• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

IE security flaw!!

  • Thread starter Thread starter Deleted member 4644
  • Start date Start date
From the ZDNet article:
Security researchers said the IE vulnerability has been known for the past six months, but had previously been seen as a conduit for denial-of-service attacks rather than the remote execution of code. DOS attacks, which attempt to crash a system by flooding it with data, are typically considered less-severe security risks.

"The vulnerability itself has been known about for a while, but it was only a problem for a denial-of-service attack that would sometimes cause IE to crash," said Johannes Ullrich, chief research officer for the Sans Institute. "Up until now, no one knew how to mark the code and find it in memory to execute a remote code attack...."

Because the flaw was initially believed to involve only a potential DOS attack, Microsoft never issued a patch for the problem, Ullrich said. He added it is not yet known whether Microsoft will spin out a patch for the flaw immediately or wait for its monthly patch cycle.
Click to expand...

Ouch.
 
Originally posted by: bersl2
From the ZDNet article:
Security researchers said the IE vulnerability has been known for the past six months, but had previously been seen as a conduit for denial-of-service attacks rather than the remote execution of code. DOS attacks, which attempt to crash a system by flooding it with data, are typically considered less-severe security risks.

"The vulnerability itself has been known about for a while, but it was only a problem for a denial-of-service attack that would sometimes cause IE to crash," said Johannes Ullrich, chief research officer for the Sans Institute. "Up until now, no one knew how to mark the code and find it in memory to execute a remote code attack...."

Because the flaw was initially believed to involve only a potential DOS attack, Microsoft never issued a patch for the problem, Ullrich said. He added it is not yet known whether Microsoft will spin out a patch for the flaw immediately or wait for its monthly patch cycle.
Click to expand...

Ouch.
Click to expand...

Suprised?
 
Originally posted by: Hyperblaze
Originally posted by: bersl2
From the ZDNet article:
Security researchers said the IE vulnerability has been known for the past six months, but had previously been seen as a conduit for denial-of-service attacks rather than the remote execution of code. DOS attacks, which attempt to crash a system by flooding it with data, are typically considered less-severe security risks.

"The vulnerability itself has been known about for a while, but it was only a problem for a denial-of-service attack that would sometimes cause IE to crash," said Johannes Ullrich, chief research officer for the Sans Institute. "Up until now, no one knew how to mark the code and find it in memory to execute a remote code attack...."

Because the flaw was initially believed to involve only a potential DOS attack, Microsoft never issued a patch for the problem, Ullrich said. He added it is not yet known whether Microsoft will spin out a patch for the flaw immediately or wait for its monthly patch cycle.
Click to expand...

Ouch.
Click to expand...

Suprised?
Click to expand...

No, just drawing attention to the fact of "same old same-old". :evil:
 
Woohoo. Another reason to use Opera. Doesn't do a damn thing to Opera 9. Must mean it's more multi-threaded because it doesn't freeze at all either.

Tried to buffer-overrun IE and freezes Mozilla FireFox for a second and then displays big message boxes of Chinese-esque characters then just stops then CPU is at 0% again...

But none of the browsers open calc.exe for me. I also have DEP enabled for all applications.

Upon further observation, all it does is max out the memory for the FireFox.exe process. I'm disappointed. None of my browsers opened calc.exe. :laugh:
 
Originally posted by: astrosfan90
I thought IE was one giant security flaw...people still use it?
Click to expand...


Yes seriously, whoever knows about alternatives (i.e firefox, opera, Konqueror, Mozilla...etc) and still uses IE deserves all the viruses that the Cyber world has to offer, why because he / she is asking for it.
 
This is no worse than the Mozilla Foundation sitting on security issues for over 6 months, or Sendmail not releasing a patch for a known issue for over a decade.

It seems most major software companies/organizations end up falling into the above pattern.
 
Originally posted by: The Linuxator
Originally posted by: astrosfan90
I thought IE was one giant security flaw...people still use it?
Click to expand...

Yes seriously, whoever knows about alternatives (i.e firefox, opera, Konqueror, Mozilla...etc) and still uses IE deserves all the viruses that the Cyber world has to offer, why because he / she is asking for it.
Click to expand...

Actually as of late Firefox has had more security issues than IE (IMHO IE is thru alot of it's growing pains, while FF still has a way to go). So, such a general statement about users getting what they deserve is baseless.

Bill

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top