Major flaw revealed in Internet Explorer; users urged to switch

Tue Dec 16, 2008 11:49AM EST
on Yahoo!

The major press outlets are abuzz this morning with news of a major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8. The attack has serious and far-reaching ramifications -- and they're not just theoretical attacks. In fact, the flaw is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.

Virtually all security experts (as well as myself) are counseling users to switch to any other web browser -- none of the others are affected, including Firefox, Chrome, and Opera -- at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." Microsoft adds that it is working on a fix but has offered no ETA on when that might happen. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds. (Some reports state, however, that the fixes do not actually work.)

Expedient patching or switching are essential. Security pros fear that the attack will soon spread beyond the theft of gaming passwords and into more criminal arenas, as the malicious code can be placed on any website and can be adapted to steal any password stored or entered using the browser. It's now down to the issue of time: Will Microsoft repair the problem and distribute a patch quickly enough to head off the tsunami of fraud that's about to hit or will it come too late to do any good?

Meanwhile, I'll reiterate my recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated.

Thank you for telling me Winx.I am switching right now.

Thank you for telling me Winx.I am switching right now.


You're welcome, Mirror.

I'm using Firefox with my new computer. I was using IE on my old one.

Wish I would get these quote things right.

I hate always having to be the one that seemingly defends microsoft, but...




This 'flaw' is already well known, and is not breaking news. The article was written by a well known Firefox supporter (named Chistopher Null), conincidentally, at the same time the 'Google Chrome' beta browser was released. This is a marketing ploy, nothing more.

The actually flaw itself is, apparently, a file that contains saved passwords in it. Which of course, EVERY browser that runs a saved password feature has to store the password to a file.

Perhaps the difference is that IE saves a username and URL in the same file, and other browsers store them elsewhere, and thus it is less secure because it is all in one file, Who knows? The fact of the matter is, if you DON'T save your passwords, while using the browser.. it won't be stored on your computer.

By the way, the way to access that file, and retieve the username, password, and the website url associated with them on your computer, is by HACKING your computer in the first place. You see the point? Inorder for this vulnerbility to be exposed, you would have to have already been compromised..

I haven't used IE in about four years. It sucked then and hasn't gotten better

Thanks. Now I know to not have my password saved.

[qoute]
I haven't used IE in about four years. It sucked then and hasn't gotten better


-THIS is what I wanted to say:-


"when people make these kinds of statements, I can't help but think.. so what, where's the beef?

You felt it was worth announcing how 'cool' you are to follow the popular anti-microsoft trend by making generalized statements (offering NO Specifics of how it 'sucks'), and offer no RELATIVE comparison.

By your own statement, my 5 year old nephew has more relative experience on this matter than you can offer. As you have not used the program in four years, and can not make a relative comparison."

-BUT.... I realized that was too personable and could be considered offensive.. so, this is my respectful response:-

"I'm not a FAN of any browser, or operating system for that matter. They are programs. It can't 'suck' by any means, in either the literal, or implied, manner."

-This is what I would like people to clarify in the future:-


"I would like people who make generalized statements on these manners to list what they expect a browser to do, and not do.. when you can tell me the function of these programs, and where a particular browser, like IE, fails to function properly, by your own specifications.. then your opinion, in this respect, will be worth noting. Until then, you'll be regarded as a zealous follower with an identity complex."


That pretty much covers things...

And who are you to demand such a thing?

This is a free forum and everyone in entitled to say what he/she wants.

You don't like it, ignore it.

omg that is hilarious...



all that from one sentence..

That wasn't very nice to say to someone. He gave his opinion. He can do that.

did that t me too....

have to add an extra [ / quote] at the bottom... thats why I edited

Thanks for the tip but it didn't work for me.

so if some one says

i tried green beans four years ago and they tasted terrible

that means that you can say that you know someone that likes them

thus you are an uniformed idiot

i think not

there are warnings everywhere about i e not being secure

if it was they would not have to keep making upgrades to fix it

what other browsers have you used

or do you only use i e

thus making your post effectively about you in reverse

just a thought

but hey

what do i know

i avoid i e like the plaque because it is one

I like green beans especially fresh ones.

it's misspelled

I had to correct it in my post, too

It worked.

I didn't misspell it. I didn't even to think to look there.

Thanks.

omg that is hilarious...



all that from one sentence..

Thank you for telling me Winx.I am switching right now.


You're welcome, Mirror.

I'm using Firefox with my new computer. I was using IE on my old one.

Wish I would get these quote things right.

That WAS my way of ignoring it

That's what I meant by 'regarded as zealous follower with identity complex'. It's a form of trivialization. Still, it wasn't saying this is what he was, just how I regard generalized statements with no clarification.

You confuse rights with entitlements. The difference is accountability. People are not entitled to express their opinions, just merely have them. For, to be entitled to express your opinion, is to be held unaccountable for the act of expression... which is unrealistic. In an example of rights versus entitlement, when a police officer says you have the right to remain silent, you can choose to do so, but don't think by choosing to do you aren't going to held accountable for remaining silent. If you were entitled to remain silent, not only would you HAVE to remain silent, but you would NOT be held accountable for it.


With that said, knowing people WILL be held accountable for expressing their opinions. Generalized statements are not welcome in any form of communication, mostly because it's difficult to discern the reasoning of such a statement.

Communication is a tricky thing. A person doesn't state their opinion with the intention of it simply being ignored. I can agree to disagree with a person, but first I need clarification (their reason for their opinion) before I can agree, disagree, or agree to disagree with them.

I know he is entitled to his opinion, my response was just my way of saying I would expect more reasoning in stating such an opinion in regards to this topic.. this isn't a topic about favorite colors, or an equally 'suggestive' topic.

Perhaps I would see things differently if I stopped using Internet Explorer for 4 years.. perhaps Internet Explorer sucks and I just don't know it because I see it as a tool, and not a banner of cooperate greed, or whatever the 4 year absence of IE, enlightening process, suggests to me.. perhaps rights to say what I want is not as covered under your belief, Perhaps I am wrong for expressing my opinion that a person's opinion should be more thoughtout. perhaps I'm wrong for critizing what I would consider a completely biast and irrational perspective on something so progressive oriented.

Look, to summarize..

If you have an issue with me NOT ignoring generalized opinions that I disagree with on the basis of generalization, than YOU should learn to follow you own advice, and ignore my statements...
that way you won't seem like a hipocrite, which you are being, by definition.


Now, I think we've gone off topic completely.

So I'm simply going to ask quiet_2008, what would you change about IE to make it not 'suck', as I haven't the first clue of what makes it suck?

btw quiet_2008, my ranting in these posts were not so directed at you as it is to the countless number of people that not only share your opinion, but also make statements to which I gain no clarification from. I really don't mean any disrespect to you personally, and I would have removed the first section I wrote, if not that I felt obligated to post it, because it was my original reaction. I'm not looking to censor myself, or make excuses for my reaction; However, in regards to making excuses for my reaction, at the time, I did just get finished reading several buzz yahoo articles and the posted remarks, which were all Firefox Linux anti-microsoft rhetoric, so that's where my frame of mind came in at the time I read your post.

Again, I have and use other browsers frequently, for I develop(but hardly ever publish) websites... this is not a prefered browser debate for me.