Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Attack Fells Internet Explorer

Posted by Soulskill on from the tricking-an-old-dog dept.

alphadogg writes "Attack code has been identified that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser. The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer."

3 of 202 comments (clear)

  1. Really? by Murdoch5 · · Score: -1, Offtopic

    Oh no I better check my version of IE, Wait I run Linux. firefox is still okay.

  2. Re:Is that supposed to be news?? by commodore64_love · · Score: 1, Offtopic

    Maintenance?

    What's that? J/K. That maintenance I can deal with but the annual inspections just so garages can look for something to repair really piss me off. I miss my old state that had no inspections (at point-of-sale and that was it).

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  3. Hindsight is no joke by HomelessInLaJolla · · Score: -1, Offtopic

    It is not about old and unpatched. It is about looking back and thinking,"Hmm. If it was posted to Bugtraq recently and affects old browsers then, in all likelihood, it was known almost immediately when the versions came out."

    IOW, you can safely deduce that this bug has been in use for years but, like an ostrich, what people do not see right in front of them still exists.

    Consider the most likely group of people to have known about the exploit long before it was made popularly known: inner circle developers, hackers with code and memory analysis tools, and, likely, your friendly neighborhood government surveillance agencies.

    If it can be used to install rogue code into the system do not look for system crashing viruses or resource hogging worms. How many kB does it take for a keylogger and a relay for information of interest (URLs visited, installed programs, identifying information, registry keys, etc.)?

    If you consider the state of operating system security over the last ten years it is safe to operate under the assumption that your system is being monitored somewhat "Echelon" style: that is to seriously consider that the system is quietly exploited and all activity is being funnelled into a database which is mined and cross-referenced for keywords (URLs, registry keys, identifying information, etc.).

    Do not think that MacOS or Linux or even OpenBSD is immune. Zero day exploits are zero day exploits and every web browser has them. The more important consideration, once you just flatly accept the truth, is: who is most likely to be making use of this... and why? With that question firmly in mind you will be able to logically assess each and every security report which appears in daily news. What you don't know _is_ being used against you. Consider that to be a real, daily, constant fact.

    Treat it the way you would honesty consider that your bank, your landlord, and your local locksmith quite likely have no trouble obtaining a key to your front door and, no matter how much you think you have rights, they will never admit to it.

    --
    the NPG electrode was replaced with carbon blac