1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Zero-Day Exploit Targets IE

Discussion in 'Fred's House of Pancakes' started by Sufferin' Prius Envy, Nov 22, 2005.

  1. Sufferin' Prius Envy

    Sufferin' Prius Envy Platinum Member

    Joined:
    Jul 7, 2004
    3,998
    17
    0
    Location:
    USA
    Vehicle:
    Other Non-Hybrid
    [More fuel for the "Why are so many people Anti-microsoft" thread. :eek: ]

    It looks like the proverbial S*** has hit the fan.

    Look for another critical patch from M$$$ sometime in the future which will cause IE to break even more web sites which are coded specifically for IE rather than W3C standards.

    Once again, internet security people in the know are suggesting moving to Firefox or Opera.

    "Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.

    The zero-day exploit, posted by a U.K.-based group called "Computer Terrorism," could allow a remote hacker to take complete control of a Windows system if the victim simply browses to a malicious Web site.

    Ziff Davis Internet News have verified that the exploit works on fully patched Windows XP systems with default IE installations.

    The group said IE users should immediately disable "Active Scripting via the Tools > Internet Options > Security tab > Custom Level feature.

    The SANS ISC's Ullrich said IE users should consider switching to Firefox or Opera."


    http://www.eweek.com/article2/0,1759,18917...3119TX1K0000594
    If you REALLY don’t know what you are doing on your computer security wise, trust neutral third party folks, not someone trying to sell you something.
     
  2. tag

    tag Senior Member

    Joined:
    Nov 26, 2003
    2,526
    19
    0
    Location:
    Chicago
    I disagree.......with the phraseology (remove "consider switching" and insert "switch").
     
  3. bookrats

    bookrats New Member

    Joined:
    Mar 12, 2004
    2,843
    2
    0
    Location:
    Seattle, WA
    Or "switch as quickly as humanly possible".
     
  4. Sufferin' Prius Envy

    Sufferin' Prius Envy Platinum Member

    Joined:
    Jul 7, 2004
    3,998
    17
    0
    Location:
    USA
    Vehicle:
    Other Non-Hybrid
    Or “should have switched six months ago†. :eek:

    Gee, guess which bar below represents the current security vulnerability of IE and which is Firefox.

    [​IMG]

    [​IMG]

    Check for yourself:
    Click on the Internet Explorer | Mozilla Firefox | Opera | View All Products | links near the top.
    http://secunia.com/about_secunia_advisories/

    (ooh, and by the way, the IE one has been that way for over six months! :angry: )
     
  5. tumbleweed

    tumbleweed Senior Member

    Joined:
    Oct 3, 2005
    4,067
    687
    0
    Location:
    Eastern Oregon
    Vehicle:
    2010 Prius
    Model:
    V
    I'm glad I use Linux and Firefox.
     
  6. DaveinOlyWA

    DaveinOlyWA 3rd Time was Solariffic!!

    Joined:
    Apr 13, 2004
    15,140
    611
    0
    Location:
    South Puget Sound, WA
    Vehicle:
    2013 Nissan LEAF
    Model:
    Persona
    cmon you guys!!

    we ALL KNOW this is not news...same ole same ole

    why i use Firefox?

    a pretty major flaw was discovered in the Firefox browser this past spring. there was a quick fix out almost right away (about a week) and a major rewrite a month later to shore up that vunerability.

    a similiar vunerability has existed in IE for over 6 months... it had yet to be addressed (this was this past spring) and it was at least 2 months before an update was released. since i dont use IE (except at work, and we constantly have issues) i dont even know if the problem was fixed.

    i also saw a stat that said that Firefox went 100 something days with an unpatched security issue. i thought that sucked until i saw that IE never had a completely patched day and each vunerability went an AVERAGE of 150 something days before being addressed
     
  7. Sufferin' Prius Envy

    Sufferin' Prius Envy Platinum Member

    Joined:
    Jul 7, 2004
    3,998
    17
    0
    Location:
    USA
    Vehicle:
    Other Non-Hybrid
    Yet about 90 percent of the people on the internet use IE to do their surfing . . . making the web a much more dangerous place for us all. :angry:

    For those who don’t think there is anything to worry about, try this test in both IE and Firefox.
    http://secunia.com/multiple_browsers_windo...erability_test/
    If you don't have Firefox, I'll spill the beans on its test outcome . . . It passes!
    This vunerability was fixed soon after it was discovered, a long time ago . . . and Firefox doesn't even need its pop-up blocker to combat this problem properly.

    THIS IS NOT the extremely critical Internet Explorer "window()" Arbitrary Code Execution Vulnerability which can be used to take over your computer. At worst, this vunerability may crash Firefox . . . a much better outcome than IE's handing over control of your computer.

    If you still think IE is safe for surfing the net, I’ve got some used Prius air bags, which I re-packed myself, and will sell to you dirt cheap.
     
  8. jayman

    jayman Senior Member

    Joined:
    Oct 21, 2004
    13,439
    639
    0
    Location:
    Winnipeg Manitoba
    Vehicle:
    2004 Prius
    Patrick:

    For the LOVE OF GOD do NOT try this at work!

    Our workstations are supposedly up to date, but IE locked up so badly I had to do the ctrl-alt-delete to end explorer.exe. Then reboot. So once again IE with supposedly "up to date" patches has let us down.

    My office manager was NOT impressed. Well, not really angry at me that is, really angry at Microsoft.

    jay
     
  9. Mystery Squid

    Mystery Squid Junior Member

    Joined:
    May 18, 2005
    2
    3
    0
    :lol:

    er, passed.

    and I'm currently using IE... Which any mod can verify....

    :lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol:
     
  10. Mystery Squid

    Mystery Squid Junior Member

    Joined:
    May 18, 2005
    2
    3
    0
    Yeah, locked up pretty bad there jayman.... :rolleyes:

    :lol: :lol: :lol: :lol: :lol: :lol:
     
  11. brandon

    brandon Member

    Joined:
    Oct 24, 2004
    771
    8
    0
    Location:
    Manhattan, KS
    Vehicle:
    2005 Prius
    It can't really be called a "zero-day exploit," though. People have known about the flaw for months, and the only "exploit" out there at the time of this writing is just a proof-of-concept piece of code that can open Calc.exe.
     
  12. Sufferin' Prius Envy

    Sufferin' Prius Envy Platinum Member

    Joined:
    Jul 7, 2004
    3,998
    17
    0
    Location:
    USA
    Vehicle:
    Other Non-Hybrid
    The mods may be able to verify that you use IE, but they can't verify the results of your test of IE against the exploit.

    So, how did you hobble IE to pass the test? Turned off scripting by chance? :lol: That won't get you very far on some web sites coded for IE. :p

    AGAIN, THIS IS NOT the extremely critical Internet Explorer "window()" Arbitrary Code Execution Vulnerability. This is just the Multiple Browsers Window Injection Vulnerability Test.

    Ignore the perils of using IE at your own risk, Misery Squid.
    M$$$ really doesn’t want to fix these problems - or else they would have!
    What is preventing them from fixing it??? . . . Mozilla did in short order. :p
    Could it be that the cure - from M$$$’$ perspective - is worse than the disease?

    The problem is that IE has a contagious genetic defect, and the only way to save the patient is to remove the defective code . . . which will make the patient a leper . . . and ultimately lead to its demise.

    M$$$ having integrated IE into the Windows operating system is about a dumb as it would be for Toyota to integrate the CD player into the Prius in such a fashion that if the CD skipped you would get the red triangle of death and the car would shut off.
    I would not have bought a Prius if M$$$ did the computer code. :unsure:
     
  13. Schmika

    Schmika New Member

    Joined:
    May 27, 2005
    1,617
    2
    0
    Location:
    Xenia, OH
    I am scared to say what I use. Anti- MS people are like anti_Bush people..Rabid. Now , i understand being Anti-Bush, theings he does affects us all, willing or unwilling. However, HOW does what OS you use affect anyone else. If I, or Squid, is happy with MS, why the venom and vitriol.

    Please explain how the OS I use, or the phone, or the stereo, or TV, dish vs direct, etc gets all of you so fired up. READ YOUR POSTS!!!!!!!!
     
  14. Bionic

    Bionic New Member

    Joined:
    Oct 2, 2005
    129
    0
    0
    Location:
    Delaware

    The same way people get fired up when they see someone who smokes 4 packs a day or drinks too much coffee or eats too much food... They know it is not good for them and it's in their best interest to quit.
    The analogy extends even further... many people use IE because it's what is already on their computer when they take it out of the box, much like many people eat McDonalds because it's convenient.
     
  15. Schmika

    Schmika New Member

    Joined:
    May 27, 2005
    1,617
    2
    0
    Location:
    Xenia, OH
    Thanks, that makes a lot of sense. Doesn't change that it is pure RUDE to get so angry toward the other person. Good analogy because I just take whatever is on the computer I bought. Though I did get online virus protection (McAfee) HERE IT COMES, vitriol from all the Norton people.

    Vitriol is my word of the day....see how many times you can use it until the end of the day....I have it in both my posts so far! :lol:
     
  16. jayman

    jayman Senior Member

    Joined:
    Oct 21, 2004
    13,439
    639
    0
    Location:
    Winnipeg Manitoba
    Vehicle:
    2004 Prius
    Nothing so hot about Norton: it's a clunky memory hog. It's always best to reboot after running a full virus scan or the machine will just crawl along.

    On my "work" machine at home, I have a Shaw Extreme 5 Mbps cable connection. Shaw also provided anti-spyware and anti-virus from K-Force, which I find FAR superior to Norton. At least it's quick and reliable.

    Isn't that a laxative? Oh, wait, never mind ... <_<
     
  17. jayman

    jayman Senior Member

    Joined:
    Oct 21, 2004
    13,439
    639
    0
    Location:
    Winnipeg Manitoba
    Vehicle:
    2004 Prius
    Patrick:

    That is the problem, not only in IE but in the OS as well. Microsoft presents this crap as easy to use, safe, secure, etc, and the average computer user has no choice but to accept it.

    I suppose a brave home user could disable all the scripting, cookies, and Active X, but the browser would be almost non-functional at that point.

    I believe in truth in advertising, not in telling everybody that computer users "deserve" what happens. Either tell people they had better invest in several hundred dollars worth of firewall, anti-virus, and anti-spyware, along with a rootkit revealer, or just don't peddle the crap.

    Oh, and don't bother with Microsoft's Anti-Spyware Beta 1: it very conveniently ignores companies "friendly" to Microsoft.

    Funny thing, on my home machine I tried that URL that locked up my work machine, and nothing bad happened. K-Force just told me it had blocked a browser hijack attempt and let me continue with my work.

    jay
     
  18. Mystery Squid

    Mystery Squid Junior Member

    Joined:
    May 18, 2005
    2
    3
    0
    Get this: I didn't do a single thing. It wasn't even my computer at home.



    Actually, I only use IE for certain things, should I cruise the net for PORN, I use Firefox... :D
     
  19. Mystery Squid

    Mystery Squid Junior Member

    Joined:
    May 18, 2005
    2
    3
    0
    :lol:

    No sh*t eh?

    Actually, I have to say, I have to give Prius Chat members some respect, as many people seem to exercise a fair amount of control. Believe me, I've been in some real ugly MSFT arguments where it degrades into nothing but personal insults. Which, mind you, I actually enjoy and appreciate, as long as it's creative...

    :lol:



    :ph34r:
     
  20. Maytrix

    Maytrix Member

    Joined:
    Aug 22, 2005
    742
    7
    0
    Location:
    Marlborough, Mass
    Vehicle:
    2009 Prius
    Model:
    N/A
    Didn't have any problem here.

    One reason why so many companies have issues - Old software! It amazes me how many large companies are still on NT or 2000. Maybe that's part of the difference as to why it didn't affect some of us but did others?