going to start telling people that I work for the post office and I'm currently taking court ordered anger management classes. That will shut them the fuck up real quick.

    2. Re:If I had a dollar by cens0r · · Score: 3, Funny

      Every time I fix a computer I get offered something in return. Be it a 6 pack of beer, a free dinner, a couple of drinks at the bar, etc, it's always something. Maybe I just have a nicer social network than you do?

      --
      Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
    3. Re:If I had a dollar by GMFTatsujin · · Score: 5, Funny
      I work for Local University (TM) at the medical library, which handles tech support for the campus. With the recent outbreak of the worm of the day, I've taken it upon myself to create a web page for our users on best computing practices. I'm still putting it together, so mostly it's just getting blocked out for structuring the content.

      Here's one of the sections that I wrote more out of catharsis than actual informative intent. It certainly won't make the web, but it got my point across.

      Don't Put Strange Things in Your Mouth

      It doesn't take fancy book-learnin' to catch on when you recieve an emailed attachment that you didn't ask for -- especially when it starts turning up from lots of different addresses in a short period of time. Opening an unrequested email attachment is about as hygenic as chewing on a urinal cake, and you should know better. That means you, Doctor Six-Years-in-Medical-School.
  9. Redundant headline by DocSnyder · · Score: 5, Funny
    "Another Serious MSIE Hole" could be shortened a bit:

    • Another - unnecessary.
    • Serious - less serious holes don't get any attention.

    What's left: "MSIE Hole".

    • Hole - what else?

    Still left: "MSIE"

    As most serious security problems affect MSIE, it can be omitted as well. The least redundant informative headline would be:

    • ""
    1. Re:Redundant headline by rokzy · · Score: 3, Funny

      "" could also stand for "SCO lies" or "RIAA acts like a dick", so I think "IE" would be best.

  10. Re:I don't think MS cares anymore by eclectro · · Score: 3, Funny

    I really don't think Microsoft cares any more

    It's called pride of 0wn3rship.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  11. Reminds me of the old joke by mcc · · Score: 3, Funny

    Q: How many Microsoft engineers does it take to change a light bulb?

    A: They don't, they just redefine darkness as the new standard.

  12. New Acronym: "A.S.S. Hole" by tds67 · · Score: 5, Funny

    Another Silly Software Hole.

  13. Re:No wonder by jpmkm · · Score: 3, Funny

    Boxen? Do you also hunt foxen?