# An urgent read for all IE users.



## Midi Bear (Dec 16, 2008)

If you use Internet Explorer, I severely urge you to read this. A serious security flaw has been found in it - you should switch to something immediately, at least until the flaw is fixed.

http://news.bbc.co.uk/1/hi/technology/7784908.stm

PS: If this should go in bits & bytes, by all means, move it.


----------



## X (Dec 16, 2008)

things like this are the reason i switched to firefox.


----------



## Midi Bear (Dec 16, 2008)

half-witted fur said:


> things like this are the reason i switched to firefox.


Hell yeah, brother.


----------



## Monak (Dec 16, 2008)

I just love how they state right in the article how to change your virus to make it better suited for criminal activity.  *switches trojan package*  THANKS MICROSOFT!


----------



## mrredfox (Dec 16, 2008)

Lol this is why I never use ie, firefix ftw


----------



## Mr Fox (Dec 16, 2008)

Hmm yes i'm certainly in trouble at this point.


----------



## koppnik (Dec 16, 2008)

Only old people use IE. Less oldfags now, surfing over the age limit.


----------



## makmakmob (Dec 16, 2008)

Computer stuff is so much easier when one doesn't have to worry about these things.

<--- linux user


----------



## Monak (Dec 16, 2008)

makmakmob said:


> Computer stuff is so much easier when one doesn't have to worry about these things.
> 
> <--- linux user



Right? Fuck even Bill Gates uses Linux.


----------



## Irreverent (Dec 16, 2008)

There's nothing new on the threat board. MS did release some patches on the 9th, as part of their regular patch suite.

Apple *DID* release a slew of patches for Tiger and Leopard yesterday, patching a plethora of security holes in the OS. I wonder if they've fixed the root elevation that lets you compromise an OSx machine just by using Safari and going to a website yet. 

Firefox users, see http://www.us-cert.gov/cas/techalerts/TA08-319A.html Latest of dozens of patches this year for Firebox bugs. On a per capita basis, it might just be the least secure browser out there. 

Microsoft most insecure? Busted!  Apple better? Busted!  Firefox better? Busted!  Goreing one scared cow at a time? Priceless.   A zero-day exploit is equally probable on or no more likely in any one particular platform/browser.    The "I can't get X cause I run Y" mentality needs to end.


Every end user, regardless of platform or chip architecture should make sure the the operating system's (windows, MacOS, Linux, Unix, whatever) automatic update feature is on, and current. Then enable application level automatic updates as required. 

Use a decent anti-virus package and enable automatic updates

Use a decent hardware-based firewall/screening router  and

Subscribe to CERT/CERN etc to get the latest updates on zero-day attacks and patches.


----------



## PriestRevan (Dec 16, 2008)

Firefox is for furries. I'm staying with IE.


----------



## Monak (Dec 16, 2008)

If the come for your computer sever your penis and throw it at them thusly!  That should scare even the most evil computer hacker off.


----------



## X (Dec 16, 2008)

if you have a direct wired connection, use a condom.

http://mirzania.files.wordpress.com/2007/12/antivirus_condom.jpg


----------



## Eevee (Dec 16, 2008)

Irreverent said:


> There's nothing new on the threat board. MS did release some patches on the 9th, as part of their regular patch suite.


This hole was not covered.  You may notice that the article is dated today.



Irreverent said:


> Latest of dozens of patches this year for Firebox bugs. On a per capita basis, it might just be the least secure browser out there.


Pardon?  There have only been half a dozen Firefox point upgrades this year.

A little more important than bug-count nitpicking is for how much time the users are actually vulnerable.  Firefox and Opera tend to be fixed quickly and updated by most people.



Irreverent said:


> Goreing one scared cow at a time? Priceless.


Oh, I see now.  You're spreading misinformation in the name of being a cool anti-conformist.



Irreverent said:


> A zero-day exploit is equally probable on or no more likely in any one particular platform/browser.  The "I can't get X cause I run Y" mentality needs to end.


The "everything is equally vulnerable" mentality needs to end, too.  False dilemma.  Nothing is invulnerable, but that doesn't mean some things aren't better than others for various reasons.



Irreverent said:


> Then enable application level automatic updates as required.


How quaint.


Also, I note that nothing in your list protects against this IE hole.  The workarounds are complicated (disabling scripting doesn't fix it), and the exploits are on an unknown number of innocent sites.


----------



## AlexInsane (Dec 16, 2008)

I really, REALLY want to get rid of IE 7 on my computer but when I go to delete it, it brings up this huge list of stuff and says "This shit might not work if you delete it!", which makes me mad. 

I hate being trapped.

I mean, IE has always been worse for me than Firefox, and this latest development just makes me want to get rid of it entirely, but I can't, because a bunch of programs DEPEND on it to work.

That makes no fucking sense. Why should you want your programs backed by a browser that's a complete piece of shit?


----------



## Irreverent (Dec 16, 2008)

double tap.


----------



## Irreverent (Dec 16, 2008)

Update: Does appear to be a threat now http://www.microsoft.com/technet/sec.../ms08-dec.mspx Also dated this AM.

(note to self, make sure internal CIRT teams are covered off over xmas vacations to eliminate SPOFs  ) 



Eevee said:


> This hole was not covered.  You may notice that the article is dated today.
> 
> 
> Pardon?  There have only been half a dozen Firefox point upgrades this year.
> ...



Meh, Tomatoe / Tomatow quibbling between oposing nerd viewpoints.



> The "everything is equally vulnerable" mentality needs to end, too.  False dilemma.  Nothing is invulnerable, but that doesn't mean some things aren't better than others for various reasons.



Depends on your definition of "better."  A clueless user is vulnerable regardless of OS/platform.  Applies pretty much everywhere else too.



> Also, I note that nothing in your list protects against this IE hole.  The workarounds are complicated (disabling scripting doesn't fix it), and the exploits are on an unknown number of innocent sites.



Correct, but defence in depth as a methodology is appropriate.  You can't elminate zero-day risks, but you can manage them down.  A computer off the internet may be safe, but that's not what computers where made for.

ps: I wasn't being quaint, i was being trite. :Razz:


----------



## ADF (Dec 16, 2008)

Sounds pretty serious, even my uni has a notice up about it.


----------



## Grimfang (Dec 16, 2008)

Wow, thank you so much for post this! My sister's computer has had recurring trojans in the past few days and I keep cleaning them up, and making sure they're gone from the system. I've been trying to do so much to make her computer more secure, and it turns out IE is the likely weak link. I'm sure that'll be enough for her to shun the clunky browser.


----------



## net-cat (Dec 16, 2008)

Oh man. Good thing I use Ubuntu.

Hey, what's that little red arrow with the exclamation point on it up in the notification area mean?

NOTE: Facetious, in case you're too dense to get that on your own.


----------



## SnowFox (Dec 16, 2008)

net-cat said:


> Oh man. Good thing I use Ubuntu.
> 
> Hey, what's that little red arrow with the exclamation point on it up in the notification area mean?
> 
> NOTE: Facetious, in case you're too dense to get that on your own.



Yeah I hate when people complain their computer getting really slow, then you see all the warnings in the system tray. Warning your antivirus is out of date, warning you have no firewall enabled. antivirus tries to update *cancel*, scan starts *cancel*.

me: Haven't you spotted the link?


----------



## lilEmber (Dec 16, 2008)

Irreverent said:


> There's nothing new on the threat board. MS did release some patches on the 9th, as part of their regular patch suite.
> 
> Apple *DID* release a slew of patches for Tiger and Leopard yesterday, patching a plethora of security holes in the OS. I wonder if they've fixed the root elevation that lets you compromise an OSx machine just by using Safari and going to a website yet.
> 
> ...



Everything you just said about safari and firefox was laughable.


----------



## Kesteh (Dec 16, 2008)

At least Firefox is aware of the holes and constantly patches. 
Unlike IE. I've only had (and just because VB2008 was bundled with everything and their mother on install) one update for IE. Ever.

NoScript, AdBlockPlus, hell, doesn't take a genius to figure out how to keep safe and what to not click.


----------



## ZentratheFox (Dec 16, 2008)

This is awesome. Internet Exploder is just amusing.


----------



## pheonix (Dec 16, 2008)

And that's why I don't use IE. To all those who told me to switch from firefox to IE haha mines better.


----------



## TheGreatCrusader (Dec 16, 2008)

Hahaha. Fucking IE users. Enjoy your crappy browser, bitches. I'm sticking with Chrome.

If furry sex were a browser, it would be Chrome.


----------



## Eevee (Dec 16, 2008)

Irreverent said:


> Meh, Tomatoe / Tomatow quibbling between oposing nerd viewpoints.


You were severely factually wrong at least once in there.



Irreverent said:


> Depends on your definition of "better."  A clueless user is vulnerable regardless of OS/platform.  Applies pretty much everywhere else too.


No.  Software can be more or less susceptible to social engineering, too.  Software can also make it easier or harder to stay secure.  Who do you think is more likely to be patched: a casual user on Ubuntu where all updates come to you in one place, or a casual user on Windows where every app has its own different updater, if it has one at all?




ADF said:


> Sounds pretty serious, even my uni has a notice up about it.


Attackers can run whatever code they want on your machine, just by you visiting an *innocent* site, even if you have scripting turned off.

Yes, pretty serious.



net-cat said:


> Oh man. Good thing I use Ubuntu.
> 
> Hey, what's that little red arrow with the exclamation point on it up in the notification area mean?


It means it's going to update every single app you own, rather than just the OS and a few apps from the same company you may or may not have installed  8)


----------



## Archibald Ironfist (Dec 16, 2008)

This is why I switched to IE to Firefox.
Then from Firefox to Chrome.


----------



## Beastcub (Dec 16, 2008)

i use IE and for the last week the internet randomly spazes and crashes
ya think it has anything to do with this new issue?


----------



## Beastcub (Dec 16, 2008)

i am mainly worried about my paypal account...is it at risk?


----------



## Kesteh (Dec 16, 2008)

Nah. Just be more aware of where you go.
Also, IE used to crash a shitload with me.


----------



## X (Dec 16, 2008)

IE is like a whore, when it works it sucks, when it doesn't work, it still sucks!


----------



## Armaetus (Dec 16, 2008)

Only dumb people would use IE.


----------



## Nanakisan (Dec 16, 2008)

in light of this i say.

Here wee go again........ lets just face it MS in my opinion purposely leaves these flaws in their code for one purpose.

let the hackers find them and when they do find em then they fix em.

pure and simple.
MS needs better programmers casue from what i've been seeing from them lately their so called "13375" of the programming world are probably no smarter the a toilet paper roll.
taking all bets they were all once hackers
ok thats 10k there and uhh wow 1 mil wow big spenders today

*runs off with al lthe money
chow suckers
.
joke

ahem anyway.
this is the precise reason why i don't even use IE anymore.
all hail the great firefox king of all browsers stomper of all bug rival to all that sucks


----------



## mapdark (Dec 17, 2008)

Flaws is in the dictionary next to internet explorer man..

but thanks for the heads up ^^;


----------



## Eevee (Dec 17, 2008)

Beastcub said:


> i use IE and for the last week the internet randomly spazes and crashes
> ya think it has anything to do with this new issue?


Remote code execution (some site doing whatever it wants to your computer) often involves a browser crash, yes.  :V


----------



## Biles (Dec 17, 2008)

At least it's a good thing that Macs and Linux don't get their percentages of viruses and malware per marketshare.


----------



## Oskenso (Dec 18, 2008)

koppnik said:


> Only old people use IE. Less oldfags now, surfing over the age limit.


Really? My grandpa uses Firefox, he's 8X.


----------



## Wait Wait (Dec 18, 2008)

just because only old people use IE doesn't mean old people only use IE

this isn't hard, dude


----------

