Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Serious MSIE Hole

Posted by timothy on from the why-my-dad-gets-no-tech-support dept.

pjrc writes "Infoworld is reporting another new security hole that allows links to executable files to appear to be any other type of file, such as text or pdf. When combined with a previously reported spoofing bug, that Microsoft still hasn't fixed, Infoworld claims the result could be 'devastating'"

4 of 731 comments (clear)

  1. Microsoft says: Don't click URLs anymore... by jea6 · · Score: 5, Interesting

    "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself. By manually typing the URL in the address bar, you can verify the information that Internet Explorer uses to access the destination Web site. To do so, type the URL in the Address bar, and then press ENTER."

    Find that hard to believe? http://support.microsoft.com/default.aspx?scid=kb; [ln];833786. Remember, type, don't click.

    --

    sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
  2. No more dangerous than normal. by doublem · · Score: 5, Interesting

    As MyDoom is showing, hackers don't need an exploit to spread. The social engineering is still more than enough to spread.

    This is a cute vector that can be used to take in another 10% of users, but since it looks like most of them will run any attachment you send them anyway, it's a moot point.

    A few years back, I coded an app and e-mailed it to all our users. The message came "from" the company owner and said "This is a virus, you will destroy all the data you have access to if you run this file."

    If they ran the file, it sent me a message with their computer name, username and other details.

    About 80% of the users ran it.

    I lost all faith in the human race that day.

    --
    "Live Free or Die." Don't like it? Then keep out of the USA
  3. Mozilla Firebird by Peredur · · Score: 4, Interesting

    It appears that Mozilla is only partially safe from this type of bug. When I went to the test page it still showed up as being a pdf in the filename field but identified as a html file. It then asked me what I wanted to do and defaulted to "open with mozilla firebird". This bug may be bigger than reported.

  4. Re:If I had a dollar by Afrosheen · · Score: 4, Interesting

    You're exactly right.

    When enough people get to know you as the local computer guy, you'll get phone calls, visits, you name it. People will expect it to be free by default unless you set a price. Make it fair but worth your time.

    Anyone on here bitching about 'feeling obligated' to provide 'free support', stop bitching. It's your own fault it's free. Charge a price. Believe it or not people are willing to pay their friends a reasonable fee, even if it's not cash. Tell them to rent a movie for you and bring it over, or bake a cake, or get a six pack of Guinness, whatever. I have a big box of Krispy Kreme sitting here from a friend of mine that needed spyware removed yesterday.

    Once you get people trained to think that indeed, your time and expertise are worth something, you won't even have to make requests. People will open their wallets or bring you stuff automatically.

    Don't let your passive-aggressive geek nature leave you with regrets or feeling used. Assert yourself.