Slashdot Mirror


Another Serious MSIE Hole

pjrc writes "Infoworld is reporting another new security hole that allows links to executable files to appear to be any other type of file, such as text or pdf. When combined with a previously reported spoofing bug, that Microsoft still hasn't fixed, Infoworld claims the result could be 'devastating'"

2 of 731 comments (clear)

  1. Microsoft says: Don't click URLs anymore... by jea6 · · Score: 5, Interesting

    "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself. By manually typing the URL in the address bar, you can verify the information that Internet Explorer uses to access the destination Web site. To do so, type the URL in the Address bar, and then press ENTER."

    Find that hard to believe? http://support.microsoft.com/default.aspx?scid=kb; [ln];833786. Remember, type, don't click.

    --

    sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
  2. No more dangerous than normal. by doublem · · Score: 5, Interesting

    As MyDoom is showing, hackers don't need an exploit to spread. The social engineering is still more than enough to spread.

    This is a cute vector that can be used to take in another 10% of users, but since it looks like most of them will run any attachment you send them anyway, it's a moot point.

    A few years back, I coded an app and e-mailed it to all our users. The message came "from" the company owner and said "This is a virus, you will destroy all the data you have access to if you run this file."

    If they ran the file, it sent me a message with their computer name, username and other details.

    About 80% of the users ran it.

    I lost all faith in the human race that day.

    --
    "Live Free or Die." Don't like it? Then keep out of the USA