Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Site Attacks Against Unpatched IE Flaw Spike

Posted by ryuzaki0 on from the not-a-good-spike dept.

An anonymous reader wrote to mention a Washingtonpost.com article about an increase in attacks against IE users via a critical, unpatched flaw. The bug allows software to be downloaded to the vulnerable PC even if the only act the user takes is browsing to a web site. From the article: "[A] password-stealing program landed on the Windows PC belonging to Reaz Chowdhury, a programmer for Oracle Corp. who works out of his home in Orlando, Fla. Chowdhury said he's not sure which site he browsed in the past 24 hours that hijacked his browser, but he confirmed that the attackers had logged the user name and password for his company's virtual private network (VPN)."

10 of 268 comments (clear)

  1. Lets say it together: by gerbalblaste · · Score: 5, Insightful

    Use Firefox

  2. Patch released! by spaztik · · Score: 5, Funny

    Download here:
    http://www.mozilla.com/firefox/

  3. Legislation Needed? by RunFatBoy.net · · Score: 5, Insightful

    I understand that there will be bugs. BIG gaping security holes will happen.

    I worked at an air force base and they were definitely standardized on IE. Knowing about these bugs and electing _not_ to fix them expediently, couldn't this be considered a threat to national security?

    If there are over 160 million+ computers in the US alone, and 90% of those PC's use Internet Explorer, how can the US Gov. not justify action in insisting these issues be resolved promptly?

    Jim http://www.runfatboy.net/ -- Exercise for Web 2.0

    1. Re:Legislation Needed? by teshuvah · · Score: 5, Interesting

      I work on an air force base, and not only is IE the standard, but Firefox is on the list of unapproved apps. so if you're caught using it via the monthly scans, you're forced to uninstall it.

  4. "... said he's not sure which site he browsed..." by UberOogie · · Score: 5, Funny

    *cough*porn*cough*

    --
    "Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
  5. Ugh by ZombieRoboNinja · · Score: 5, Funny

    I know this is Slashdot, but can we at least have our grammar Nazis spell "grammatically" correctly?

  6. In other news... by zolaris · · Score: 5, Insightful

    Related, F-Secure posts: "Microsoft has put out a warning on a new, nasty, unpatched vulnerability in Internet Explorer. Proof-of-concept exploits are already out. Disable IE's active scripting or switch to any other browser. Not necessarily Firefox - just any other browser. " It's sad when the solution is "Any other browser".

  7. Was the City of Tuttle, Oklahoma... by sharkey · · Score: 5, Funny

    one of the sites that has been "hacked" to exploit this flaw?

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  8. Keep an eye on this one.. by Dynamoo · · Score: 5, Informative
    If you're an admin of machines running IE then it will be worth keeping an eye on this one. The best place is the Internet Storm Center which usually updates several times a day and links to other sites of interest. (Be sure to check the diary archive).

    This is a little like the WMF flaw that became known just after Christmas. Eventually MS had to provide an out-of-cycle patch (even if it was just a few days early) because of the bad press they were getting. From the looks of things, the patch for this one will be ready soon too.. so any kind of noise you can make to get an early release would be a Good Thing.

    Yeah yeah, MS will get a lot of flak from Slashdotters on this, but you should bear in mind that they also provide some decent patching tools like WSUS for administrators to roll these things out. Personally, I never use IE on my Windows box, but I'm afraid it's still a fact of life in most large businesses.

    --
    Never email donotemail@WeAreSpammers.com
  9. Re:Ugh by Anonymous Coward · · Score: 5, Funny

    That's why they lost WW2.