Slashdot Mirror
Nasty Data-Stealing Bug Haunts Internet Explorer 8
Trailrunner7 writes "There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way IE8 handles CSS. The vulnerability can be exploited through an attack scenario known as cross-domain theft, and researcher Chris Evans originally brought the problem to light in a blog post in December. At the time, all of the major browsers were vulnerable to the attack, but since then, Firefox, Chrome, Safari and Opera all have implemented a simple defense mechanism. The upshot of this is that if a victim has visited a given Web site, authenticated himself to the site, and then visits a site controlled by an attacker, the attacker would have the ability to hijack the user's session and extract supposedly confidential data. This attack works on the latest, fully patched release of IE8."
IE as well know, unpatched security vulnerabilities? Thats so surprising!
People still use MSIE?
Eh, more like 15, but who's counting?
I just upgraded to IE 8 yesterday to verify a support issue.
Steve Hawking goes into a little more depth in his new book and Greene actually says String theory supports it too.
We're on our way to a Unified Theory all thanks to IE and Microsoft.
RIP America
July 4, 1776 - September 11, 2001
Can't remember the last time I fired up IE (I do have IE8 installed).
Kudos to FF team. Thank god I don't work on webapps anymore.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
It's a strange thing. It seems the only reason IE exists it to repeated punch microsofts reputation in the face. I'm surprised one executive hasn't gotten so fed up and fired the "IE team" or replaced them with monkeys. I watch Channel 9 and there are some seriously smart people working at this company and yet this one program has done more to harm the company's reputation like no other.
did you forget to take your meds?
To be fair, it's an honest enough mistake. It just seems like it's been 30 years, what with all the waiting and the retro styling for all those years.
IE's world-wide market share is currently around 80% to 85% of all web users.
Alternate browsers have very poor support for properly rendering the text of most Asian languages, while IE has exceptionally good support, so the use of alternate browsers in places like Japan, China, Thailand, Taiwan and the Koreas is virtually unheard of. These markets, which are already far larger than the American or European markets, are still growing.
Don't let the W3Schools stats confuse you. Those are for a small subset of the comparatively small American market, and thus aren't indicative of the global trends.
if you're using internet explorer, you deserve every bug you get. If you're in one of those companies that mandates IE or something, company data theft is their fault and their loss. If you're reading slashdot, chances are you know that entering your personal data on one of those computers is probably a bad idea because besides internet explorer, they also more than likely have company monitoring software installed.
"People don't want to learn linux" hasn't been a valid excuse since '03.
God's ten commandments aren't adhered to ... well at least a major subset of them. How can you expect the rest of the population to listen to administrators when they suggest "don't use IE"?
to code or not to code, that is the question.
IE9 may as well be Mac software for most people. It will only work in Windows 7 and Vista.
Help stamp out iliturcy.
Data theft is easy to detect, just look for missing data. These sound like data spying/eavesdropping attacks, that is, where the attacker is able to monitor all your data without your knowledge. Nowadays it seems that "theft" has come to mean "something I don't like".
Yes there is sites out there where the company behind them send out software that infect your computer and causes it to become open for anyone to take over.
Some of them even pretend to do useful things for you like pretending to be a way to secure your computer from nasty attacks.
For one nasty example check out this site:
http://www.microsoft.com/
Just saying it like it are.
Isn't that all of them?
Seems Microsoft actually has people that know their market better than slashdot UID #646467.
Snirk. Yeah, that would totally explain Vista and Kin, Plays For Now, Zune and Bing. They have Vision. They have Skills. They are Learned in the arts of the graphs and the Powerpoints. If they only spend a few more tens of $Billions on awkward ads, they can put it over. You so totally dominated me with your argument I must defer to your superior knowledge.
At this point there's nobody reading this but you and me so it's ok to get a little off-topic.
When you're finding in the charts the information you want to find regardless of the later outcome, you might as well be looking at Tarot cards or bird entrails. It's clear you and I are not going to agree on how to project the uptake curve of W7 against XP. I see W7 at 15 to 20% at the end of July, nearly a year after RTM, and having gotten nearly all of that from the much reviled and structurally similar Windows Vista. The plateau is plain as day. Though the Vista base continues to erode, adoption by XP users is levelling off and it never was much. To expect to get from 20% to 50% in another year would presume an upward curve to the line rather than the levelling one that is shown. I'll go ahead and project that W7 will not achieve 50% share on an average of the top five metrics in CY2011. Hell, I'll go ahead and say it won't get 40% as measured in the single month December 2011 in an average of the top five metrics. I'd go as far as to bet a beer on it. A risky thing, this fortune telling is. I can't delete this slashdot comment, so if I'm wrong you'll be able to throw it in my face forever after, and that means a lot to me.
Microsoft has renewed the family pack offer for W7, but you still have to have W7 capable hardware in order to be even slightly interested. Some people may be buying new hardware and unable to avoid W7, but they're handing their old hardware down mostly, so each unit should count only as a half-step rather than a whole one. To get a whole step that old PC has to go in the landfill rather than being given away or resold on Ebay, and I don't see that happening. XP may be discontinued, but "W7 pre-downgraded to XP" seems to be a popular netbook option even today, particularly on Intel Atom netbooks which don't run W7 well. Considering that XP is in fact still selling well at retail calls the lie to its demise in the context of browser share. Those are backsteps that cost double. Microsoft may want us to let go of XP, but internally one must presume they are conflicted since W7 doesn't work well on a netbook and they don't want to dismiss the migration to mobile because that's where the crowd is going. If the OS is still for sale on emerging platforms today, how dead could it be? A lot of users still use W2K because they have apps from dead companies that they still need to do what they do, and W2K had a relatively brief moment of dominance compared to XP. XP in actual use is going to be a significant share for a very long time, even if people have to license W7 to get it.
And then there's the migration to mobile. We're going to ARM. We're giving up on Intel, the storied company that brought forth the computer revolution, founded by the inventor of the transistor, just to get away from you. That's got to make you proud.
But yeah, internally in Redmond go ahead and spread the word that W7 is being embraced by the masses, that XP is seen by the bloggerati as completely croaked. We need you to be oblivious to Android on the desktop and as a VDI solution so that when it's time to lead you out behind the barn you come along meekly. The more you make your own apps incompatible with your own operating systems the better off we are.
Help stamp out iliturcy.