Web Site Attacks Against Unpatched IE Flaw Spike 268
An anonymous reader wrote to mention a Washingtonpost.com article about an increase in attacks against IE users via a critical, unpatched flaw. The bug allows software to be downloaded to the vulnerable PC even if the only act the user takes is browsing to a web site. From the article: "[A] password-stealing program landed on the Windows PC belonging to Reaz Chowdhury, a programmer for Oracle Corp. who works out of his home in Orlando, Fla. Chowdhury said he's not sure which site he browsed in the past 24 hours that hijacked his browser, but he confirmed that the attackers had logged the user name and password for his company's virtual private network (VPN)."
Re:linking=vouching for (Score:5, Informative)
More than 200 Web sites -- many of them belonging to legitimate businesses -- have been hacked and seeded with code that tries to take advantage of a unpatched security hole in Microsoft's Internet Explorer Web browser to install hostile code on Windows computers when users merely visit the sites.
Here we go again.... (Score:4, Informative)
Over on the linux, and alternative browser side, where I live, I see patches coming out very quickly for any kind of exploit.
Sadly, the patch for the new IE flaw is scheduled for April 11th? This is according to a BBC report here:
http://news.bbc.co.uk/2/hi/technology/4849904.stm [bbc.co.uk]
Can't they do better than that? How about an emergency patch, followed by a fully tested one? Just something to knock the vulnerability into non-functional status? Hey, it's fine if the patch is imperfect- I'll beta test to save my banking information. Really.
I suppose I wouldn't have a problem with Microsoft's monopoly if they actually service me as a customer well enough that they deserved a monopoly position. I like a lot of their software. But these kinds of security issues need to be addressed better and faster.
Ironically, I pay a lot less for my linux servers and get better responses for both support and patches. That makes a difference to me.
Re:Ugh (Score:5, Informative)
"Website Attacks Against Unpatched IE Flaw Spike"
Actually, this would be even clearer if you put the verb before the prepositional phrase:
"Website Attacks Spike Against Unpatched IE Flaw"
It's unclear because both "spike" and "flaw" can be verbs or nouns, and the broken "unpatch" disrupts our ability to smoothly interpret the rest of the sentence thanks to turning an adjective into a present tense verb.
(I know I'm not perfect by a long shot on spelling and grammar, but it's not my job to post legibly on Slashdot.)
Keep an eye on this one.. (Score:5, Informative)
This is a little like the WMF flaw [microsoft.com] that became known just after Christmas. Eventually MS had to provide an out-of-cycle patch (even if it was just a few days early) because of the bad press they were getting. From the looks of things, the patch for this one will be ready soon too.. so any kind of noise you can make to get an early release would be a Good Thing.
Yeah yeah, MS will get a lot of flak from Slashdotters on this, but you should bear in mind that they also provide some decent patching tools like WSUS [microsoft.com] for administrators to roll these things out. Personally, I never use IE on my Windows box, but I'm afraid it's still a fact of life in most large businesses.
Comment removed (Score:2, Informative)
Not really (Score:3, Informative)
In fact, if MS is successful in creating an OS and set of apps that are more secure than the others, it will mean that Linux, BSD, Mac, and other *nix will be the target. Statisically and historically, I seriously doubt that MS can do it, but they appear to be doing the right thing.
DISABLE ACTIVEX!!! (Score:2, Informative)
I don't know what the best answer should be for those who need to use activex in the meantime... I guess it's kinda like smoking or other addictions that are generally risky and unhealthy -- it's painful to stop but pretty damned necessary.
Re:IE7 beta2 is the solution? Not for 2K users (Score:2, Informative)
Because of this, my girlfriend who has an old Apple powerbook can't surf the web worth shit. So don't think that a for-profit company such as Apple will be the cure to all your M$ woes.
Re:*sigh* (Score:5, Informative)
4 + 2 * 6 evaluates left to right for the basic view, giving the answer 36. The advanced (scientific) view does it by algebraic hierarchy, so the multiplication is done first, giving 16.
(FWIW, the OS X calculator does it the algebraic way, but the calculator widget does it the left to right way)
Re:That why I stay with #2 or #3 (Score:3, Informative)
It's true, other browsers are not 100% safe, but you're much less likely to get hit by an exploit with other browsers even if hackers go after them, because they just don't have as many vulnerabilities, they're not as serious, and they're patched faster on average. Of course, being less popular than IE means that hackers go after them less, too, but that's hardly the only reason they're safer.
You're still not 100% safe using other browsers — you still should also use firewall, anti-virus, anti-spyware, and anti-adware programs, as well as not download executables from untrusted sources and practice other common sense safe practices, to minimize your exposure to malware.