Experts Say To Switch Browsers In Light of IE Vulnerability 455
It appears that the exploit in IE briefly mentioned a few days ago is causing a serious reaction: SteveAU writes "Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched. The flaw, which affects all versions of Microsoft Internet Explorer, is manifested via malware and has infected over 6,000 sites thus far. Microsoft states: 'The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.'" According to the BBC report, though, Microsoft itself is only asking that users be "vigilant while it investigated and prepared an emergency patch"; it's outside experts who say to dump IE (at least for now).
Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.
Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.
Red header (Score:2, Funny)
Whoa what happened to Slashdot's main page...
This story's title header was red.. Is that like "woop woop warning warning" red? Or something else?
In other news ... (Score:5, Funny)
Water still wet.
Pope still Catholic.
Re:In other news ... (Score:5, Funny)
and chairs still fly
Re:In other news ... (Score:4, Funny)
happy flamebait!
Re:Those that haven't already changed... (Score:5, Funny)
I won one of these a few days ago. Just to let you know, they don't actually give you an iPod directly. Instead, they ask for your bank account information and deposit $250 (they say it's for tax purposes). I should be getting my money any day now!
Re:Is any browser safe? (Score:3, Funny)
Re:Is any browser safe? (Score:3, Funny)
It's sort of like wearing a web-condom: used to be that going bare-browser was mostly safe as long as you were careful who you interacted with, but nowadays even the pretty ones can burn you, so your best bet is to just wrap your tool ... with a sandbox. (I'm still working on the analogy)
Try adding a reference to "extensions". That'll help.
Re:Those that haven't already changed... (Score:5, Funny)
Will this flaw affect "old" IE browsers? (Score:3, Funny)
My laptop has an older IE; version 5 I believe..... will this flaw affect that too, or is it just a flaw in the current version of IE?
The shrieking is a bit tedious (Score:3, Funny)
Especially since it happens nearly every day. Oh noes!!!! Everybody panic!!! Another exploit in Windows/Office/Explorer. WOE is us!!!
Perhaps if we phrased it like a sponsored ad: "Todays exploit brought to you by yet another buffer overflow error!" "This morning's gaping security hole sponsored by Stormworm. Stormworm: The worm of choice for the discerning mailbot."
Re:Red header (Score:3, Funny)
Normally this is reserved for subscribers, so maybe it was a subliminal attempt to get you to subscribe ;)
Re:Makes sense to me (Score:2, Funny)
And since then, they've also learned how to make anti-spyware apps that distinguish between real spyware and cookies that just track what websites you go to for advertising purposes.
Aaaah I didnt realise I was jumping forward in time before running anti-apyware after browsing with FF :)
Re:Is any browser safe? (Score:3, Funny)
Choosing a browser with security as the only concern? Opera.
"Eeeeverybody's getting secure browsers!"
"You get a secure browser!"
"YOU get a secure browser!"
"You get a secure browser!"
Re:In other news ... (Score:5, Funny)
and chairs still fly
Not this week, I heard the chair budget got cut on account of increased costs from the United Union of Broken Windows.(Look hard for the double meaning there)
Re:In other news ... (Score:5, Funny)
Otherwise known as "Leroy".
Re:Is any browser safe? (Score:5, Funny)
...use separate sandboxed browsers for finance vs email vs ... vs porn browsing.
Fixed that for you.
Re:Vulnerability (Score:5, Funny)
This is to prevent unfit users from not using one of the other browsae.
for everyone's sake, I hope that's a fucking typo.
Re:Those that haven't already changed... (Score:1, Funny)
It seems that I will have to reformat my hard drive and install everything to get rid of this problem.
Close, but no cigar. To get rid of this problem, you will have to reformat your hard drive and not install everything.
Re:Red header (Score:5, Funny)
Obama performs stupid /. changelog tricks with Ubuntu!
Frontpage material
Re:Those that haven't already changed... (Score:4, Funny)
Really it's not that simple. I was a supporter of firefox in my organization, and to my surprise I pretty much won. We use Firefox for nearly everything. Nearly. I have content adviser turned on for each of the machines which for the most part cripples IE and makes it nearly impossible to actually browse the web. IE is still very necessary for many sites which are required for our operation. Not internal "we developed in house badly designed pages", but actual corporate sites to manage various accounts on the Internet. That's surprising in 2008 that companies could have their head stuck in the sand that badly, but they seem to be all over the place... and unfortunately in places required for essential function.
I'm fortunate that the medium sized company goes along with this, because in any other organization we'd just use IE and that would be the end of it. Just managing the work arounds has actually been a lot of work, although in my mind it comes out to a wash in being a bit more proactive in preventing the vulnerabilities that flood IE.
You can do much better than that. I duct tape huge boxing gloves to my users hands, that way they can't type malware in using a notepad and Alt key codes. I've also banned people carrying in USB peripherals (might have malware), laptops (might have malware), mobile phones (distracting and pointless) and A4 binders (might have malware written out as a long list of Alt key codes). I've also removed all the phones (someone might whistle malware down the phone to a 56K modem). Though I've covered all the ports, USB, network, modem and so on with epoxy resin. Still I believe in defense in depth.
Some of my users have found out how to remove the gloves with their teeth, even though my security guards will beat anyone they see trying to do that. I've asked the CEO if I can amputate their hands and leave them with bandaged stumps but he obviously was too 'non technical' to understand. He just shook his head and walked off. Maybe muzzling persistent rule breakers after the third beating would be a acceptable. Actually I want to muzzle and blindfold everyone all the time and cut off the power. Still, even though the solution I have is not perfect it is very secure.
Re:In other news ... (Score:5, Funny)
A: A physics-nazi that feels compelled to scrutinize the minutia of jokes.
Re:In other news ... (Score:1, Funny)
A physics-nazi that feels compelled to scrutinize the minutia of jokes.
I think you mean momentum.
Re:Vulnerability (Score:5, Funny)
This is to prevent unfit users from not using one of the other browsae.
for everyone's sake, I hope that's a fucking typo.
No it's not a typo, there are many wordae like that.