Internet Exploiter gains new feature vulnerability
Mikey 19 comments
I know saying Internet Explorer has a new security flaw sounds redundant, but security experts are warning users to stop using the browser at least in the short term while they wait for Microsoft to fix the issue.
The new exploit can allow a criminal to gain access to your computer and of course steal your passwords. And they say as many as 10,000 web sites have already been exploited since this new flaw was discovered. Now you know why I call it Internet Exploiter.
Good browsers such as Firefox, Opera, Chrome and Safari are not affected.
Senior security advisor at Trend Micro Rick Ferguson said:
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals...It's just a question of modifying the payload the trojan installs. If users can find an alternative browser, then that's good mitigation against the threat."
Naturally Microsoft went gaunt at hearing that last sentence, with John Curran at Windows UK saying:
"I cannot recommend people switch due to this one flaw. We're trying to get this resolved as soon as possible."
Ah yes of course. You would be silly to change to a browser that has been commended and praised by security experts the world over. It's probably better to listen to Microsoft and just cross your fingers.
Jokes aside, the sad truth is many people don't care about browser security and will happily keep using the tired old flawed IE anyway. But I wonder how many of those 10,000 are now regretting not listening to their Firefox friends.
Update: Microsoft have patched it. Not that it makes any difference to people who use real browsers. Of course it's now installed and wants me to do a restart, which means I will loose my development state. Sigh...I hate Internet Exploiter.
Marvin the Martian
Wednesday 17th December 2008 | 01:05 PMFrankly is anyone really all that surprised anymore when people find a devastating bug in IE?
serena
Wednesday 17th December 2008 | 01:20 PMI have the new IE although I use firefox thanks for mikes knowledge more so but occasionaly it gets used for a variety of reasons. And I findd it never actually puts all the information up on a page anyway, pictures get left off etc. Not understanding a lot of this stuff puts people in vulnerable positions because they dont know any better and dont understand all that goes with using the internet etc.
I think i will try and stick with just firefox from now on..lol thanks for the heads up Mike.
Serena
...in response to this comment by serena. Good girl :-)
andrew
Wednesday 17th December 2008 | 04:16 PMIE didn't know it was still around....lol.....
mario0318
Wednesday 17th December 2008 | 04:32 PMAlthough I am a Firefox user, I think the intellectuals could at least agree IE is attacked the most due to its huge popularity among Windows users. No need to assume IE is the only one with bugs. Every browser has its flaws. It's a matter of how it is exploited.
mario0318
Wednesday 17th December 2008 | 04:33 PM...in response to this comment by SadSac. Um... it isn't. find me that law and I'll retract my comment. ;)
Anders
Wednesday 17th December 2008 | 05:54 PMIE is attacked more because it's full of holes. The fact it's the browser that's on most desktops is just the way it is. If it can be exploited, it will be exploited regardless of how many people are using it.
Rodney
Wednesday 17th December 2008 | 11:40 PM...in response to this comment by mario0318. I.E. is an easier target because it's insecure by design and tightly integrated with the operating system, making vulnerabilities easier to turn into massive problems.
SadSac
Thursday 18th December 2008 | 01:01 AM...in response to this comment by mario0318. Oh please, I wasn't speaking in the lawyerly sense of the word 'criminal'. Although looking back at his quote, he didn't specifically state that it wasn't criminal to steal passwords, just that other criminals would definitely use it for... well he doesn't actually say, but we are supposed to assume for stealing bank passwords and identity details. And if we assume stealing bank passwords is criminal then what's the difference to game passwords? Nothing. Stealing a password is it's own offence, and we assume the people stealing them have an intent to trespass onto the victim's account and perform unauthorised activities. So I guess stealing a password is absolutely fine if all you do is steal it and then do nothing with it.
This has got me all rather confused now. Does this mean that making a copy of someone's house keys is legal as long as you have no intention of trespassing onto their property? I would assume not, but maybe. If so then stealing passwords is fine. But I guess it depends on if you can trust the person who stole your password. But since they stole your password, you are probably not going to trust them. And if you can't trust them you probably don't want them in your business. So basically, the type of person who steals passwords is probably up to no good and therefore has intent to trespass, and trespassing IS a crime.
Rodney
Thursday 18th December 2008 | 09:00 AM...in response to this comment by mario0318. I think you'll find it is a crime, by the definition of the law. The Australian Computer Crime act of 2001 defines a computer crime as:
The offences covered (implemented in the Cybercrime Bill as s.477.1 to 478.4 of the Criminal Code Act) are:
* Unauthorised access, modification or impairment of data
* Unauthorised modification of data to cause impairment
* Unauthorised impairment of electronic communications.
* Possession of data with intent to commit computer offence (described as "akin to the more familiar offences of 'going equipped for stealing' or possession of an offensive weapon").
* Supply of data with intent to commit a computer offence
* Unauthorised access to restricted data.
* Unauthorised impairment of data held in a computer disk, credit card, etc.
Using someone's password to gain access to their data - any data, clearly falls into those categories.
Bob
Thursday 18th December 2008 | 10:38 AMFirefox, Opera, Chrome and Safari are not affected by this bug but what bugs do they have not yet discovered?
IE is more attractive purely because it is integrated with an OS. If the others had their own you would find the same issues.
I have been using IE from the start but now using all depending on what I am feeling on the day.
All browsers have bugs so they are all as bad as each other.
All browsers are vulnerable to security attacks but if I had a choice to attack one - IE would be the best as it affects far more than just a simple browsers and let's face it - MORE PEOPLE USE IT!
I wish everyone would stop acting as though they have shares in the browser companies and just be thankful with the variety of choice that we have
..
Jason G
Thursday 18th December 2008 | 11:33 AM...in response to this comment by Bob. "IE is more attractive purely because it is integrated with an OS. "
Actually Bob, that's precisely why IE has always been less attractive. There's no reason why a browser should be integrated into an OS - none at all. Every other browser proves that fact. It just makes the potential danger even higher when a browser is tied into something that has all your personal files.
Bob
Thursday 18th December 2008 | 12:29 PM...in response to this comment by Jason G. In the beginning IE integrated into the OS made sense as there were not many choices at that time other than Netscape. Why would Microsoft separate the browser from their OS even now - its part of a package!
It's so easy for these other browsers to come in boasting how quick and how small their software is but they did not have to develop or keep developing the platform to run it on. All the hard work has been done for them so lets give credit to the company who made it so.
Ok I admit that IE is falling behind in render speed etc but it's not so easy for IE to be completely redesigned from scratch and still be a part of the original OS. It may sound easy but we don't have to develop the code to make it happen.
IE has been a benchmark for all other browsers so really if it wasn't for IE then I am sure you would not have all the others happening the way they have been. I would not be surprised if Microsoft are now summing up all of the available browsers and are starting to develop an idea that will blow all other browsers out of the water. I hope it happens - I really do!
It's funny when a company has been around for so long everyone who used it and liked it suddenly turns into bitter enemies. Is it "the tall poppy syndrome"? I don't know but we should never turn our back on something because it has not performed at the top level all of the time. When something is falling behind I believe it gives that company more incentive to try and develop something even better in the end.
Rodney
Thursday 18th December 2008 | 02:06 PMBob? Is that you?
(http://en.wikipedia.org/wiki/Microsoft_Bob)
SReaver
Thursday 18th December 2008 | 03:21 PM...in response to this comment by Rodney. LMAO!
Bob
Friday 19th December 2008 | 07:14 PMOops! Mozilla forgets Firefox 2 patch, must re-issue update
It's 'embarrassing,' but users are not at risk, says browser maker.
Gregg Keizer (Computerworld) 19/12/2008 08:03:00
A "clerical error" by Mozilla Corp. omitted one of the security patches that was supposed to be included in the Windows version of yesterday's Firefox 2.0.0.19 release, a company executive said today.
Gee wiz = I didn't think any other browser companies made mistakes.............................
Bob
Friday 19th December 2008 | 07:17 PMRodney - If you don't have a good reply then don't reply and yes that's me ........................ MICROSOFT IS THE GREATEST!
Paperboy
Saturday 20th December 2008 | 12:16 PMI wish people would stop using IE already, it's such a pain in the ass to develop websites for... Please pick and use ANY ONE of the other browsers mentioned earlier - they are so much better! :/
SadSac
Wednesday 17th December 2008 | 12:48 PMI love the way he insinuates that stealing game passwords isn't criminal.