Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Serious MSIE Hole

Posted by timothy on from the why-my-dad-gets-no-tech-support dept.

pjrc writes "Infoworld is reporting another new security hole that allows links to executable files to appear to be any other type of file, such as text or pdf. When combined with a previously reported spoofing bug, that Microsoft still hasn't fixed, Infoworld claims the result could be 'devastating'"

11 of 731 comments (clear)

  1. Hmmmm... by instantkarma1 · · Score: 5, Insightful

    Wasn't good ol' Bill just extolling the virtues of Windows Security in comparison to other 'unnamed' operating systems the other day?

    Would you like some more pie, Bill?

  2. very simple fix... by mike77 · · Score: 4, Insightful
    Anyone can do it.

    DON'T use IE!

    --

    --Keeping the flame wars alive, one post at a time

  3. I don't think MS cares anymore by Ignorant+Aardvark · · Score: 5, Insightful

    I really don't think Microsoft cares any more. They certainly don't care about the security of their customers. I supposed their objective with IE was to dominate the market by packaging it with Windows, and once that was completed, they simply stopped caring about IE. They haven't updated it in over two years, and its competitors have added all sorts of useful features in the meantime. And now that these bugs have been exposed and nothing is being done about it, it's time for people to move on to using other browsers - permanently. If people aren't convinced by the merits of other browsers, maybe they'll be convinced when their "tried and true IE" allows them to be scammed/defrauded.

    --
    Cyde Weys Musings - Scrutinizing the inscrutable
  4. Not that simple by blorg · · Score: 5, Insightful
    I use Opera myself and absolutely detest IE, but that doesn't help with the fact that IE is embedded in both the OS and very many other products - Outlook is an obvious example, but there are countless others, such as Winamp's minibrowser. It's very easy for developers to embed IE (e.g. the MSHTML control) in a product.

    Mozdev has some tips about completely disabling IE, even in other applications.

  5. Re:The Demo by RoLi · · Score: 5, Insightful
    The question is rather: "Why do Microsoft-sponsored TCO-studies never include the cost of viruses, worms, security holes and/or countermeasures against viruses, worms and security holes?"

  6. Re:Microsoft says: Don't click URLs anymore... by StringBlade · · Score: 4, Insightful
    Sure, but what "normal" user is going to type in a 300 character URL from an email or website link?

    <http://www.lsp.steelpharm64v.com/host/index.asp?I D=019102309840v0h0293jf8o998239p8valiu23nf8qoa8329 nor87fahl9w8n4fl98q2l938nf97va0283p97thrl9q274g >

    Yeah right.

    HyperText Markup Language was created in part to *link* documents quickly (i.e. so the user doesn't have to type in the document location manually). If we're supposed to just give up hyperlinks, why not just kiss the World Wide Web goodbye?

    --
    ...and that's the way the cookie crumbles.
  7. So, is this really unfixable? by ru-486 · · Score: 4, Insightful

    Quote from the article:

    "The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer's viability as a browser."

    They claim that this bug appears to be unfixable while not really providing evidence to support the claim other than implying that if it was indeed fixable Microsoft would have fixed it already.

    Is this just FUD?
    For the love of god I'm sick of patching. Thankfully we are using Microsoft Software Update Services which I highly recommend for automating your MS patching needs. (Hey it's free and works)

  8. Re:If I had a dollar by planetmn · · Score: 5, Insightful

    Why is it that a lot of people here don't know how to do a nice thing for somebody.

    If my in-laws computer needs some work, next time I am over there, I'll take a look at it, or try to help over the phone, it takes all of what, maybe 20 minutes.

    My uncle owns a small business, if I can save him some money by making recommendations for him or giving him some free tech-support, great.

    If you're nice to somebody, they are going to be nice to you, believe me, in the end, it's a wash.

    Plus, life is too short to be an asshole all of the time.

    -dave

    --
    /., where "Apple and Google provide Iran with nukes" will be refuted with "But Microsoft is a convicted monopolist"
  9. Re:If I had a dollar by Phenris+Wolfe · · Score: 5, Insightful

    You don't get used as free tech support by a lot of people, do you? I for one know that certain members of my family, and certain "friends" of mine will probably be calling me for the first time since the blaster worm thanks to MyDoom or whatever it is. They don't have time for me except when their computer goes to hell. Surely I'm not the only one here....

  10. Re:The Demo by fizbin · · Score: 4, Insightful
    Because Microsoft's market share guarantees that a disproportionate amount of viruses and worms will target their OS as opposed to some loser linux freak with an old 486 linux server in his mom's basement. The cost of these things is therefore irrelevant to the actual OS.

    And by the same logic, the cost of getting system administrators for Linux systems, or the availability of Linux software for specialized commercial needs, also both things driven purely (or at least largely) by Microsoft's market share, is "irrelevant to the actual OS". What's left then for a TCO study? The price of a boxed OS CD set? The price of necessary hardware?

    It's really bending over backwards to include in a TCO study the benefits of going with the same OS most of the desktop world is running while at the same time deliberately excluding the costs of using the same system most virus/worm writers target. Lauding the beneficial network effects while declaring the harmful network effects out of the scope of the study is just dishonest.
  11. Oh, it'll all blow over... by ch-chuck · · Score: 4, Insightful

    It always does. We've been thru dozens of these 'devestating' quality issues and the victims just queue up at Local Computer Store to buy another one. That's why they keep legions of hungry microsoftie out there to clean up after the latest worm de jour, meanwhile the gazillionair will be awarded a Nobel Peace prize or something.I mean, cheezus, it's only software - it's not like people are getting killed in poor quality cars or anything. Everybody knows you should backup important data anyway so just chill out and obey old your pc overlords.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }