Controversy Surrounds Huge IE Hole 907
Suchetha wrote in with a Wired News bit talking about
security hole
in IE that allows malicious web pages to reformat a hard drive. The Wired
talks
more about bugtrack's handling of the whole thing, and how it essentially posted working
code for the exploit. Was it irresponsible or not?
holy crap (Score:2, Funny)
The Wired, huh? (Score:5, Funny)
Dude; since when did Lain start writing technical articles?
Ahhh... but (Score:5, Funny)
I thought it was fine till... (Score:3, Funny)
Still no loss, it was only a win98 machine
The preceding was a paid joke made possible by the humorless grant institutions of America
Thanks (Score:4, Funny)
well.. (Score:3, Funny)
No, wait... there's no script kiddies here. Only hax0rz with K-rad XP boxen.
A link to a working exploit (Score:0, Funny)
If you think that is an annoying bug, try this: (Score:2, Funny)
I would rather have my hard drive formatted. -S
huge hole... (Score:0, Funny)
-gerbik
Re:Yes!!! (Score:5, Funny)
Right in the point man. Now, I'm running the code right now to see if im vulne
This Linux's big chance! (Score:5, Funny)
Now all we need is a way to embed an ISO image of a Linux system into the web page and use the same exploit to install an alternative operating system. Just think of the banner ads! "Click here to Install Linux!" and "Get That Windows Monkey Off Your Back! Hit the Monkey to Try!" and "Eliminate Windows Instabilities Forever. Click Now!". Then it won't be malicious. It'll be setting all those people FREE!
Where's the Mac version of the exploit? (Score:5, Funny)
If you use windows, post your IP address here. (Score:3, Funny)
nastiness (Score:2, Funny)
Re:Irresponsible? (Score:5, Funny)
I wouldn't be so pissed as long as the attacker did this often. It's such a hassle to wait for my system to do a monthly e2fsck when the partitions have readched their maximal mount count.
Another Link (Score:5, Funny)
Nothing to fear. Just a link.
malicious spam! (Score:2, Funny)
New M$ motto: we fuck up so you have to!
What luck! (Score:4, Funny)
The joke they always make is "For those of you who want to work in software testing... Yes, we do test our products (wait for laugh)"
Re:Yes!!! (Score:5, Funny)
It's a self-fixing exploit!
New distributed client built in to Windows! (Score:4, Funny)
Microsoft(TM) intrudes^w introduces an incredible new PR nightmare^w^w way to work(TM)!
Trojaned@Home(TM) - work on any problem you want(TM)! Set millions of CPUs working at a moment's notice(TM)! Every copy of Windows(TM) has this glaring security hole(TM)^w^w^w feature(TM) built in!
Trojaned@Home(TM) is super fast, due to Microsoft(TM)'s secret Code Hider^w Layering(TM) technology, which ensures that it's always on(TM), and ready to work for you(TM)!
See the power of the internet(TM) multiplied by millions(TM) of smart Windows(TM) users today!
Use Trojaned@Home(TM)!
Ha! You already are(TM)!
Dissapointing WINE performance (Score:5, Funny)
Tried it on WINE using CrossOver Office.
and was very disappointed to find that WINE once again did not live up to it goal of being bug for bug compatible with windows.
All i got was HTML help and a script error. No files written to my "C:" and no exploit.
*sigh* Guess WINE still needs some work.
Patch (Score:3, Funny)
Re:BAD BAD BAD! Why? Now the script kiddies have i (Score:5, Funny)
Re:Ahhh... but (Score:5, Funny)
You might think you're joking, but there would be no better way to get microsoft to quickly fix this than to create a web page that downloads a debian install floppy and starts up a network install
User: Hmmm, my computer is acting subtly different, oh well...
MS: Oh no, we've lost another one!
Of course it's responsible. (Score:2, Funny)
Oh, wait, you think that they don't *know*? Pshaw! They're like the people who choose to drive SUVs like a sports-car -- they may _say_ that they don't know, but either they do, and are lying, or they don't, and are stupid. Either way, the responsibility likes with the user.
There are enough people out there pointing out that IE and Outlook are broke and dangerous that there's no reasonable way anyone can think they they aren't. Except if they put their fingers in their ears and go "LalalalalaIamnotlisteninglalalalala" whenever the subject comes up.
The IE users who get hit by this exploit should suck it up and take responsibility for their risky actions. And have a good backup system in place, of course.
Re:Where's the Mac version of the exploit? (Score:2, Funny)
I did manage to format my Virtual PC drive after some work, but I still feel like a second-class citizen. Bah. People always say there are more fun games on Windows, and it's true - I haven't had a chance to reformat once, and that Virex thing is a waste of money. On Windows, my antivirus was like a Tamagotchi, always pestering me and needing to be taken care of. With a Mac, it just sits there like it's in a coma.
I used to love my weekly Win98 formats. I got so darn good at them.
BlackBolt
Re:Shooting the messenger .. (Score:5, Funny)
Whoopsie [com.com]
Daisy [tom.me.uk]
Re:Where's the Mac version of the exploit? (Score:4, Funny)
I thought it was a waste of money until I scanned all the M$ Office documents sent to me by Windows users. About 60% had macro viruses on them. Of course, I never noticed before and it never effected my system, but it was nice to clean out the 'Windows Cooties' from my Mac.
Re:This Linux's big chance! (Score:3, Funny)
You look around, what do you see? Businessmen, teachers, lawyers, carpenters. The very minds of the people we are trying to save. But until we do, these people are still a part of that system and that makes them our enemy. You have to understand, most of these people are not ready to be unplugged. And many of them are so inert, so hopelessly dependent on the system, that they will fight to protect it.
Apologies to the Wachowski brothers.
Re:If you use windows, post your IP address here. (Score:3, Funny)
Hello footpad! (Score:3, Funny)
Give up, it's hopeless. Believe me, I tried. Even if you board up all the doors, someone'll still find a way to sneak in through the kitchen window you left ajar and clean out all the treasures in you trophy case. You just can't win.
Re:Irresponsible? (Score:3, Funny)
Are you kidding? If someone wants to fsck my drive for me, that's fine with me. It'll cut down on my boot time.
Re:Active content... (Score:4, Funny)
Sometimes encouragement is not necessary. I installed mozilla on my sister's machine, changed the IE link on the desktop to link to mozilla (but still with the blue 'e' icon) and installed an IE-lookalike skin [mozdev.org] on mozilla and she hasn't noticed the difference yet. (It's been about a month now.)
Re:No!!! (Score:1, Funny)
Wake up you retard.
Thanks for the Help Microsoft! (Score:5, Funny)
Re:Yes!!! (Score:2, Funny)
Re:Another Link (Score:4, Funny)
Want to take a break? Click here - and see how you can have a much deserved break from work right now!
Malicious? (Score:4, Funny)
Surely there's a typo here. If I discover that the computer I'm working on has Windows installed, you're saying that all I need to do to reformat the hard drive is click on one of these web sites?
Re:Of course it was irresponsible (Score:3, Funny)
Well, I'd probably feel pretty vaporized. But not much more than that.
Re:Of course it was irresponsible (Score:5, Funny)
Re:Of course it was irresponsible (Score:5, Funny)
Riiighhhhtttttt ... so "Joe Public" is reading /. and Wired now is he(/she)? :)
Re:Of course it was irresponsible (Score:2, Funny)
What's next? (Score:2, Funny)
Actually, that might make msgboard moderation a lot easier. Die, troll!
Hmmm... not a problem at all.. (Score:2, Funny)
Second, don't visit unknown links... Check!
Third, Disable pop-ups, block what can be blocked in the browser. Check!
Fourth, upgrade your OS with the latest patches and fixes, (Gentoo here, emerge -u world)... Check!
Fifth, implement a nazi firewall... Check!
Looks good so far, have never had an attack or lost data due to a security hole. I can sleep in peace.
new bug found: Humans vulnerable to bullets (Score:2, Funny)
Re:Of course it was irresponsible (Score:5, Funny)