Results 1 to 10 of 10

  1. Nodz86 is offline ____________
     
    Location: Essex, England
    Posts: 3,209

    #1

    Exclamation Serious security flaw found in IE!!!!

    Serious security flaw found in IE

    Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

    The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
    Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
    Internet Explorer is used by the vast majority of the world's computer users.

    "Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.
    Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.
    Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

    Browser bait
    "In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."
    As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.
    "What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

    Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."
    But Microsoft counselled against taking such action.
    "I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
    He added: "We're trying to get this resolved as soon as possible.
    "At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."
    Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.
    "It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice [of switching to an alternative web browser] is very sensible," he said.

    PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.
    "The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
    "It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it." "Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.

    From Radio 1 Newsbeat


  2. Shy Guy is offline Car Aficianado
    Location: England
    Posts: 3,188

    #2

    Default

    Thank god I switched to Firefox last April i think when IE was unbearable >_>

  3. Iced_Bullet is offline Cheese=Milk's Death Route
     
    Location: Norfolk, UK
    Posts: 6,310

    #3

    Default

    Quote Originally Posted by Nodz86 »
    this exploit only seems to affect 0.02% of internet sites,"
    What do they mean only! 0.02% is a hell of a lot! *taps good old firefox*
    Life is good. Simples. Cccchhhhh.

  4. Nodz86 is offline ____________
     
    Location: Essex, England
    Posts: 3,209

    #4

    Default

    Theres a Q & A on there aswell and the bloke from MS says one of the others rivals has multiple flaws but will not say which one so thats why he doesn't recomend you switch and tells you to reconfig about 10 options on your system/IE settings. I'll go and find the link

    Edit:
    Latest entry
    Is it safe to Explore?Rory Cellan-Jones
    16 Dec 08, 13:38 GMT
    If the average computer user read the Microsoft security advisory about the Internet Explorer vulnerability - and you'd struggle to find it if you weren't looking - you might be none the wiser about how serious this was, or what action you should take.

    A long way down comes this line: "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user." As far as I understand it, that means there is a real danger that Internet Explorer 7 users (and possibly users of other versions of IE) could be opening the door to cyber criminals to allow them to ransack the contents of your hard drive. In other words, it is a pretty serious situation.

    So when I spoke to John Curran, head of Windows at Microsoft UK, I had three questions.

    1. How serious is this?

    Mr Curran told me that only a tiny proportion of websites were infected, but given the sheer scale of today's web, that could affect a large number of people.
    So, he said, "it is certainly something people should take seriously."

    2. So what should IE users do?

    Microsoft is working on a patch but in the meantime Mr Curran said there were four steps to take.
    - make sure anti-virus software is up to date.
    - run Internet Explorer 7 or 8 in "protected mode".
    - set Internet Explorer zone security setting to "High"
    - Windows users should enable Automatic Updates so that they get any patch that is issued.

    But of course doing all of that is not only time-consuming, it will make your web browsing experience slower and less rewarding. Which brings us to the final question.

    3. Shouldn't you switch to another browser until the patch come out?

    This has been the advice of a number of security firms - who of course are also touting their latest anti-virus products - but you won't be surprised to hear that Mr Curran disagrees. He told me he had recently seen a report which listed another browser as having the highest number of vulnerabilities. "it would not be advisable," he said,"to send people from one vulnerability (in Internet Explorer) to multiple vulnerabilities."

    But given the choice between messing around with Internet Explorer and so enduring a second-rate browsing experience until the hole is fixed, or running Firefox, Safari or Opera, aren't quite a few people likely to switch? This could be the moment when the minnows in the browser wars finally score a significant victory.


    Source
    Last edited by Nodz86; 16/12/08 at 20:56 PM.

  5. DriftNismo is offline 87 Civic GT
    Location: London, UK
    Posts: 1,643

    #5

    Default

    I don't mind, been on Firefox since it came out . But it does sound quite serious, I hope it gets sorted soon.

  6. Who
    Who is offline It's not a tumor.
     
    Location: Lincolnshire, UK
    Posts: 3,218

    #6

    Default

    oh noez... virus attack... wait, what's a virus again? *pats mac*

    presumably this is a risk to vista users aswell then if MS is making a fuss?
    Formerly Crazed Dodgem/Lwsbrck

    I'm not dead!

  7. Nodz86 is offline ____________
     
    Location: Essex, England
    Posts: 3,209

    #7

    Default

    yeah mainly vista and mainly versions 7 and 8 might effect other versions

  8. Nodz86 is offline ____________
     
    Location: Essex, England
    Posts: 3,209

    #8

    Default

    I've just had the Update for IE download on my PC with the windows update thing, but now it wants to reboot

  9. KoenigseggBG is offline Made in 1994
     
    Location: Varna, Bulgaria
    Posts: 6,759

    #9

    Default

    Here`s another reason to use Firefox.

  10. kalniel is offline Hypercar Enthusiast
    Location: uk
    Posts: 571

    #10

    Default

    3 critical security flaws for Firefox have been found at the same time:
    http://www.mozilla.org/security/anno...sa2008-69.html
    http://www.mozilla.org/security/anno...sa2008-68.html
    http://www.mozilla.org/security/anno...sa2008-60.html

    So just as MS have already patched the flaw in IE, firefox users need to patch ASAP as well.

    And mac owners.. don't be smug either - Apple just released a bunch of security and bug fixes as well:
    http://support.apple.com/downloads/M...6_Combo_Update


 

Search Tags

internet explorer
,
microsoft
,
risk
,
security

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

about us

  • turboduck is a community that is dedicated to driving and racing games of all types on all platforms. Whether it's ticking off the miles/kilometres while exploring an open world, crashing and exploding everything in an insane balls-to-the-wall arcade racer, or nailing down every apex and trimming off every tenth possible in authentic sim-racing. It's all up for discussion as we enjoy the virtual cars, bikes, and everything else that these games offer. So join us, jump into the discussions, and don't think too much about why a 'duck' is our mascot. ;)
turboduck twitter turboduck facebook turboduck youtube turboduck twitter turboduck rss