Slashdot Mirror
IE Vulnerable to Cross-Browser Spyware Attack
An anonymous reader writes "The Register reports that Firefox can be used to infect IE on Windows. By visiting a malicious site with Firefox, a user can infect their install of Internet Explorer. Other alternative browers may expose the same vulnerability. The article quotes the CTO of ScanSafe as saying that '[j]ust switching away from IE does not give adequate projection. Now that Firefox and other alternative browsers have a toehold in the market the hacking community will get busy exploiting the vulnerabilities that exist in any complex browser.'" VitalSecurity's report points out that this vulnerability can (only) affect Windows users who use Sun's Java Runtime Environment.
However, I remain convinced that one or two unpatched holes in FF is still safer than surfing in IE.
Fortunately the responsibility for a patch rests with Sun Microsystems as much as Mozilla Foundation so there'll be one pretty soon.
A firewall ought to give additional protection in the meantime - normally I add a rule to my PCs to prevent IE from accessing the web under any circumstances and would encourage others to do likewise from now on, I guess.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
It's not enough to remove I.E. and whatever else program you are using from Microsoft.
Whatever MS-stuff is left will be enough to get you infected.
The ONLY solution is to change operating system.
I suggest Linux.
Had to be said.
I don't know the meaning of the word 'don't' - J
Shouldn't it read, "Alternative Browsers Vulnerable To Cross-Browser Spyware Attack?"
The assumption has previously been that Java applets run in a sandbox and can't 0wn your box. Apparently there's a bug in the JVM (although I havn't seen a specific reference to details) and that assumption has been turned on its head.
Everyone is "blaming the user" about ignoring an SSL warning but even an experienced security person is likely to ignore such a warning. I don't give a shit that someone may be man in the middling or sniffing my applet download - most browsers download and run applets by default with no prompt over plain HTTP. The prompt wasn't related to Java, the prompt was related to an invalid SSL cert.
Now that we're seeing what happens when the same millions of clueless people run a safer browser, then the fault lies squarely on said users instead of the people who put it out.
My, how the times change.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
There's a little difference with that analogy, which is that people who smoke cigarettes are physically addicted to them.
If the coffee was hot enough to give third degree burns as many have mentioned, how was it not dangerously hot?
I think you're relying on yet another idiotic oversimplification so you can pretend you have a point.
Considering the stab at "liberal propoganda", I can only assume you're yet moron who thinks that their ignorance and oversimplification counts as "right wing", when only enlightened students of history can truly take up the monkier truthfully.
Go stab yourself in the face. The world will thank you for once.
It's been a long time.