Major Security Flaw Found in IE 7

[cdogg]

In case you haven't yet heard, here it is:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9123118

http://news.bbc.co.uk/2/hi/technology/7784908.stm

http://tech.yahoo.com/blogs/null/111811

The news was first posted last week, and apparently later today Microsoft will be releasing a patch for it.

It is not absolutely clear what type of passwords the malicious code can be modified to steal. So far the only instances found have the ability to retrieve stored "gamer" passwords in IE 7. However, the consensus is that it can be adapted to take advantage of IE 5, 6, and beta 8 as well as other password types.

It's the perfect excuse to try out FireFox for a few weeks until the dust settles...or for good!

~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Einstein
[tab][navy]For posting policies, click [/navy]here.

 

[BadBigBen]

Thanks cdogg for the heads up...

I think cmeagan656 posted something along these lines in the Vista Forum...

thread1583-1519749




Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

 

[Sympology]

I do wonder sometimes of advice by security experts that say "switch to a rival browser".

See this article and see the likes of Chrome and Safari can be worse!

http://www.theregister.co.uk/2008/12/15/browser_password_security_tests/

All browser have holes in them, it's really down to how fast they can patch.
Although I use Iron, FF and i.e, people have to understand that if MS rush out a patch, it could cause more issues than it resolves, without proper testing. Look at how man machines were crippled by the last round of FF and Sarfari roll outs.
I'd rather it came out a week late than cause pc's to hang left right and centre.

Most people spend their time on the "urgent" rather than on the "important."

 

[cdogg]

Sympology,
Quite true. However, realize that this case is significantly different in the way that a Chinese source released the security flaw publicly BEFORE Microsoft actually released a fix. It was by mistake. The source assumed it was patched in the previous Internet Explorer security rollout which it wasn't.

Because IE is used by almost 80% of online users, this kind of threat poses the biggest risk. In fact, Trend Micro reported that at least 10,000 websites are already infected with malicious code to take advantage. Hacks and script kiddies all around the world were sure to exploit the security hole even further in the coming days and weeks, especially after learning how easy it was to infect unsuspecting websites. That motive alone forces Microsoft to rush out a patch as quickly as possible. Although you have stability issues on your mind, they have lawsuits on theirs!!

I agree that Opera and Chrome are not great subsitutes. Firefox is about the only one I would recommend using in place of IE when stuff like this leaks out. As for rolling out a replacement browser in a network environment, I would not recommend that either. This is really advice that is geared towards the home/home office workstation...

~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Einstein
[tab][navy]For posting policies, click [/navy]here.