Another Gaping IE Hole...

trmiv

Lifer
Oct 10, 1999
14,670
18
81
At the end of that post it says


<< If you routinely browse with Internet Explorer or read mail with Outlook, keep in mind that any web page you visit or any email you open can take over your computer, steal sensitive files, destroy your machine, anything. This has been true for at least two and half years. >>



Yet, in those two and a half years, I don't know one person this has ever happened to.
 

Descartes

Lifer
Oct 10, 1999
13,968
2
0
*SIGH*

Yes, I understand this is a serious issue, but those slashdot hax0r wannabes spew anti-MS rhetoric more than just giving the damn technical issues behind the attack. It gets really, really old to see these lemmings continue to follow each other.

If you want the same sissue SANS all the meaningless regurgitated rhetoric, have a look-see.
 

Adul

Elite Member
Oct 9, 1999
32,999
44
91
danny.tangtam.com
doesnt it wont happen. Ah well someone might take this and write something malicioussooner or later. *loads up mozilla*


Welcome to the lifer club skoorb.

 

notfred

Lifer
Feb 12, 2001
38,241
4
0


<< At the end of that post it says


<< If you routinely browse with Internet Explorer or read mail with Outlook, keep in mind that any web page you visit or any email you open can take over your computer, steal sensitive files, destroy your machine, anything. This has been true for at least two and half years. >>



Yet, in those two and a half years, I don't know one person this has ever happened to.
>>



I was gonna say that.
 

nd

Golden Member
Oct 9, 1999
1,690
0
0
You are absolutely FOOLISH to believe you're safe because it hasn't happened to you (or others) yet.

Since it has now leaked out into the open (for script kiddies et al), you should definitely be concerned.

Microsoft has not handled this well either -- it's impossible to write perfect bug-free code, but they could learn a lot from how the open source camp handles issues that come up like this. This is the reality.
 

Tominator

Diamond Member
Oct 9, 1999
9,559
1
0
If Opera or Netscrape, or you name the browser, was anywhere near as popular as IE, the Hackers would be working there voodoo on them. Face it folks, the only way to be safe is to turn it off and sit in a darkened room...You run security software and install parches and hope for the best.
 

gopunk

Lifer
Jul 7, 2001
29,239
2
0
well i'd say that you're pretty safe if you only visit a few sites, like anandtech, your bank, and your school. barring a sucessful hack of course...
 

trmiv

Lifer
Oct 10, 1999
14,670
18
81


<< You are absolutely FOOLISH to believe you're safe because it hasn't happened to you (or others) yet.

Since it has now leaked out into the open (for script kiddies et al), you should definitely be concerned.

Microsoft has not handled this well either -- it's impossible to write perfect bug-free code, but they could learn a lot from how the open source camp handles issues that come up like this. This is the reality.
>>




Did you read the part in this link where it said:



<< Opening a file type previously considered safe, e.g. plain text or HTML file isn't safe with IE. Users of the browser should avoid opening files directly and save them to disk instead (if opening them is necessary at all). If this flaw is being exploited, the file save dialog will reveal that the file is actually an executable program. >>



I NEVER open a file in IE directly when downloading it. I always save it to disk first. So why would I have any reason to believe this particular flaw is going to happen to me, if I am already practicing the method used to avoid the flaw? If you are directly running a downloading file without saving it and checking it first, you are asking for trouble anyway. I'm not saying this isn't a problem, because many people don't know they should do this, but it hasn't been a problem for me, and won't be if this is the way it works.
 

nd

Golden Member
Oct 9, 1999
1,690
0
0


<<

<< Opening a file type previously considered safe, e.g. plain text or HTML file isn't safe with IE. Users of the browser should avoid opening files directly and save them to disk instead (if opening them is necessary at all). If this flaw is being exploited, the file save dialog will reveal that the file is actually an executable program. >>



I NEVER open a file in IE directly when downloading it. I always save it to disk first. So why would I have any reason to believe this particular flaw is going to happen to me, if I am already practicing the method used to avoid the flaw? If you are directly running a downloading file without saving it and checking it first, you are asking for trouble anyway. I'm not saying this isn't a problem, because many people don't know they should do this, but it hasn't been a problem for me, and won't be if this is the way it works.
>>

I think you probably have opened up a .txt file before in IE without saving it first. If you haven't, many MANY other users do. They will still get a "Open/Save" dialog in this case, but it appears safe because IE handles binary files in such a broken manner.
 

Harvey

Administrator<br>Elite Member
Oct 9, 1999
35,057
61
91
Browsing right now on NS 6.2. Very fast, very stable, and very happy. :D

Anti-virus isn't all you need. You should also have a software firewall, like Zone Alarm. The free version reports a seemingly endless number of attempts to probe my machine. It reports the IP address of the source, the port used by the source, and the port it attempted to hit on my machine. You can then use Arin/Whois to track the offender. You can't do much if their from Europe or Asia, but I've reported a number of them to major ISP's. They appreciate the help, because it may be evidence of worm activity on their server.