BBC Site Used as IE Attack Lure

← Back to Stories (view on slashdot.org)

BBC Site Used as IE Attack Lure

Posted by ryuzaki0 on Thursday March 30, 2006 @02:23PM from the reads-good-enough-to-be-true dept.

capt turnpike writes "The hits just keep coming... according to eWEEK.com, someone is using actual excerpts of BBC news stories to 'launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.' One example is a story blurb masking the download and installation of a keylogger -- with no user interaction. And it doesn't even tell you it loves you."

83 comments

Min score:

Reason:

Sort:

How is this news? by Anonymous Coward · 2006-03-30 14:26 · Score: 3, Interesting

So... they used BBC news as bait... WOW! It's not like they took over the BBC site and used it.
1. Re:How is this news? by TommyBlack · 2006-03-30 14:55 · Score: 4, Funny
  
  WOW! It's not like they took over the BBC site and used it.
  No, of course not. I'm the one who did that.
  
  Click here to read an interesting BBC story about it
  
  --
  Why do my serious comments get modded "funny"?
2. Re:How is this news? by Anonymous Coward · 2006-03-30 19:43 · Score: 0, Funny
  
  WARNING: parent is a bit slow in the head
3. Re:How is this news? by arivanov · 2006-03-30 21:10 · Score: 0, Troll
  
  You are late.
  
  El president Antonio Bliar has p4wn3d it before you.
  
  --
  Baker's Law: Misery no longer loves company. Nowadays it insists on it
  http://www.sigsegv.cx/
4. Re:How is this news? by Petrushka · 2006-03-30 21:53 · Score: 1
  
  What a grand testament it is to the present political situation in the UK that no one so far thinks you deserve a "troll" mod. (I don't think you do, either.)
5. Re:How is this news? by Anonymous Coward · 2006-03-30 22:48 · Score: 0
  
  How is this news? yada-yada-yada blah-blah-blah
  WHINER!
6. Re:How is this news? by muellerr1 · 2006-03-31 02:45 · Score: 1
  
  Probably already got their brains eaten. That will tend to make you slow.
  
  --
  steampunk web design
eWeek is retarded... by ninja_assault_kitten · 2006-03-30 14:27 · Score: 3, Insightful

"The hits keep coming in..." Yeah, 1 every hour. The media wants to make this the most critical vulnerability that ever existed. What a joke.
Erm, why is this a story? by baldass_newbie · 2006-03-30 14:27 · Score: 5, Insightful

I mean, a known bug is exploited and it's using quoted text from the BBC site.
If they do it again tomorrow with text from nytimes.com would that be another story?

--
The opposite of progress is congress
1. Re:Erm, why is this a story? by bersl2 · 2006-03-30 14:38 · Score: 2, Funny
  
  They need to do it using eWeek.
2. Re:Erm, why is this a story? by i_should_be_working · 2006-03-30 14:41 · Score: 4, Funny
  
  Maybe slashdot will be spoofed next. That will be a story. That could be the story. Emails that read:
  
  "Tech website Slashdot article links to vulnerability exploiting websites. Read more here"
  
  And whoever submits it to /. won't even have to rephrase it.
3. Re:Erm, why is this a story? by hackstraw · 2006-03-30 14:45 · Score: 1
  
  If they do it again tomorrow with text from nytimes.com would that be another story?
  
  Wait a couple of hours, this story could be completely duped :)
4. Re: Erm, why is this a story? by Black+Parrot · 2006-03-30 14:53 · Score: 4, Funny
  
  > If they do it again tomorrow with text from nytimes.com would that be another story?
  
  And will it be safe to read about it at BBC?
  
  --
  Sheesh, evil *and* a jerk. -- Jade
5. Re:Erm, why is this a story? by Firehed · 2006-03-30 15:59 · Score: 5, Funny
  
  Wouldn't this end up creating some sort of infinate dupe-loop and tear the fabric of space-time?
  
  --
  How are sites slashdotted when nobody reads TFAs?
6. Re:Erm, why is this a story? by MobileTatsu-NJG · 2006-03-30 16:09 · Score: 1
  
  "Tech website Slashdot article links to vulnerability exploiting websites. Read more here"
  
  Read more here? That wouldn't work. They should say "Click here to comment..."
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
7. Re:Erm, why is this a story? by richdun · 2006-03-30 16:26 · Score: 4, Funny
  
  Possibly. It'd be the first exploit that required soul-sucking registration to activate it.
8. Re:Erm, why is this a story? by asscroft · 2006-03-30 17:21 · Score: 1
  
  Wouldn't this end up creating some sort of infinate dupe-loop and tear the fabric of space-time? ...damn, foiled by slashcode "This exact comment has already been posted. Try to be more original..."
  
  --
  because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
9. Re:Erm, why is this a story? by advocate_one · 2006-03-30 17:21 · Score: 1
  
  Wouldn't this end up creating some sort of infinate dupe-loop and tear the fabric of space-time?
  
  dunno, but all the wintrolls who claim their machines never get infected/trojanned might vanish...
  
  --
  Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
10. Re:Erm, why is this a story? by kEnder242 · 2006-03-30 20:48 · Score: 1
  
  sig
  
  --
  my associative arrays can kick your hash - TCL
Sickening by Anonymous Coward · 2006-03-30 14:27 · Score: 0

I'm getting pretty fed up with these idiots who jump on the bandwagon everytime a vulnerability rears its ugly head. I hope there's a special purgatory for those people (say one where they have to rebuild infected systems for about 5000 years!).

Not Amused.
1. Re:Sickening by Parham · 2006-03-30 16:05 · Score: 1
  
  They may be "hating", but it's a great way to show people how they shouldn't completely trust the software they are handed. What sucks even more is that users will have to wait another two weeks (second Tuesday of the month) for an update to be officially released by Microsoft.
  
  I want to say "Firefox wins again", but "again" seems to be everytime nowadays and it's not even worth saying it.
Wow by mboverload · 2006-03-30 14:28 · Score: 1, Insightful

Wow, saying a link is something that it's not to lure victims! What a novel idea!

*chokes*
1. Re:Wow by shredthrashgrind · 2006-03-30 23:40 · Score: 1
  
  someone should patent it. The combination of BBC + old scam = novel! I'm sure the US patent office would agree.
Now I'm worried.... by Black+Copter+Control · 2006-03-30 14:30 · Score: 4, Funny

From TFA:
Click here to read more about drive-by attacks on the Internet Explorer vulnerability.
And if I click there, just what do I get?
(Times like this I'm glad that I use linux ... Until, of course, the next zero-day firefox hole, at which point I'll switch to konqueror or..).

--
OS Software is like love: The best way to make it grow is to give it away.
1. Re:Now I'm worried.... by the-amazing-blob · 2006-03-30 14:45 · Score: 5, Funny
  
  And if I click there, just what do I get?
  I don't understand why everyone is so afraid of these things. They monitor us, keep track of us. The kind of thing a girlfriend would do if we had one. Think of keyloggers and the like as your new Girlfriend (beta 0.2, results may vary)
2. Re:Now I'm worried.... by Anonymous Coward · 2006-03-30 14:57 · Score: 0
  
  or lynx?
3. Re:Now I'm worried.... by rdoger6424 · 2006-03-30 15:36 · Score: 1
  
  Make it better- load on some nice pr0n.
  
  --
  "Hello 911? I just tried to toast some bread, and the toaster grew an arm and stabbed me in the face!"
4. Re:Now I'm worried.... by Anonymous Coward · 2006-03-30 16:34 · Score: 0
  
  I don't understand why everyone is so afraid of these things. They monitor us, keep track of us. The kind of thing a girlfriend would do if we had one.
  
  There you have it: Slashdotters are afraid because it's human nature to fear the unknown.
5. Re:Now I'm worried.... by Mal-2 · 2006-03-30 16:40 · Score: 3, Funny
  
  > Think of keyloggers and the like as your new Girlfriend (beta 0.2, results may vary)
  
  I'm worried about the child processes that will be spawned...
  
  Mal-2
  
  --
  How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
6. Re:Now I'm worried.... by Anonymous Coward · 2006-03-30 18:01 · Score: 0
  
  When's the last time there was a lynx vulnerability?
7. Re:Now I'm worried.... by DrSkwid · 2006-03-31 02:19 · Score: 1
  
  firefox can be as buggy as hell for all I care
  
  I boot my browsing OS from CD on a laptop with no HD.
  
  What they gonna do ? Post as me on /. !
  
  --
  There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Now, THAT'S ILLEGAL! by dmomo · 2006-03-30 14:39 · Score: 1

If we can't convince the government to crackdown on this scumware in the interest of security and privacy, maybe we can get them to do it in the interest of intellectual property.
1. Re:Now, THAT'S ILLEGAL! by Tolkien · 2006-03-31 00:42 · Score: 1
  
  We can do all the wishful thinking in the world, but the sad fact is, no matter how bad internet viral/whatnot attacks get, the US government will never force Microsoft to make drastic OS security changes, and Microsoft will never volunteer them. It's all in the name of the almighty dollar, not technological innovation. Otherwise, with the amount of brain-power (or, failing that, at least the sheer number of brains) behind Microsoft, we could only hope that they would not only close security holes, but restrict the methods of exploiting said holes. No, they don't want to make their OS too secure, because then they would have no reason to offer new pay-services which remove malware. Malware which exploits security holes that they aren't willing to fix properly . Mic^H^H^HGod forbid virus scanners and spyware removers become a thing of the past! God forbid security companies become obsolete! God forbid surfing the net without fear, and without bogging down our systems with resource-hungry scanners.
  God knows you need to mow the lawn you've sewn. Why resod grass that's already grown? That's just... too novel.
  
  --
  how is babby formed?
2. Re:Now, THAT'S ILLEGAL! by Anonymous Coward · 2006-03-31 05:39 · Score: 0
  
  And people wonder why all the non-democratic government movements are still alive and kicking hey. Overthrown governments, hmmm...
WOW! by jav1231 · 2006-03-30 14:44 · Score: 4, Funny

An IE vulnerability! That's news!
This is Slashdot by Anonymous Coward · 2006-03-30 14:47 · Score: 0

If they do it with BBC news again, it could still be another story.
Fake URLS Suck! by Giant+Ape+Skeleton · 2006-03-30 14:53 · Score: 5, Funny

According to This article, using bogus URL's to trick people is still the most effective social engineering trick in the book. Of course, that may not apply to those in the Slashdot community :p

--
The difference between stupidity and genius is that genius has its limits.
1. Re:Fake URLS Suck! by MBCook · 2006-03-30 15:03 · Score: 5, Funny
  
  I clicked your link.
  It's an apache configuration page!
  I'M BEING HACKED!
  AAAAAAaaaaahhhhhh......
  I'd better call the FBI!
  
  --
  Comment forecast: Bits of genius surrounded by a sea of mediocrity.
2. Re:Fake URLS Suck! by Anonymous Coward · 2006-03-30 15:09 · Score: 3, Funny
  
  woah, whoever maintains that site is one sick f*cker.
3. Re:Fake URLS Suck! by jftitan · 2006-03-30 15:18 · Score: 3, Funny
  
  Tech Support : I'm sorry sir, but Apache is the name for the webserver software used to run your webpage.
  
  you:..... AHHHHHHHHHH
  
  Tech Support: You go right ahead and call the FBI and Police, I'll be sure to let them know about everything, right after I shoot off our transcribed converation to your local news agency.
  
  you: (what you say, next will make an interesting conversation)
  
  --
  "Don't Forget to Salt the Fries"
4. Re:Fake URLS Suck! by Anonymous Coward · 2006-03-30 15:38 · Score: 1, Funny
  
  If you want to print the story just use this link.
5. Re:Fake URLS Suck! by Anonymous Coward · 2006-03-30 15:52 · Score: 0
  
  yeah, I went there and there was nothing but dozens of horse porn movies.
6. Re:Fake URLS Suck! by Trogre · 2006-03-30 16:16 · Score: 2, Funny
  
  It's a known spammer's site.
  
  Better DDOS the bugger before it hurts anyone else.
  
  --
  "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
7. Re:Fake URLS Suck! by nmb3000 · 2006-03-30 16:41 · Score: 1
  
  According to This article [127.0.0.1], using bogus URL's to trick people is still the most effective social engineering trick in the book.
  
  u idiot u gave me ur ip addr. now im going 2 hax0r ur punk 455. let me jus run my haxing skrypt...
  
  * nmb3000 (slkc-dsl-gw14-874.slkc.qwest.net) Quit (Ping timeout#)
  
  . /* classic */
  
  --
  "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
  /)
8. Re:Fake URLS Suck! by Doppleganger · 2006-03-30 16:45 · Score: 2, Funny
  
  Hey... that idiot uses the same root password I do! He's got loads of MP3s and warez here, I'm gonna download 'em all and then format his drive before he knows what hit him!
9. Re:Fake URLS Suck! by rcamera · 2006-03-31 00:46 · Score: 1
  
  what's so sick about a bank website? apparently, they need me to update my personal info. i don't remember giving my driver's id last time, but they're asking for it now. how strange...
  
  --
  Wave upon wave of demented avengers March cheerfully out of obscurity into the dream
10. Re:Fake URLS Suck! by Velox_SwiftFox · 2006-03-31 01:29 · Score: 1
  
  Patriot Act. Well, duh! Better update that info right away!
How ironic, the full article has drive by links by rivj0r · 2006-03-30 15:00 · Score: 2, Interesting

You'd have to be crazy to click on them while reading that article.
My SITE HAS BEEN HIJACKED by Billly+Gates · 2006-03-30 15:00 · Score: 4, Funny

MY name is James Taylor and I clicked on your link and then the web went down all by itself!

It was taking over by a hostile native american terrorist organization called apache running on Gentoo gnu/linux. Damit hacker! I need to call the FBI over and sue you for this.

--
http://saveie6.com/
1. Re:My SITE HAS BEEN HIJACKED by Mrcowcow · 2006-03-30 17:10 · Score: 1
  
  Better than Apache on Windows XP. Now that is a real terrorist setup.
2. Re:My SITE HAS BEEN HIJACKED by gEvil+(beta) · 2006-03-31 01:58 · Score: 1
  
  Wow! Are you the James Taylor?
  
  --
  This guy's the limit!
This just in: by wile_e_wonka · 2006-03-30 15:08 · Score: 0, Offtopic

Read all about it! lol, no I'm not a virus!
Re: BBC Site Used as IE Attack Lure by Anonymous Coward · 2006-03-30 15:08 · Score: 0

Now if someone used actual excerpts of Slashdot news stories, should we expect the dupe a week later or will it get pass the bayesian filter because of misspelled words?
Newsworthy? by Yomer333 · 2006-03-30 15:20 · Score: 3, Interesting

Not really sure why this is even news. After a computer security competition last weekend, I had the chance to talk to professional security auditors, i.e. hackers. The reason I bring it up is that at one point, one of them said that "he had a web page he would like everyone to visit...with firefox." Needless to say, this scared the shit out of me. After pressing for more info of browser related exploits, he said that IE7 is suprisingly solid security-wise. Same goes for Vista, at least the parts of it that are finished (no more ldap). I shudder at the thought of IE pushers trying to convince people to switch away from firefox because it's not secure enough. I don't know, food for thought.
1. Re:Newsworthy? by Anonymous Coward · 2006-03-30 15:31 · Score: 0
  
  >>I shudder at the thought of IE pushers trying to convince people to switch away from firefox because it's not secure enough.
  
  Even if IE7 may not be *that* secure, they can (and probably will) try to convince people that IE7 is more secure. They are already playing down the severity of this particular defect!
2. Re:Newsworthy? by bunratty · 2006-03-30 15:32 · Score: 3, Informative
  
  Gosh. I'm glad you told me this. Now I'll know better and ignore all those warnings about extremely critical vulnerabilities in Internet Explorer from Secunia I keep seeing.
  
  --
  What a fool believes, he sees, no wise man has the power to reason away.
3. Re:Newsworthy? by Anonymous Coward · 2006-03-30 15:43 · Score: 0
  
  What is the going rate for Microsoft shills right now?
  
  (Can't be much. All they can manage to hire is dumbasses.)
4. Re:Newsworthy? by zcat_NZ · 2006-03-30 16:47 · Score: 3, Interesting
  
  What's the URL?
  
  I can name plenty of URL's that install drive-by spyware on MSIE (astalavista.box.sk, serials.ws). Go ahead and give me even one solitary URL that installs drive-by spyware through firefox. Just one! I promise I will visit it with firefox, and let you know the results.
  
  --
  455fe10422ca29c4933f95052b792ab2
5. Re:Newsworthy? by mgblst · 2006-03-30 22:33 · Score: 0, Troll
  
  Yes, this chap sounds like a believable fellow. If he is anything like the upstanding script children that I have had the pleasure of talking too, not a word comes out of his mouth without being absolute gospel.
  
  I really must comend you amazing non-gulibility, and I will be sure to only use Microsoft products from this point on.
  
  Thanks you kind sir. (Idiot!)
6. Re:Newsworthy? by protoshoggoth · 2006-03-31 00:39 · Score: 1
  
  What he said. If there is such a page, I want to see it.
7. Re:Newsworthy? by sremick · 2006-03-31 03:26 · Score: 1
  
  Eh, I'm not worried.
  
  Is Firefox perfect? Of course not. Is it possible to get a site that will infect Firefox? Probably. Does that make it logical to run to IE for safety? No more than it makes sense to move from the wooded rural countryside to an LA war-zone because you're afraid of a tree falling on your head.
  
  At the current moment, IE has 33 advisories to Firefox's 2. 34 vulnerabilities to FF's 3. And IE averages 449 days to fix a vulnerability, compared to an average of 83 for Firefox.
  
  (Source: http://www.webdevout.net/security_summary.php )
  
  Considering that most of the recent vulnerabilities in IE6 have been present in IE7 as well, I really don't see it as being some massive change from Microsoft's traditional level of development.
8. Re:Newsworthy? by Yomer333 · 2006-03-31 16:35 · Score: 1
  
  Holy bejesus fuckchrist. I'm sitting here using firefox, and the second that I state that someone who knows what the fuck they're doing has tested IE7 thoroughly and says it's surprisingly secure, everyone labels me an MS shill? Does IE6 suck? Yes. Is firefox inherently better? Yes. Still, god damn. I guess slashdot isn't the correct forum for stating hypothetically that an MS product might not totally suck. Besides, why believe the word of someone who makes $4000 a day doing security audits on software/networks when you can just make blind assumptions? I know I'll take the word of some random ass slashdot reader over an industry professional any day.
What harm in bundling the browser? by chill · 2006-03-30 15:24 · Score: 4, Insightful

So, what harm is there in bundling the browser with the OS shipped on 90% of the retail PCs in the world? What harm is there in integrating the browser into the core of the operating system?

Apparently, if you bundle a half-ass product where only lip service was paid to security, the cost is greater than anyone realizes. IE was crammed in there with the sole purpose of crushing Netscape and dominating the Internet market. It was rushed, with slipshod quality and security only as an afterthough -- and that only by the PR department.

"Where do you want to go today?" seems to have found an answer... ...let's stop by your bank and credit card accounts on the way to an organized crime hangout and/or third-world country! Fun!

-Charles

--
Learning HOW to think is more important than learning WHAT to think.
1. Re:What harm in bundling the browser? by Tim+C · 2006-03-30 18:54 · Score: 2, Insightful
  
  It was rushed, with slipshod quality
  
  Maybe we're thinking of different versions of IE, but while I agree with your comments on security, I can't agree with that statement.
  
  I remember IE 3; it was no match for Netscape 3 in terms of features or stability. Compared to Netscape 4 it was laughable; Navigator shat all over it from a great height.
  
  Then IE 4 came out, and everything changed.
  
  IE 4 was far more stable, faster and had more features. As an example, when resizing the window, Netscape had to rerequest the page from the server; IE did not. Netscape crashed on average a couple of times a day for me, both under Windows and Linux. When Mozilla development started and they published their set of browser torture tests, I distinctly remember one page that featured a lot of deeply nested tables. IE (5?) rendered it in a handful of seconds; Netscape 4 took over a minute.
  
  Now don't get me wrong, I have never and likely never will use IE as my primary browser. I went straight from Netscape 4 to one of the milestone builds of Mozilla (and currently use Firefox). Despite all the issues with Netscape 4 (instability, incresing number of sites that didn't work with it, etc) I simply could not bring myself to use IE. Even now, the only time I use IE is when I have to, if a site doesn't work in Firefox (generally my fault these days due to an over-zealous Adblock config) or if I have to for a site I'm working on at work. I'm no IE fan-boy; quite the opposite in fact, I can't stand it.
  
  However, saying that IE was of "slipshod quality" is disingenuous at best. Yes, modern browsers are superior to IE 6 in almost every regard, but at the time that IE was being integrated into Windows, it had little or no competition.
  
  let's stop by your bank and credit card accounts on the way to an organized crime hangout and/or third-world country! Fun!
  
  What's wrong with surfing a site in a third-world country?
  
  --
  It's official. Most of you are morons.
eWeak by Doomedsnowball · 2006-03-30 15:39 · Score: 1

I used to get eWeek until I realized that the only people that get eWeek are losers who wish they were CEO's with unlimited power. Then I also realized that eWeek was a fertile ground for hacking real (conceited) CEO's computers. I suspect that's what is happening here. Go hackers!

--
7h3$3 4r3n'7 7h3 Ðr01Ð$ ¥0 4r3 £00|{1n9 f0r. M0v3 4£0n9. --OB1
April 11??? by Black+Copter+Control · 2006-03-30 17:31 · Score: 2, Insightful

So Microsoft is planning to release a patch for this zero-day drive-by attack on April 11.....
Hackers Thank God for Microsoft Marketing Policy.
The policy may be designed to make life easier on sysadmins (or, at least, their managers), but it also makes life easier on hackers. I mean, if I had a zero day exploit, I'd start using it on patch day. That way I'd probably have a full month to exploit it before Microsoft released their scheduled patch.
Scheduled monthly patches are fine for non-critical issues, but when you have zero-day drive-by exploits like this, you've got to have a policy that puts user security ahead of marketing hype. Waiting until you have a full-fledged epidemic is not the way to secure your user's future.

--
OS Software is like love: The best way to make it grow is to give it away.
Which links? by putko · 2006-03-30 17:39 · Score: 1

Are any of the links on this page bad ones?

http://www.google.com/search?q=+Yuan+hits+new+high +against+dollar&sourceid=mozilla-search&start=0&st art=0&ie=utf-8&oe=utf-8

That is, I googled some phrase from the article, in an attempt to get it.

Don't look at that unless you have the hotfix or mozilla, I guess.

--
http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
Does anyone actually know what zero-day means? by deafpluckin · 2006-03-30 20:25 · Score: 0

I thought it meant vulnerabilities that where unknown to security professionals... lots of people know about it now. Zero day sounds cool, but it looses it's meaning when lame tech articles abuse it as a buzz word.

http://en.wikipedia.org/wiki/Zero_day
I don't get it. by benbranch · 2006-03-31 00:13 · Score: 1

Okay how can someone do all of those things to your computer just by visiting a webpage? Seriously? I use Linux and Mac and have not touched windows for years, so maybe I am a little out of the loop here. Someone can just mess up your PC for visiting a website? Is it really that simple? Ben.
1. Re:I don't get it. by Anonymous Coward · 2006-03-31 02:17 · Score: 0
  
  its called exploits/holes in the web browser - MSIE.
  
  Yes, it happened and it really is that lame.
2. Re:I don't get it. by DrSkwid · 2006-03-31 02:46 · Score: 1
  
  Why are you here ?
  
  --
  There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Firefox, anyone? by Anonymous Coward · 2006-03-31 01:19 · Score: 0

Seems to me that browsing the web with IE is bad idea to begin with. The Mozilla suite/Firefox/Netscape (take your pick) solves this problem, assuming you're up to date with OS and Mozilla patches.

Why don't PC makers push Firefox as the default browser? So many of these problems would go away.

I wonder if this attack will succeed when using IE on WINE/Crossover office?

Ahh, the good ol' days of NetWare 4.11. No spyware, no problems.
1. Re:Firefox, anyone? by Anonymous Coward · 2006-03-31 02:30 · Score: 0
  
  PC makers don't push Firefox because they are not allowed to. The OEM agreements that prohibit PC makers from including things like Firefox, iTunes, and other software were one of the things the antitrust trial was about.
2. Re:Firefox, anyone? by sremick · 2006-03-31 03:40 · Score: 2
  
  Fear of change, basically. The more Microsoft bundles with the OS, the more conditioned vendors are to not bundle or support 3rd-party apps. There is such an entrenched mindset and culture of IE-use and support that, despite the very real possibility that "something else" might be BETTER and cost LESS to support, they're too-scared to try to retrain their techs and reprint the support manuals, scripts, and flowcharts.
  
  You tell a support tech you're using anything other than IE and he'll throw his hands up and try to close the call. It's not in his scripts and you've just fucked up his average call time.
  
  The mentality is that it's more-efficient to support one and only one thing, even if that "one thing" is the worst choice, and results in exponentially-more work in the long-run. It's not like they CAN'T support IE at all, since MS bundles it, and most people are just going to use it. So they're stuck.
  
  Besides, then what would be the incentive to sell everyone copies of Norton Security Suite? That's a lucrative market. As is charging $100/call to walk a user through running Ad-Aware.
ObPython by Rob+T+Firefly · 2006-03-31 01:53 · Score: 1

The BBC would like to apologise for the following programme.

--
Slashdot Burying Stories About Slashdot Media Owned
3rd Party Security Patch to Fix this Problem by JoshDM · 2006-03-31 03:27 · Score: 1

You download and install the patch from here:

http://www.mozilla.com/firefox/
No Love? by neersign · 2006-03-31 04:04 · Score: 1

...but how about the common courtesy of a reach-around?