Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Site Attacks Against Unpatched IE Flaw Spike

Posted by ryuzaki0 on from the not-a-good-spike dept.

An anonymous reader wrote to mention a Washingtonpost.com article about an increase in attacks against IE users via a critical, unpatched flaw. The bug allows software to be downloaded to the vulnerable PC even if the only act the user takes is browsing to a web site. From the article: "[A] password-stealing program landed on the Windows PC belonging to Reaz Chowdhury, a programmer for Oracle Corp. who works out of his home in Orlando, Fla. Chowdhury said he's not sure which site he browsed in the past 24 hours that hijacked his browser, but he confirmed that the attackers had logged the user name and password for his company's virtual private network (VPN)."

9 of 268 comments (clear)

  1. That why I stay with #2 or #3 by jellomizer · · Score: 4, Interesting

    My Rule of thumb is whenever possible choose and use the #2 or #3 popular software. The #2 and #3 have enough features to be useful but gets less attention then #1. Use Linux or OS X instead of Windows, Choose Opera, Firefox, Safari over IE. No it is not a fixed in stone rule but I find it helps me out more then it hinders me.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  2. Serious Question (not flaimbait) by MudButt · · Score: 3, Interesting

    What's the general opinion? If the majority of casual surfers used Firefox or other alternative, would reverse engineers switch focus to those apps?

    If the goal is to infect the most systems, then by defualt, you'd avoid Mozilla or Konqueror simply because (at best) you could only hope to control a fraction of machines with active internet connections. Maybe this question has been asked before...

  3. Will IE in Vista be in managed code? by WoTG · · Score: 3, Interesting

    Of all the bits of software in Windows, perhaps the IE should be at the top of the list for migrating to .net managed code. It seems to be the most problematic (not necessarily because of code quality, but because it's a big juicy target for hackers).

  4. Re:Legislation Needed? by teshuvah · · Score: 5, Interesting

    I work on an air force base, and not only is IE the standard, but Firefox is on the list of unapproved apps. so if you're caught using it via the monthly scans, you're forced to uninstall it.

  5. easy fix in XP by TheRealBurKaZoiD · · Score: 3, Interesting

    Just set a software restriction policy to disallow executables from running from your temporary internet files. It's one of the first things I ever do when I set up my PC. Easy-peasy, japanesy.

  6. Comment removed by account_deleted · · Score: 2, Interesting

    Comment removed based on user account deletion

  7. Re:Legislation Needed? by sedyn · · Score: 3, Interesting

    I view software as a contract. In open source, if you view code and find problems then you should try to have the "contract" updated. If you do not find problems on a pre-emptive basis yet they exist then you are SOL. Think that is unfair to non-programmers? If I signed a large/vital contract without a lawyer's assistance and got screwed, would I get much sympathy, let alone any legal recourse (would I even get legal recourse if I had a lawyer)?

    This means that in closed source, the developers are the "lawyers" who proof-read the "contract". Though, agreeing to a secret contract may not be the best idea (not like I've read the Linux/BSD/* source), but that is another issue.

    This means that we have to trust the developer's judgement. In this case, we have to trust that the developers will fix it as soon as possible. If that is legislated then rushing may occur to meet deadlines, possibly leading to more bugs.

    I think we should hold companies responsible for errors, where a EULA cannot absolve them from the responsibility provide the services that they promised at the time of purchase, let alone any loss/theft of data. If managers had to factor in "cost of bugs" then I suspect developers would be given more time/resources to fix problems.

    --
    Am I open minded towards open source, or closed minded towards closed source?
  8. Not Helpful In Terms of Security by EXTomar · · Score: 2, Interesting

    I'm not saying that having IE written in full managed code isn't a good idea but it won't help with security. A good chunk of the problems come from the ambiguous uses of various technology in IE (Active X, jscript, etc). Many of these are functioning exactly as designed but still having undesirable side effects such as completely unsecured. These are problems that would exist reguardless of the language binding used to build IE upon because logical problems are still logical problems reguardless if they are in C or Perl or C#. Rewriting a poorly designed, insecure system in C# does not automatically create a secured system (although it might make it more obscured).

    Besides, the .Net Framework itself has yet another security tool that needs to be configured and can subsequently misconfigured. It is another "confusing to the nominal user" setting that most laymen are likely to ignore than pay attention too.

  9. Re:*sigh* by user24 · · Score: 3, Interesting

    oh my god. that is just....
    wow.
    you'd think that clicking something under the VIEW menu would, you know, change what you can see. Rather than changing the basic way in which the calculator works.
    I still can't believe this.

    "Hello, Microsoft Support"
    "yeah, I've got a problem with the calculator"
    "ok"
    "yeah, sometimes when I type an equation in, it gives me one answer, but other times it gives me a different answer"
    "oh yes, that's right sir, the calculator gives you different answers depending on which buttons you can see on the screen...."