4 Replies - 1165 Views - Last Post: 29 December 2008 - 01:50 PM

#1 Nykc  Icon User is offline

  • Gentleman of Leisure
  • member icon

Reputation: 726
  • View blog
  • Posts: 8,638
  • Joined: 14-September 07

Major Flaw in Internet Explorer Revealed

Posted 16 December 2008 - 02:50 PM

Found this interesting.

Quote

The major press outlets are abuzz this morning with news of a major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8. The attack has serious and far-reaching ramifications -- and they're not just theoretical attacks. In fact, the flaw is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.

Virtually all security experts (as well as myself) are counseling users to switch to any other web browser -- none of the others are affected, including Firefox, Chrome, and Opera -- at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." Microsoft adds that it is working on a fix but has offered no ETA on when that might happen. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds. (Some reports state, however, that the fixes do not actually work.)

Expedient patching or switching are essential. Security pros fear that the attack will soon spread beyond the theft of gaming passwords and into more criminal arenas, as the malicious code can be placed on any website and can be adapted to steal any password stored or entered using the browser. It's now down to the issue of time: Will Microsoft repair the problem and distribute a patch quickly enough to head off the tsunami of fraud that's about to hit or will it come too late to do any good?

Meanwhile, I'll reiterate my recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated.


Read the article here...

http://tech.yahoo.co...ogs/null/111811

Is This A Good Question/Topic? 0
  • +

Replies To: Major Flaw in Internet Explorer Revealed

#2 nofear217  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 14
  • View blog
  • Posts: 323
  • Joined: 08-November 07

Re: Major Flaw in Internet Explorer Revealed

Posted 18 December 2008 - 08:23 AM

This does in fact affect other browsers and is OS independent as well. Just a heads up. I've posted a fix in the Lounge.
Was This Post Helpful? 0
  • +
  • -

#3 homemade-jam  Icon User is offline

  • Gabe's Nemesis
  • member icon

Reputation: 11
  • View blog
  • Posts: 1,300
  • Joined: 17-March 08

Re: Major Flaw in Internet Explorer Revealed

Posted 18 December 2008 - 09:09 AM

If you're referring to the XML Parsing Overflow vulnerability then it is only Internet Explorer that is affected - an out of cycle patch was released yesterday.

Also there is the issue of pointers being derefenced that can then be called again: http://blogs.technet...E-advisory.aspx

This post has been edited by homemade-jam: 18 December 2008 - 09:10 AM

Was This Post Helpful? 0
  • +
  • -

#4 nofear217  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 14
  • View blog
  • Posts: 323
  • Joined: 08-November 07

Re: Major Flaw in Internet Explorer Revealed

Posted 29 December 2008 - 11:14 AM

I was referring mainly to click jacking that uses an IFRAME vulnerability.
Was This Post Helpful? 0
  • +
  • -

#5 abgorn  Icon User is offline

  • sudo apt-get install brain
  • member icon

Reputation: 30
  • View blog
  • Posts: 1,410
  • Joined: 05-June 08

Re: Major Flaw in Internet Explorer Revealed

Posted 29 December 2008 - 01:50 PM

lol
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1