×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Jump On Newest IE7 Bug

CmdrTaco posted more than 5 years ago | from the hop-on-pop dept.

Security 162

CWmike writes "Attackers are already exploiting a bug in Internet Explorer 7 that Microsoft patched just last week, security researchers warned today. Although the attacks are currently in 'very, very small numbers,' they may be just the forerunner of a larger campaign, said Trend Micro's Jamz Yaneza. 'I see this as a proof-of-concept,' said Yaneza, who noted that the exploit's payload is extremely straightforward and explained that there has been no attempt to mask it by, say, planting a root kit on the victimized PC at the same time. 'I wouldn't be surprised to see this [exploit] show up in one of those Chinese exploit kits,' he added. The new attack code, which Trend Micro dubbed 'XML_Dloadr.a,' arrives in a spam message as a malicious file masquerading as a Microsoft Word document."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

162 comments

Whew! (3, Funny)

the_humeister (922869) | more than 5 years ago | (#26903249)

Glad I'm using Lotus Notes. Hmm...

Re:Whew! (5, Funny)

Anders (395) | more than 5 years ago | (#26903353)

Glad I'm using Lotus Notes.

That's a first!

Re:Whew! (0)

Anonymous Coward | more than 5 years ago | (#26904111)

So is the guy's name in the article...Jamz lol what a goofy name hehe

Hopefully attacks like this won't be as prevolent (2, Interesting)

kcbanner (929309) | more than 5 years ago | (#26903267)

...when Microsoft stops bundling IE with Windows (depending on what happens with that anti-trust case in the EU). Does anyone know if that would also affect NA?

Re:Hopefully attacks like this won't be as prevole (4, Insightful)

the_humeister (922869) | more than 5 years ago | (#26903319)

And then the exploits will occur with the browser that most people are using. Face it: there are bugs in every piece of software out there, and it's just a matter of time before someone finds and exploits them.

Re:Hopefully attacks like this won't be as prevole (-1, Troll)

wjh31 (1372867) | more than 5 years ago | (#26903357)

Including operating systems, when all those linux geeks get the dominance over microsoft they seem so keen to advocate, they wont be using a lack of virii as a selling point any more

Re:Hopefully attacks like this won't be as prevole (4, Insightful)

peterbye (708092) | more than 5 years ago | (#26903595)

That will be true if all those people running windows using administrator accounts move over to running linux as root. Those running linux properly will still be pretty much unaffected.

Re:Hopefully attacks like this won't be as prevole (2, Insightful)

colourmyeyes (1028804) | more than 5 years ago | (#26904261)

There's always the matter of a no-password "sudo" setup.

Do any linux distros come set up for this by default? How long until they do?

Re:Hopefully attacks like this won't be as prevole (1)

billcopc (196330) | more than 5 years ago | (#26904767)

But what about those of us who are callous (lazy) enough to run as root 24/7 ? We're just not naive enough to run foreign attachments from people we don't know (or don't trust).

Sure, make things nerf-safe for the common user, but don't go bashing those of us who actually run these machines.

Re:Hopefully attacks like this won't be as prevole (2, Insightful)

jetsci (1470207) | more than 5 years ago | (#26903625)

Have you seen how much trouble it is to write a Linux virus? There was an article up recently(I may be crazy, could have been a comment) about writing a Linux virus/worm/trojan. It had a number of caveats and required a great deal of luck. HOWEVER, I can imagine the typical Windows user migrating to Linux and as mentioned above, running as root. However, Ubuntu(and others of course) do not allow root access by default...might not be so bad.

Re:Hopefully attacks like this won't be as prevole (3, Insightful)

lord_sarpedon (917201) | more than 5 years ago | (#26903757)

Not all that much really. Easy enough to run a spambot with user privs. Any of the data you want to steal is in ~. If you last long enough without detection, you can grab the user's password with an X keylogger and start doing extra naughty stuff with root.

Re:Hopefully attacks like this won't be as prevole (5, Interesting)

dedazo (737510) | more than 5 years ago | (#26903991)

It's not that difficult. I can turn your shiny Linux box into a bot zombie by sending you a Perl script in a tarfile with the execute bit set and asking you to extract and run it. I don't even need root access. More sophisticated? Fine, how about I do the same thing but use, say, Python and a simple wxWidgets UI to ask for your root password? You know, because I need it to "update your system". Chances are good you have all that installed on your system if you use the average distro.

Don't underestimate the power of simple social engineering or the tendency of users to do dumb things. And don't overestimate the alleged technological superiority of your OS. I don't need to code an ELF binary in x86 assembler to do damage, and no one writes destructive viruses anymore. Neither you nor your data are the target. The commodity being sought here is your machine and its network connection.

Re:Hopefully attacks like this won't be as prevole (1)

Thinboy00 (1190815) | more than 5 years ago | (#26904141)

then teach the user to only give pw to
A)Stuff that looks like gksu (you don't even need to explain what that is, just what it looks like)
B)If something speaks of "Updates", direct it to the Update manager, and ignore ~all else
C)If the User is stupid anyway, no system will ever be secure enough except one that does not give this person the ability to act as root in the first place, which means using a Mac, which I will never do because it is too user-obsequious

Re:Hopefully attacks like this won't be as prevole (1)

Sancho (17056) | more than 5 years ago | (#26904309)

This could be done with Windows. Teach the users not to click "Continue" on UAC prompts unless they know what they're doing.

The problem has been, is, and always will be the users. They want their shiny "asteroid cursors" and their "desktop playmates" and they're going to get them, along with whatever crap comes along with it.

Re:Hopefully attacks like this won't be as prevole (2, Insightful)

dedazo (737510) | more than 5 years ago | (#26904567)

Once all those Windows users start migrating to Linux because it's safer, do you think they'll suddenly be infused with large doses of simple common sense? apt-get install effin-common-sense-0.2.3 or something like that? =)

Re:Hopefully attacks like this won't be as prevole (1)

NotBorg (829820) | more than 5 years ago | (#26904423)

And don't overestimate the alleged technological superiority of your OS.

Let me fix that for you...

Don't be too proud of this technological terror you've constructed. The ability to destroy a planet...

Er wait, scratch that last part. I get carried away talking in this deep voice.

Re:Hopefully attacks like this won't be as prevole (2, Informative)

JasterBobaMereel (1102861) | more than 5 years ago | (#26904439)

...and I won't run it, nor will any of my users....

  Update my system .. ok I just go in the package manager ... no updates .. oh well

Social engineering works both ways, If you make sure you never, ever, send updates via email then the users notice it's unexpected and ask first ... Too many Windows systems are updated by users clicking on links in/attachments to emails ... and far too many websites give download and run links for Windows systems so that the users expect it to work like that

Linux does not make hijacking and exploits impossible, or even that difficult... but it does make it inherently less likely that the simple ones will succeed (don't run as admin, make it painful to run downloaded files, update via package manager not by running a program/script)

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26904483)

see, ubuntu users are useful to some...

Re:Hopefully attacks like this won't be as prevole (2, Insightful)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#26904577)

It's not that difficult. I can turn your shiny Linux box into a bot zombie by sending you a Perl script in a tarfile with the execute bit set and asking you to extract and run it.

Trojans are a serious concern, but still a small portion of the problem today. Most exploits, by number of infections, are via automated worms with no user interaction.

Don't underestimate the power of simple social engineering or the tendency of users to do dumb things. And don't overestimate the alleged technological superiority of your OS.

The interesting thing about non-Windows OS's is they adapt to threats. Right now trojans are not a problem for the average Linux user, but in a few high security environments they are a concern. Those environments use technologies like SELinux to mitigate the risks and make social engineering a lot harder indeed. If trojans are ever a threat to the average Linux user, these technologies will be ubiquitously employed helping to defeat said threat. That's the thing about not being a monopolist. You have serious motivation to fix your users problems and if you don't someone else will.

Neither you nor your data are the target.

This has never been completely true, but it is becoming less and less so. More malware is starting to collect passwords to online accounts, banking info, and credit card numbers.

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26904553)

I do agree, that Ubuntu would solve most of the issues of an attacker not needing to escalate privileges.

The main problem, still, has been and always will be the users lack of knowledge in what they are doing. It would be the same either way and quite honestly, it is not that hard to write a script to pwn a linux box. It's done mostly the same way as Windows pwnage... shell scripting. The oferflows are still there, as are the vulns in the software. It is simply that attackers are not currently tarketing linux (outside of servers) very much.

In short. There is no way to escape the attacks. Linux (which I favor above all other OS types) is still largely secured by obscurity, as there are fewer desktop users and a good majority of those are savvy enough to harden their system beyond a fresh install and AV.

Re:Hopefully attacks like this won't be as prevole (1)

grumbel (592662) | more than 5 years ago | (#26904733)

Root access or not doesn't really matter if a virus wants to cause harm or spread itself, all the users data happens to be user accessible and his favorite email app and webstuff of course too. But even if that isn't enough, it wouldn't be to hard for a virus to fake a password prompt to catch the password or just to wait for the user to use sudo and then use it himself, since sudo is often used with a timeout that gives the user full root access without a password for a couple of minutes or even forever.

On normal single-user desktop the separation of root and user account is nothing more then a little annoyance then a real barrier for a virus writer.

Now that doesn't mean that one can't build a secure Linux box, Sugar on the OLPC tries something like that with each application running in its own isolated environment which would make it pretty hard to break out of, but your average Ubuntu box doesn't do that and likely won't until viruses become a real problem for Linux.

Viruses are old tech. (1, Informative)

jellomizer (103300) | more than 5 years ago | (#26903739)

Viruses were made back in the single user day. Linux and MacOS even Newer Version of windows don't need Virus to do its damage. Worms that hack into the system and run and install separate process then war dial different IP Address do the trick just as well. The reason people still make viruses for windows is the fact they most people run with Administrator access and they are simple to program (And they think they are Hot stuff if they do), programming worms is still less glory but is more willing to effect a Linux Majority network infrastructure.

Just because Linux or MacOS or your favorite Unix doesn't have viruses they can still get hacked into especially if you poorly administrator or neglect them. The fact they they can get hacked into allows for such worms to operate. Heck a well neglected Unix box running a worm can also have an Auto Update feature to adjust for newly found security.

Being smug about security is the worse thing you can do.

Re:Viruses are old tech. (0)

JCSoRocks (1142053) | more than 5 years ago | (#26903797)

I agree. It makes the Troll mod on the GP that much more annoying. Windows is attacked because the vast majority of desktops are windows machines. When a different OS supplants it and it's worth the black hatters' time they'll switch to the new OS.

Re:Viruses are old tech. (1, Flamebait)

Locklin (1074657) | more than 5 years ago | (#26904623)

It's marked as a troll because it's a regurgitated line brought out whenever there is a discussion of a Microsoft vulnerability and adds nothing new to the conversation. It's used to discredit anyone pointing out a software alternative developed in a more security conscious way (a germane comment in a thread on security).

While its true that people will target software as a function of it's install base, there is such things as more secure software. For instance, Windows ME is less secure than XP. And an un-patched XP machine is less secure than a patched one. It's also quite likely that an XP machine is less secure than an average Linux machine, regardless of the install base.

Of course, there are several pointless jabs at Microsoft in this thread that should be marked troll under the same rules.

minor pedantry (2, Informative)

AliasMarlowe (1042386) | more than 5 years ago | (#26903881)

virii

If that's an attempt at Latin, it failed. In Latin, virus is in the fourth declension and its plural is virus (yep, just like the singular), and NOT viri or virii.

Of course, as an English word, the plural of virus is viruses.

Re:minor pedantry (2, Funny)

Tanktalus (794810) | more than 5 years ago | (#26904169)

Next thing you're going to tell me is that the plural of moose isn't meese. Stupid pedants.

more minor pedantry (1)

xaositects (786749) | more than 5 years ago | (#26904469)

"Hopefully attacks like this won't be as prevolent"

I'm surpised you missed the most glaring grammatical blunder in the comment: prevolent, which, of course, should be prevalent

Re:Hopefully attacks like this won't be as prevole (1)

kcbanner (929309) | more than 5 years ago | (#26903361)

I know. I'm just thinking in terms of the botnet spread "factor", I think that will go down as more people start using firefox/more secure browsers, and that market share will go up when Microsoft stops bundling IE. Of course they are just going to get the OEMs to do it for them, maybe some OEMs will package Firefox, who knows.

Re:Hopefully attacks like this won't be as prevole (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26903585)

exactly. this is precisely the reason that Apache has far more exploits published than IIS.

Re:Hopefully attacks like this won't be as prevole (1)

Hurricane78 (562437) | more than 5 years ago | (#26903985)

The key word here is "published". This is, because Apache has an open bug tracker. And IIS has -- I guess from the quality ;) -- no bug tracker at all.
But Apache fixes its bugs quickly, or even at all, compared to ISS.
Well, I guess to get some useful numbers, one would have to count the numbers of actually used exploits.

But then again, writing it anonymously most likely means that you are a troll...

Re:Hopefully attacks like this won't be as prevole (2, Interesting)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#26903785)

And then the exploits will occur with the browser that most people are using. Face it: there are bugs in every piece of software out there, and it's just a matter of time before someone finds and exploits them.

So a more diverse set of browsers in use leads to fewer people being exploited. Sounds like something worth encouraging. And while we're at it, how can we encourage vendors to make their browsers more secure and generally better. If only there were some way to motivate developers using common human motivations. I know, we could have them compete with each other on a level playing field in a fee market and the best browser will gain the most market share, so they will all work extra hard to make theirs the best. It's brilliant!

What the law already mandates this? Well, better yet. What one company is breaking the law and preventing competition and thus removing the motivation for much improvement and lowering the bar for everyone? Surely the courts will act quickly and decisively to stop this criminal behavior.

Re:Hopefully attacks like this won't be as prevole (1)

dedazo (737510) | more than 5 years ago | (#26903885)

Yes, and this is really the main valid argument against technological monocultures. Stupid people (sorry, inexperienced people) running [Another OS/Another Browser] will do the same stupid (sorry, inexperienced) things they do now. But as long as there isn't a browser gobbling up 90% of the installed user base, the number of available targets is substantially reduced. The black hats rely on the sheer weight of numbers to succeed, and let's face it, exploits are written for profit now, not to prove something or because it's cool. Shrink the target pool and you'll minimize the amount of damage done to the targets and everyone sharing the same tubes.

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26903827)

You know, I'll cede your point for any 'sufficiently complicated' application--what that means up for definition. But please--find me one remote code execution vulnerability for lynx. People keep crying for more complicated, more advanced web content with better scripting abilities--and the developers rush to meet the need without a second thought as to security. Yeah--if I've gotta run javascript, flash, mono, microsoft browser plugins, or even XUL--there's a lot of avenues for problems (especially if I'm stupid and click yes). But plain old HTML viewers... It's certainly possible to get a *secure* one. Bug free--well...the CSS standards and all that aren't clear enough yet.

Re:Hopefully attacks like this won't be as prevole (1)

compro01 (777531) | more than 5 years ago | (#26904265)

And in all likelihood be far less significant, as the browser in question wouldn't be so damn tightly integrated into the OS.

Re:Hopefully attacks like this won't be as prevole (1)

mrclisdue (1321513) | more than 5 years ago | (#26904277)

Why wouldn't the open source nature of some browsers (and some OSs) mean that it's just a matter of time before someone finds the flaws and fixes them?

Why is it always the doomsdayers and naysayers?

Aren't there far more do-gooders than do-badders?

cheers,

Re:Hopefully attacks like this won't be as prevole (1)

Low Ranked Craig (1327799) | more than 5 years ago | (#26904381)

I just don't believe that's true. Some code is inherently more secure. UNIX is generally more secure than Windows. People like to say (for example) that the reason Mac OS has few trojans, and no real viruses to date (that I am aware of) is because of its market share. You'd have to be exceptionally naive to believe that among the legions of Apple hating Microsofties that no one has been able to create a successful virus yet. I'm certain it has absolutely nothing to do with the inherent security of UNIX - Nope that's not possible. has to be market share. :)

I have no proof to back this up, but there is also zero proof to back up the market share theory.

Re:Hopefully attacks like this won't be as prevole (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26903321)

The new attack code, which Trend Micro dubbed "XML_Dloadr.a," arrives in a spam message as a malicious file masquerading as a Microsoft Word document. If the fake document is opened, the exploit hijacks PCs that have not been patched...

Running Chrome or Firefox won't stop idiots from opening strange attachments.

Re:Hopefully attacks like this won't be as prevole (5, Funny)

rolfc (842110) | more than 5 years ago | (#26903373)

Running Chrome or Firefox won't stop idiots from opening strange attachments.

Running Linux will.

Re:Hopefully attacks like this won't be as prevole (1, Funny)

Anonymous Coward | more than 5 years ago | (#26903501)

Linux makes you smarter.

Re:Hopefully attacks like this won't be as prevole (2)

Lucid 3ntr0py (1348103) | more than 5 years ago | (#26903529)

Running Chrome or Firefox won't stop idiots from opening strange attachments.

Running Linux will.

No. It will only stop the current exploits from being effective.

Re:Hopefully attacks like this won't be as prevole (3, Interesting)

Dotren (1449427) | more than 5 years ago | (#26903631)

Running Linux will.

Apparently not if you're using KDE or GNOME [slashdot.org] .

Re:Hopefully attacks like this won't be as prevole (1)

Tweenk (1274968) | more than 5 years ago | (#26903773)

There are fixes:
1. Require .desktop files to be executable to launch them
2. Ignore the Exec= line in user overrides

It's just a matter of someone contributing a suitable patch. It is not an architectural problem.

Re:Hopefully attacks like this won't be as prevole (1)

N1AK (864906) | more than 5 years ago | (#26903841)

So you are suggesting that a significant flaw in Linux has lasted so long, even though it is "just a matter of someone contributing a suitable patch"? Hardly a good arguement.

Pointing out there are possible fixes doesn't absolve it from blame.

Re:Hopefully attacks like this won't be as prevole (2, Insightful)

Thinboy00 (1190815) | more than 5 years ago | (#26904431)

Pointing out there are possible fixes doesn't absolve it from blame.

No, it doesn't, and that is one of the major problems with FOSS: devs tend to avoid disturbing the ecosystem as much as possible, even when doing so is a good idea. If this was run in a traditional (read:closed-source) setting and IT heard that it would take the flip of a few bits to get rid of a major security vulnerability, how long would the bug live?

I know some idiot mod will mark this as a troll because it is critical of FOSS. Really people, let's at least pretend to be civilized, please.

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26904343)

There are patches for this exploit as well. What's your point?

Re:Hopefully attacks like this won't be as prevole (4, Informative)

Greyfox (87712) | more than 5 years ago | (#26903669)

Back in the day when dinosaurs and mainframes walked the earth and the system programmer's room was likely to have more than one half-drunk cup of coffee with a cigarette butt floating in it, it was not uncommon to get an E-mail around Christmas time with an attachment in it. The attachment purported to display an ASCII Christmas tree on your terminal, complete with flashing ornaments and such.

When it was run, this attachment would helpfully and quietly forward itself to everyone in your address book. A couple of days later, after cleaning up the smoking wreckage of the E-mail system, system administration would send out an E-mail suggesting that it's not a good idea to run programs from unknown sources.

This was on IBM VM/CMS, a notably not-Microsoft OS.

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26903909)

That's an interesting story, but you're missing the most important part: did you get the Christmas tree? Were there flashing ornaments?

Re:Hopefully attacks like this won't be as prevole (1)

Greyfox (87712) | more than 5 years ago | (#26904365)

No, it was kind of garbled. I did learn that it was a bad idea to run applications that came as Email attachments though...

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26904185)

The only exploit is the user herself. Just don't open attachments from people you don't know. That's what the spam folder is for. Now, if it's tricky and has already infected one of your friends, then call your friend up and ask him what this document that reads "Make 1 Million Dollars In A Day!" is all about. Simple, fight social hacking with social un-hacking.

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26903721)

Idiots opening strange attachments won't run Linux.

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26903735)

Running Linux stops idiots from doing anything to their computers.

Re:Hopefully attacks like this won't be as prevole (1)

Bryansix (761547) | more than 5 years ago | (#26904307)

That's because you have to step through the 9 levels of dependency hell in order to run anything on Linux.

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26903763)

I think you underestimate the idiots.

Re:Hopefully attacks like this won't be as prevole (1)

Locklin (1074657) | more than 5 years ago | (#26904251)

Of course, you can always execute unsigned, untrusted code by downloading Firefox extensions on the Mozilla site.

Re:Hopefully attacks like this won't be as prevole (1)

Lord Ender (156273) | more than 5 years ago | (#26904293)

Yes, but linux will also stop them from opening not-so-strange attachments, unfortunately.

Re:Hopefully attacks like this won't be as prevole (0)

Anonymous Coward | more than 5 years ago | (#26904231)

Running a virtually 100% secure OS like OS X minimizes this.

Re:Hopefully attacks like this won't be as prevole (2, Insightful)

jetsci (1470207) | more than 5 years ago | (#26903363)

I wonder, what would un-bundling REALLY mean? Just that its easier to remove or that Microsoft OS' come with no browser? Now that would be a fun one for new users...

Linux (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26903273)

Jimmy woke up groggy on a carpet floor. He wasn't sure what time or day it was. He just knew he was molested by 3 free software developers and a goat. Then his virginity was taken by a man named Stallman who fucked him with in the inch of his life while ranting about GNU. He felt like he belonged to them all ready. It was happening so fast. He felt something in his ass. It was a butt plug. He pulled it out and saw it was 8 inches long and 5 inch thick.

Jimmy vowed never to try Linux again.

breaking news! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26903279)

Barack Obama is using FREE Open Source software! recovery.gov uses Drupal. Looks like this is the change we can believe in!

Exploit Wednesday (1)

jetsci (1470207) | more than 5 years ago | (#26903293)

So naturally, it begins again. What is it that allows these hackers to reverse Microsofts patches? Is there no format that would protect them? Perhaps a more open security policy? Imagine that mess?

Re:Exploit Wednesday (1)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26903325)

I'm assuming that they aren't actually hitting patched systems; just going after the (numerous) systems as yet unpatched, possibly with the aid of information inferred from analysis of the patch. If the patch itself, or patched systems, were getting exploited, it would be bigger news.

Re:Exploit Wednesday (1)

jetsci (1470207) | more than 5 years ago | (#26903427)

You're probably right, I failed to make that clear. From my understanding, Patch Tuesday allows hackers to see the old exploit and target unpatched systems. However, is there anyway for Microsoft to minimize the exposure of these patches?

Re:Exploit Wednesday (2, Informative)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26903683)

I'm not an expert by any means; but I'd suspect that that is a hard problem. The security patch must, to fulfill its purpose, change the system from its vulnerable state to a nonvulnerable one. Tools for observing changes of state are common, well developed, and have loads of legitimate uses. Especially with all the use of VMs now, you pretty much have to assume that the hypothetical reverse engineer can see absolutely everything that happens to the system, step by step, if he feels like it.

Microsoft could, of course, add large numbers of irrelevant changes to every patch, as a sort of chaff, and use the various other obfuscation tricks; but I strongly suspect that that would do nothing good for the timeliness or quality of their patches.

Re:Exploit Wednesday (1)

Dotren (1449427) | more than 5 years ago | (#26903737)

However, is there anyway for Microsoft to minimize the exposure of these patches?

To do this effectively I imagine they'd have to hide the fact that they've updated the system or, at least, minimize their KB articles to say "Patch KB[insert number here] fixed an exploit".

Imagine though the lashback from this... we already know from recent articles how much people despise Microsoft for adding sneaky patches that install addons for Firefox. Sneaking in security updates without documentation and/or some sort of notice would further solidify some people's ideas of Microsoft's sheer level of evil and their obvious plot to take control of all of our PCs away from us.

If you think about it that way, this whole situation is pretty much a win/win for MS haters.

Re:Exploit Wednesday (1)

jetsci (1470207) | more than 5 years ago | (#26903767)

I can't help but wonder then, just how bad the MS situation is(security) if they're so afraid of an open view in terms of security from the outside world. Imagine upstreaming patches for your Windows XP box, Debian/RHEL style?

Re:Exploit Wednesday (1)

Dotren (1449427) | more than 5 years ago | (#26903999)

I can't help but wonder then, just how bad the MS situation is(security) if they're so afraid of an open view in terms of security from the outside world.

I think currently they have a fairly open view to the outside world, post-patch anyways. Releasing information regarding the vulnerability pre-fix wouldn't be a good thing. I was just commenting that they COULD hide information about the security patches to prevent would-be-hackers from learning about an exploit and targeting un-patched systems. I don't really think thats the best action to take though.

It is Microsoft's fault in the first place for writing the software and the underlying architecture in such a way that allows these types of exploits. However, if they release a fix and some people don't get them because automatic updates is turned off (for whatever reason) then that is an end-user problem. It is these systems that are under the most threat and the threat, at that point, can't be ended by Microsoft.

Re:Exploit Wednesday (1)

lord_rob the only on (859100) | more than 5 years ago | (#26903403)

So naturally, it begins again. What is it that allows these hackers to reverse Microsofts patches? Is there no format that would protect them? Perhaps a more open security policy? Imagine that mess?

You can "reverse" Microsoft patches. Use the tool to reverse the Windows configuration to a given date (in Accessories -> System Tools but I don't know the exact name of this app as I'm not using Windows on my home pc of course)

Losing battle: hackers vs crackers (0)

Anonymous Coward | more than 5 years ago | (#26903315)

Sigh... I was going to post a quick rant about using the term "Hacker" when obviously "Cracker" or "Black Hat Hacker" would be better....but ohhhh what the hell... I give up.
I've been doing computer stuff ("hacking") since the mid-1970s and consider myself a "Hacker"...but not in the bad way.
maybe I should turn to the dark side and just get it over with.

Oh get over it (0, Offtopic)

Viol8 (599362) | more than 5 years ago | (#26903419)

No one apart from uber nerds care - its just a word. Hoover were probably pissed that their name became the de facto name for vacuum cleaners too. Tough, deal.

Already? (0, Redundant)

sqlrob (173498) | more than 5 years ago | (#26903331)

Must've been harder than usual. I would've expected it on Wednesday or Thursday of last week.

Masquerading? (5, Funny)

TheRaven64 (641858) | more than 5 years ago | (#26903375)

a malicious file masquerading as a Microsoft Word document

I don't think this is the same definition that the rest of us use. In related news, a lizard was seen masquerading as a gecko.

It was probably dressed as Clippy... (1)

Viol8 (599362) | more than 5 years ago | (#26903487)

... pretending to be helpful but surreptitiously twirling its moustache while doing nfaerious deeds to the computer and generally making life miserable for the user.... actually thinking about it - thats not too different from the real clippy.

Re:It was probably dressed as Clippy... (0)

Anonymous Coward | more than 5 years ago | (#26903593)

and help you save on your insurance too!

Re:It was probably dressed as Clippy... (1)

JCSoRocks (1142053) | more than 5 years ago | (#26903843)

It looks like you're trying to renew your existing car insurance. Would you like to save 10% by switching to Geico?

Linus quote about Microsoft (2, Funny)

Anonymous Coward | more than 5 years ago | (#26903399)

"They invade our computers, and we fall back. They assimilate entire servers, and we fall back. Not again. The line must be drawn here! This far and no further! And I will make them pay for what they've done!" - Linus Torvald

Re:Linus quote about Microsoft (1)

Hordeking (1237940) | more than 5 years ago | (#26903583)

"They invade our computers, and we fall back. They assimilate entire servers, and we fall back. Not again. The line must be drawn here! This far and no further! And I will make them pay for what they've done!" - Linus Torvald

Sounds a bit like a Linus Maginot Line [wikipedia.org] , to me.

Re:Linus quote about Microsoft (0)

Anonymous Coward | more than 5 years ago | (#26903825)

OK, I just watched (again) Star Trek "First Contact" and that is totally a Picard quote (although I am sure the screenwriters stole it from somewhere that I am not erudite enough to have studied). I think you just need to replace "Computers" and "Servers" and you hit Picard's line exactly.

Re:Linus quote about Microsoft (0)

Anonymous Coward | more than 5 years ago | (#26904009)

Duh. Congratulations Einstein.

aka Woosh!

the solution is .. (1)

viralMeme (1461143) | more than 5 years ago | (#26903429)

Set the default viewer for msWord docs to the Word Viewer [microsoft.com] , make normal.dot read only, disable auto-opening of macros ..

Re:the solution is .. (1, Informative)

Anonymous Coward | more than 5 years ago | (#26903657)

...or use OpenOffice.

Anonymous Coward (0)

Anonymous Coward | more than 5 years ago | (#26903493)

So millions of web users are in danger because

a) IE is insecure and Microsoft evil

or

b) Because they did not apply a patch which has been recommended by Win update

Being on Slashdot, i get those two confused...

Re:Anonymous Coward (1)

moteyalpha (1228680) | more than 5 years ago | (#26903609)

So millions of web users are in danger because

a) IE is insecure and Microsoft evil

or

b) Because they did not apply a patch which has been recommended by Win update

Being on Slashdot, i get those two confused...

Is that multiple choice? , if so, I choose a and b as my answer.

Use firefox? (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26903575)

How would switching to FireFox help? So you can get a different brand of virus?

Patch and keep patching. That is the only safe bet.

Yes I am using Firefox right now.

In other news-- FISH FOUND IN OCEAN (2)

baomike (143457) | more than 5 years ago | (#26903619)

Will it blow my version of OO when I try to open the WORD document?
I am glad to hear that it wont affect the REGISTRY on Slack.

I am so waiting for the malware that runs "FORMAT C: " or whatever
it is nowadays.

Re:In other news-- FISH FOUND IN OCEAN (1)

mapsjanhere (1130359) | more than 5 years ago | (#26903759)

reminds me of the first virus I ever encounter, something Jericho; I knew I was in trouble when /format :c was no longer working. Oh, the days when a reformat and reinstall took 30 min, and all your documents were "safe" on floppies anyway.

Re:In other news-- FISH FOUND IN OCEAN (1, Informative)

Anonymous Coward | more than 5 years ago | (#26904031)

reminds me of the first virus I ever encounter, something Jericho; I knew I was in trouble when /format :c was no longer working. Oh, the days when a reformat and reinstall took 30 min, and all your documents were "safe" on floppies anyway.

Sector not found reading drive A: Abort, Retry or Fail?

Re:In other news-- FISH FOUND IN OCEAN (1)

fataugie (89032) | more than 5 years ago | (#26904299)

You mean on all those old, re-formatted AOL disks?

HAHAHA

/me grabs stomach, slaps knee and wipes a tear from his eye

Re:In other news-- FISH FOUND IN OCEAN (1)

mapsjanhere (1130359) | more than 5 years ago | (#26904473)

We would have killed for reformated AOL disks! This was 1990 or so, they weren't giving them away yet (at least where I went to school). So past the time when we were cutting extra slots in 5.25" floppy holders to use the single sided ones double sided and saved 50 cents each.

Re:In other news-- FISH FOUND IN OCEAN (1)

fataugie (89032) | more than 5 years ago | (#26904605)

Wow, you're really old.

Hey Grandpa, tell me about when you used to have trays of punch cards... ;-)

Re:In other news-- FISH FOUND IN OCEAN (1)

mapsjanhere (1130359) | more than 5 years ago | (#26904651)

now that you mention it ...
Actually I started out on Commodore 64s - not THAT much older.

Re:In other news-- FISH FOUND IN OCEAN (2, Informative)

The MAZZTer (911996) | more than 5 years ago | (#26904003)

Viruses/Virii don't tend to destroy the computer anymore, since that pretty much gives them away AND also makes it difficult for them to propagate or earn money off of you (ad views, purchases) when your computer won't turn on.

Dump IE and get Firefox? (0)

Anonymous Coward | more than 5 years ago | (#26904021)

All you are doing when you replace IE with Firefox is swapping security holes for bugs. Both are very very annoying.

One you can use flawlessly, but get hacked/malware. The other, secure, but barely usable.

Granted, IE security issues are worse, but all you do is replace a crap browser with a slightly less crap (but more secure) browser. It's hardly a "Firefox is AWESOME!" endorsement.

Firefox need to sort out bugs before they add even more bloat...sorry features to their browser.

It is almost unusable in Ubuntu and I don't much care for it in Windows either.

Although I wonder why "Internet Explorer has a security hole" is a story (yet again). Oh yeah, a free advert for Firefox.

Or am I just too cynical?

I would suggest giving Opera a try (which is what I intend to do).

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...