Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft To Ship Emergency IE Patch

kdawson posted more than 4 years ago | from the advanced-persistent-threat dept.

Internet Explorer 187

Grotendo writes "Microsoft plans to release an emergency patch for Internet Explorer very soon to counter targeted attacks and the publication of exploit code for a 'browse and you're owned' vulnerability in its flagship Web browser. The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend." Microsoft has downplayed the seriousness of the IE zero-day, and insisted that it affects only IE6 even as security researchers close in on exploits for IE7 and IE8. Microsoft has had no comment about the firestorm that Google unleashed by directly accusing the Chinese of cyber espionage. ShadowServer has up a sobering post on the massive extent of the problem of "groups that can be referred to as the Advanced Persistent Threat."

cancel ×

187 comments

0! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30824004)

comment!

Enough is enough! (5, Informative)

LostCluster (625375) | more than 4 years ago | (#30824026)

I'm uploading the IE6 No More [ie6nomore.com] code to my website now. There's a point where users of outdated software need to be told there's four major cost-free options, including a much updated version of IE if they want to stick with IE. I'm almost thinking we should move from a warning to a service-denying error if this goes much further.

Re:Enough is enough! (5, Funny)

MrEricSir (398214) | more than 4 years ago | (#30824226)

Why not just exploit their browser's security flaws and wipe their hard drive?

That way they learn their lesson about safe browsing the old fashioned way.

Re:Enough is enough! (0)

Anonymous Coward | more than 4 years ago | (#30824246)

Re:Enough is enough! (1)

whitedsepdivine (1491991) | more than 4 years ago | (#30824346)

I was going to click on the link, but now I am scared. My company used IE :(

Re:Enough is enough! (1)

stuckinphp (1598797) | more than 4 years ago | (#30824460)

its wikipedia..

Re:Enough is enough! (1)

NotBorg (829820) | more than 4 years ago | (#30824256)

Sorry, but I need them alive! Muhahahahahahahh! Nom Nom Nom Nom!

Re:Enough is enough! (4, Funny)

H0p313ss (811249) | more than 4 years ago | (#30824296)

Pro

  • Amusing
  • Might solve problem

Cons

  • Illegal
  • Immoral

Counter proposal: have you tried carpet bombing a small third world country today?

Re:Enough is enough! (1)

jhoegl (638955) | more than 4 years ago | (#30824374)

One doesnt need to carpet bomb when their buildings are made of a concrete deck of cards.

Re:Enough is enough! (3, Funny)

NatasRevol (731260) | more than 4 years ago | (#30824690)

Just drop carpets!

Re:Enough is enough! (0)

negRo_slim (636783) | more than 4 years ago | (#30824718)

I'm uploading the IE6 No More [ie6nomore.com] code to my website now. There's a point where users of outdated software need to be told there's four major cost-free options, including a much updated version of IE if they want to stick with IE. I'm almost thinking we should move from a warning to a service-denying error if this goes much further.

Pro

  • Amusing
  • Might solve problem

Defiantly amusing, but I doubt any web master worth his or her salt would put that up and not expect to come across as lazy and childish.

Re:Enough is enough! (1)

Anonymous Coward | more than 4 years ago | (#30824926)

I believe you need to read this.

http://www.d-e-f-i-n-i-t-e-l-y.com/

Re:Enough is enough! (1)

H0p313ss (811249) | more than 4 years ago | (#30824994)

* /me adds "Defiantly Amusing" as a bullet point to his CV*

Re:Enough is enough! (1, Interesting)

Nerdfest (867930) | more than 4 years ago | (#30824446)

Serious question here: does the Chrome frame for IE6 protect users from this attack? It would be interesting to know, as MS stated that it increased the security exposure (which is true in theory, but generally false in practice from what I've seen, as all attack surfaces are not created equal.)

Re:Enough is enough! (3, Informative)

dgatwood (11270) | more than 4 years ago | (#30824548)

No. Chrome frame is only active if a page specifically codes for it [google.com] . Otherwise, it does nothing. An attack page would not typically include code for a workaround.

Re:Enough is enough! (0)

Anonymous Coward | more than 4 years ago | (#30825294)

Exept if it is an attack page made by Microsoft...

Re:Enough is enough! (1)

ZeRu (1486391) | more than 4 years ago | (#30824864)

Wiping one's hard drive just because they use IE6 is just too harsh...I prefer redirection to goatse.

Re:Enough is enough! (0, Flamebait)

happy_place (632005) | more than 4 years ago | (#30825048)

Why not just exploit their browser's security flaws and wipe their hard drive?

Why not exploit their browser's security flaw, to install Chrome or Firefox on their machine and disable IE? Remap the icon, they probably wouldn't even know anything had changed... well other than it worked faster and better...

Re:Enough is enough! (1)

Dumnezeu (1673634) | more than 4 years ago | (#30825232)

Why not slip a copy of Firefox as their default browser and remove the Internet Explorer shortcuts, by exploiting the bug? Of course, this depends on the laws of the country where you host your website.

Re:Enough is enough! (1, Troll)

A Friendly Troll (1017492) | more than 4 years ago | (#30824308)

I'm uploading the IE6 No More code to my website now. There's a point where users of outdated software need to be told there's four major cost-free options, including a much updated version of IE if they want to stick with IE.

Five.

It's missing Opera, which globally has more users than Chrome, for example, and wtfpwns both IE and Firefox combined market share in certain countries. In most European countries, Opera has more users than Safari and Chrome.

While the concept is neat, the choices aren't, and they are both offensive and ignorant.

Re:Enough is enough! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30824436)

I'm uploading the IE6 No More code to my website now. There's a point where users of outdated software need to be told there's four major cost-free options, including a much updated version of IE if they want to stick with IE.

Five.

It's missing Opera, which globally has more users than Chrome, for example, and wtfpwns both IE and Firefox combined market share in certain countries. In most European countries, Opera has more users than Safari and Chrome.

While the concept is neat, the choices aren't, and they are both offensive and ignorant.

Huh sorry dude but no one gives a shit about Opera. It's only relevant on the mobile market, and on the desktop, no one cares. That IE & FF combined market share claim is bullshit.

Re:Enough is enough! (1)

PopeRatzo (965947) | more than 4 years ago | (#30824956)

Opera, which globally has more users than Chrome

By "globally" do you mean "in your head"?

According to marketshare.hitslink.com, as of December 2009 Safari had 2.4% of the browser market share. Chrome had 4.63%

Over at gs.statcounter.com, as of January 10, 2010 Opera had 1.98% and Chrome had 5.88%.

Flawed stats (1)

SmallFurryCreature (593017) | more than 4 years ago | (#30825106)

Opera is on the Wii, DS and of course many a mobile phone whose own browser sucks, but often with a fake user_agent string.

Re:Enough is enough! (1)

A Friendly Troll (1017492) | more than 4 years ago | (#30825616)

By "globally" do you mean "in your head"?

No, I mean "globally".

See this for an example: http://my.opera.com/haavard/blog/2010/01/02/odd-browser-stats [opera.com]

Google *themselves* claim 40 million Chrome users. Opera Mini alone has more users than Chrome, not to mention the desktop version. And yet Chrome is represented by having ten times Opera Mini's market share according to those stats sites. Right...

There's also this http://my.opera.com/dstorey/blog/2009/03/16/a-look-at-desktop-market-share-cis-edition [opera.com] this http://my.opera.com/dstorey/blog/2009/03/16/desktop-market-share-former-yugoslavia-edition [opera.com] and this http://my.opera.com/dstorey/blog/desktop-market-share-baltic-edition [opera.com] and this http://my.opera.com/dstorey/blog/desktop-market-share-central-eastern-europe-edition [opera.com] ...

Whether you like it or not, Opera is *massive* in Europe and has a far greater market share than you'd like to believe.

For that reason, the stupid code on "IE6 No More" site is insulting.

No Opera, and external resources? Oi. (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30824336)

Funny - that site's little code examples don't include Opera as one of the modern browser options. What's the author got against the big o?

Also.. adjust the code so it pulls all its data from your local server; there's no need for that site to know who your visitors are, and there's no need for your page to load any more slowly due to external connections than is absolutely necessary.

Re:Enough is enough! (2, Interesting)

Archangel Michael (180766) | more than 4 years ago | (#30824340)

I'm running similar code on my site, and yet many of the "visitors" are still using IE6. I suspect most of those are bots, because of the traffic pattern looking for Registration and Forum pieces.

It is sad when you can spot a bot by the UserAgent.

Re:Enough is enough! (1)

ArhcAngel (247594) | more than 4 years ago | (#30824546)

Considering how many single purpose devices I work on that still use IBM/MS DOS 3.3 I suspect IE6 will be dominant until corporations are forced to migrate to Win7/8. Big companies are spending their money on things that make them MORE money. Upgrading to IE 7/8 is NOT free and since IE6 "works" in the eyes of the boss there is no "need" to upgrade. I'm not aware of an enterprise deployment feature for FireFox or Chrome. I believe Opera may have one but I don't think it is free. Since XP and IE6 for the majority of enterprises is good enough nothing short of Microsoft pulling the plug on XP and thus IE6 will get those entities to address the issue of their IE6 locked web site / application. That time is coming barring any further extensions from Microsoft but it is still years away (currently 4/8/2014). Where I work they have taken 2 years rewriting our intranet web applications to work with IE7 but as of yet have no plans to migrate anyone and simply roll IE7 to new builds...of XP Pro. But feel free to continue to deride IE6 users sternly to your hearts content as they stare back with that deer in the headlights gaze.

Re:Enough is enough! (0)

h4rr4r (612664) | more than 4 years ago | (#30824686)

Enterprise deployment of Firefox is dead easy, just use the portable one and make an msi of it. Lots of tools to customize it.

No there is no group policy doo-dad for it, but those are near useless tools for drooling morons anyway.

Re:Enough is enough! (1)

denis-The-menace (471988) | more than 4 years ago | (#30825110)

You must have a lot of pull or have a competent PHB.
Most places that start to consider FF stop when they find out there is no MSI *created by* the makers of FF.

You can get GPOs and pre-built MSI for FF but again, NOT by the makers of FF.

But this will soon be moot.
When Google *does* release an MSI for Chrome, FF will not be able to get into Corps because by then it will be too late.
Wake-up Mozilla!

Re:Enough is enough! (1)

stokessd (89903) | more than 4 years ago | (#30824766)

That's a very good point. And all corporations will tell you that the only surfing you should be doing should be work related, so if you follow that rule, your chances of getting owned even on IE6 are pretty low.

Now I'm posting to slashdot during work hours, and I'm not even an IT guy, so you can see how followed that policy is. At least I'm on firefox.

Sheldon

Re:Enough is enough! (1)

zonky (1153039) | more than 4 years ago | (#30824968)

Rubbish. There exploits are commonly deployed via ad networks or 0wned legitimate sites. There is no such thing as a "safe" page and/or site.

Re:Enough is enough! (2, Informative)

GF678 (1453005) | more than 4 years ago | (#30824728)

I'm uploading the IE6 No More code to my website now. There's a point where users of outdated software need to be told there's four major cost-free options, including a much updated version of IE if they want to stick with IE. I'm almost thinking we should move from a warning to a service-denying error if this goes much further.

I'm sure corporate users who have IE6 forced upon them will appreciate it if they try to view your site.

I'm sure your response would be "well they can bring it up with their IT department and use it as a way to persuade the upgrade". Doesn't work like that in the real world, particularly if old IE6-only compatible web apps are still in use.

Re:Enough is enough! (1)

Ogive17 (691899) | more than 4 years ago | (#30824730)

I've asked our local IT guy (contractor) if the company had any plans to upgrade from IE 6 and he said no. Our HQ is on the left coast and that's where the ISD dept. resides. There are probably a couple applications that won't work properly with any other browser and that's keeping us with 6. Around the country we probably have a couple thousand work stations.

I don't know anyone else who uses IE and hasn't upgraded to IE8.

Re:Enough is enough! (1)

Culture20 (968837) | more than 4 years ago | (#30824886)

I don't know anyone else who uses IE and hasn't upgraded to IE8.

I know several companies and some university departments. IE6 intranet applications are the dumbest thing in the world, but the "If it ain't broke don't fix it" mantra doesn't consider security when gauging levels of "broke", only whether the intended purpose still works, and that's a business decision, not Infosec/IT decision.

Re:Enough is enough! (1)

Drethon (1445051) | more than 4 years ago | (#30824784)

Could you also convince my place of buisness that making IE6 the manditory browser and not allowing installation of any other browser is a very lousy idea?

Re:Enough is enough! (1)

RajivSLK (398494) | more than 4 years ago | (#30825202)

No Save IE6! It keeps us employed!

http://www.saveie6.com/ [saveie6.com]

Re:Enough is enough! (1)

Beardo the Bearded (321478) | more than 4 years ago | (#30825278)

I'm using IE6 right now, you insensitve clod.

Why, you ask, is an Electrical Engineer -- one who reads /., has acted as a sys admin for two start-ups, uses Linux at home (and Puppy for the kids, that's right, my 6-year-old uses Linux) and has over 25 years of programming and networking experience)-- using IE6, a browser that MS itself has said, "oh god, please ditch it"?

Because I'm at work and some of the legacy applications here require it.

Have you got a solution? I'd love to hear it because I'd get a big fat bonus for a process improvement.

No comment? (1)

VojakSvejk (315965) | more than 4 years ago | (#30824060)

I think microsoft have commented [theregister.co.uk] on the firestorm... wonder why Ballmer wanted to make it out as no big deal?

Re:No comment? (1)

LostCluster (625375) | more than 4 years ago | (#30824108)

Yep... Microsoft will never shut down or not censor bing.cn [slashdot.org] ... er, wait a second!

Quoth the TFA (2, Informative)

McBeer (714119) | more than 4 years ago | (#30824078)

targeted attacks and the publication of exploit code for a 'browse and you're owned' vulnerability in its flagship Web browser

IE 6 hasn't been Microsoft's flagship browser for 4 years.

Re:Quoth the TFA (1)

LostCluster (625375) | more than 4 years ago | (#30824142)

Yep, and it's almost wrong to be asking Microsoft to patch something as old as IE6 or XP at this point. Maybe OS licenses should say "You may use this program for 5 years." instead of perpetually because you're a danger to other people's systems when you don't update to modern software.

Re:Quoth the TFA (0)

Anonymous Coward | more than 4 years ago | (#30824284)

Glad I still use IE 5.5 then, to avoid this issue with IE6.

Actually, its due to limitations. I have a VM running Win95 for old software that I have not found a current replacement for. I ran all of the updates, and it took me to IE 5.5. Trying Firefox 2.0, and it would not allow it to run.

Luckily, I dont need to browse much, so 5.5 is good enough.

Re:Quoth the TFA (2, Insightful)

igadget78 (1698420) | more than 4 years ago | (#30824480)

Yep, and it's almost wrong to be asking Microsoft to patch something as old as IE6 or XP at this point. Maybe OS licenses should say "You may use this program for 5 years." instead of perpetually because you're a danger to other people's systems when you don't update to modern software.

Maybe not, but when you work at a hospital in the IT department and your patient critical applications are still relying on IE6 because the vendor who wrote it sucks and can't figure out how to make it work with an updated browser, you appreciate that Microsoft, however insistant they are on dropping that old clunker of an app, is at least trying to resolve it.

Re:Quoth the TFA (1)

PopeRatzo (965947) | more than 4 years ago | (#30825068)

you work at a hospital in the IT department and your patient critical applications are still relying on IE6

Do you mind sharing the name of the hospital so I can tell the ambulance driver where not to go the next time I choke on a cheesy poof?

If they're using IE6 for "critical patient apps" there's probably a good chance that they'll try to cure my blocked windpipe by putting leeches on me or trepanning me or something.

Re:Quoth the TFA (0)

Anonymous Coward | more than 4 years ago | (#30825418)

Doctor's journal: Patient complains from a slight breathing issue. Will investigate.

Patient agrees to trepanning procedure, will perform in the morning.

Trepanning successful, patient no longer complaining.

What's the problem again?

Re:Quoth the TFA (2, Informative)

thetoadwarrior (1268702) | more than 4 years ago | (#30824922)

Because some companies have contracts with MS that have them on Win2k until (if I recall correctly) until the extended support is over which is this summer so MS can't really tell IE6 users to fuck off completely.

I'm sure they could get out of the contract at an unnecessary cost. MS made this mess and unfortunately we're stuck with it for awhile longer. Hopefully once the extended support is over then companies will start dumping their old stuff and upgrading.

In my opinion this shouldn't matter to most sites because they're not meant for business customers. It doesn't matter if Youtube, for instance, works on IE6 as far as I'm concerned. Anyone on IE6 for their home PC should be excluded until they get a real browser.

Re:Quoth the TFA (1)

Antiocheian (859870) | more than 4 years ago | (#30825140)

I am using XP and I "almost" feel guilty after reading your post.

Re:Quoth the TFA (2, Informative)

poetmatt (793785) | more than 4 years ago | (#30824406)

it does, however, share the same vuln with IE7 and IE8. So maybe it's more appropriate as "microsoft's web browser" (irrespective of version) is at fault.

Re:Quoth the TFA (2, Informative)

IshmaelDS (981095) | more than 4 years ago | (#30824652)

True IE 6 hasn't but if you read the microsoft bulletin it also says that IE 7 and 8 share the vulnerability. http://www.microsoft.com/technet/security/advisory/979352.mspx [microsoft.com] "Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable."

Re:Quoth the TFA (1)

c-reus (852386) | more than 4 years ago | (#30824814)

are IE6 and IE8 different browsers or different versions of the same browser?

Countering attacks? (3, Interesting)

jhol13 (1087781) | more than 4 years ago | (#30824100)

Microsoft is not "countering the targeted attacks".

Unless of course the German and France CERT teams recommendation to ditch IE is considered one.

I have the patch details: (4, Funny)

rehtonAesoohC (954490) | more than 4 years ago | (#30824104)

It uninstalls all versions of Internet Explorer and installs Firefox with Adblock pre-installed.

Bravo Microsoft!

Re:I have the patch details: (1)

NotBorg (829820) | more than 4 years ago | (#30824312)

Typical Microsoft patch. It side steps the real issue: not having Noscript pre-installed too.

Re:I have the patch details: (2, Funny)

Monkeedude1212 (1560403) | more than 4 years ago | (#30824392)

It also sets the DNS to itself and caches anything you might have had saved in your browser history.

That way, you still seemingly visit the same sites you always do, just they never get updated, and you are completely secure from everything on the net!

IE is only good at one thing... (2, Insightful)

jameskojiro (705701) | more than 4 years ago | (#30824132)

And that is running Windows Update and it isn't that good at doing that....

Re:IE is only good at one thing... (4, Interesting)

meheler (193628) | more than 4 years ago | (#30824250)

The sound of Windows update running is drilled into my mind forever.. Click.. click click click.. click. click.. click click click click click.
My mind constantly asking "what the.. i haven't clicked a damned thing"

Re:IE is only good at one thing... (2, Insightful)

Quantumstate (1295210) | more than 4 years ago | (#30824278)

All I know is that three certain windows updates have been drilled into my Vista boot process for ever. Did someone really intentionally program an update process so that if it failed it would just try again?

Nothing wrong with that (0)

Anonymous Coward | more than 4 years ago | (#30824394)

Nothing wrong with attempting retries, at least as long as you limit the number of attempts.

Re:IE is only good at one thing... (1)

indraneil (1011639) | more than 4 years ago | (#30824254)

Re:IE is only good at one thing... (2, Interesting)

jameskojiro (705701) | more than 4 years ago | (#30824606)

How many people on slashdot still run XP to avoid the bloat of Vista/7.

Quite a few I would imagine....

Re:IE is only good at one thing... (0)

Anonymous Coward | more than 4 years ago | (#30824794)

Or run Mac to avoid the bloat of Microsoft entirely.

Re:IE is only good at one thing... (1)

Nakor BlueRider (1504491) | more than 4 years ago | (#30824970)

I don't know, that is probably fading slowly with time. When I bought my laptop it had Vista on it, and rather than downgrade to XP to get the most out of my system, I just installed Ubuntu to speed things up instead. It's probably not all that uncommon of a solution (at least among those who would consider changing their OS in the first place).

Re:IE is only good at one thing... (1)

recoiledsnake (879048) | more than 4 years ago | (#30825046)

Windows 7 is actually almost as fast as XP. That's really good accounting for the numerous improvements made to the OS in the intervening 9 years. Almost every new software release requires better hardware, including Gnome and KDE.

Re:IE is only good at one thing... (0)

Anonymous Coward | more than 4 years ago | (#30825344)

So 9 years later, with 9 years of hardware advances, they can release software that is almost as fast as it was 9 years ago? Astounding!

Re:IE is only good at one thing... (1)

recoiledsnake (879048) | more than 4 years ago | (#30825464)

Err did you fail Reasoning 101? You forget all the new features, UI and security in Windows 7 compared to Windows XP which take up lots of resources. It's the same case with almost any other software, as hardware becomes more powerful, more features are added. If you want ultimate speed, go run Windows 95 or DOS 6.22 or Windows 3.1 on modern hardware, but dont' complain when USB ports don't work.

Re:IE is only good at one thing... (2, Insightful)

uassholes (1179143) | more than 4 years ago | (#30825432)

How is requiring faster hardware an improvement?

Re:IE is only good at one thing... (1)

recoiledsnake (879048) | more than 4 years ago | (#30825526)

Read my post again. Improvements like better UI, better security, more features etc. etc. need faster hardware.

Re:IE is only good at one thing... (1)

jim_v2000 (818799) | more than 4 years ago | (#30825100)

7 isn't particularly bloated.

Re:IE is only good at one thing... (0)

Anonymous Coward | more than 4 years ago | (#30825430)

When you really think about it, isn't that kind of silly? If you want to avoid Windows bloat you'd either run Windows 2000, Windows 3.0, or more likely another OS entirely.

Re:IE is only good at one thing... (2, Informative)

QuantumRiff (120817) | more than 4 years ago | (#30824334)

Shh, don't tell anyone...

>wuauclt /detectnow

Forces the update.exe agent to check.

Re:IE is only good at one thing... (1)

Enderandrew (866215) | more than 4 years ago | (#30824356)

I really enjoy that in Vista and 7, Windows Update is a standalone app. I don't have to fire up IE to grab updates.

Re:IE is only good at one thing... (1)

Nightspirit (846159) | more than 4 years ago | (#30824444)

You clearly haven't used IE in years, or you are just trolling. IE8 handles tabs much better than Chrome or Firefox, and unlike firefox IE is sandboxed (this exploit doesn't affect ie8 in win7), to get similar functionality in firefox you have to install noscript and individually handle every single new website you go to. The problem with IE isn't its compliance to standards or acid tests (no one cares except web developers) it is that its snail slow. The UI is atrocious but firefox really isn't any better. So I'm not accused of astroturfing my main browser is firefox (it used to be chrome, but I got tired of the horrible bookmark system).

Re:IE is only good at one thing... (2, Insightful)

hairyfeet (841228) | more than 4 years ago | (#30825242)

And you, dear nightspirit, didn't read TFA [computerworld.com] did you? Here, let me highlight a relevant passage for you..."While the public exploit only targets Internet Explorer 6 without DEP, Vupen Security has confirmed code execution with Internet Explorer 8 and DEP enabled," the company said in an e-mail. "Enabling DEP will only protect users from current exploits."

TL:DR? IE8 is totally pwned as well. They just haven't released the script into the wild yet. When they do any script kiddie can pwn ANY MSFT browser, from 6 on up, DEP or not. So I really wouldn't be recommending IE to...well anyone at this point.

Re:IE is only good at one thing... (1)

dedazo (737510) | more than 4 years ago | (#30824894)

And that is running Windows Update

Welcome to 2004, where we run WU as a standalone service that does not require IE at all.

What other unnecessary things do you do with IE? We stopped bathing the cat with it as well. In 2002, if I recall.

(actually the only thing I use it for these days is OWA, but OWA is so nice that I don't mind at all)

Re:IE is only good at one thing... (1)

Yvanhoe (564877) | more than 4 years ago | (#30825306)

To be fair it is also a good firefox downloader.

Contribute to the death of IE 6 on your site... (2, Informative)

MikeRT (947531) | more than 4 years ago | (#30824150)

Make it painfully clear [devirtuoso.com] to IE6 users what they're doing.

My version [codemonkeyramblings.com] , which is more educational for them.

How to create exploit for IE7-8 (1)

tokul (682258) | more than 4 years ago | (#30824168)

Microsoft only has to say that IE6 is vulnerable and IE7-8 can't be exploited using same attack. The net will do the rest.

Microsofts sabotaged america with poor software (0, Troll)

whitedsepdivine (1491991) | more than 4 years ago | (#30824208)

Microsoft is in cahoots with the Chinese digital terrorists. Arrest everyone from microsoft without a conviction from a court indefinately!

Goody (0)

Anonymous Coward | more than 4 years ago | (#30824230)

Oh good I was wondering when this would come out.....oh wait I don't use IE nor does anyone with half a brain.

Marketing (0)

Anonymous Coward | more than 4 years ago | (#30824260)

This is MS Marketing to make the Germans accept IE again.

NO, WE WON'T GO BACK TO THAT SH*T !!

'flagship webbrowser' (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30824276)

I love the way MicroSoft gets slammed for their 'flagship webbrowser', you know _IE6_. When google doesn't even put their email under SSL by default.

Re:'flagship webbrowser' (0)

Anonymous Coward | more than 4 years ago | (#30824476)

Sorry, I stopped reading after 'MicroSoft'...

Re:'flagship webbrowser' (1)

MightyMartian (840721) | more than 4 years ago | (#30824554)

Ten points, m'lad, for Non Sequitur of the Day!!!

Re:'flagship webbrowser' (2, Informative)

spuke4000 (587845) | more than 4 years ago | (#30824570)

Re:'flagship webbrowser' (1)

KlomDark (6370) | more than 4 years ago | (#30825058)

I think you might gotten trolled. But I'm not entirely sure. But yes, GMail is now SSL by default.

Eye Patch ? (0)

Anonymous Coward | more than 4 years ago | (#30824282)

Now we can all be pirates !

The IE Patch (4, Funny)

Bigbutt (65939) | more than 4 years ago | (#30824292)

Do you find yourself mysteriously waking up in a back alley more than once a week?

Do you find empty HTML pages littering your desktop and you have no idea where they came from?

Do you discover new directories on your computer?

Get the IE Patch!

It comes in 4 strengths so you can be gradually weaned from the habit.

Week 1. IE 6 Patch. Internet cravings are pretty intense the first week so the IE 6 Patch is there to help you learn how to just say "NO".

Week 2. IE 7 Patch. It's easier to avoid launching IE. You still need to check Amazon or e-Bay from time to time but the edge has been honed down a bit.

Week 3. IE 8 Patch. You find it a lot easier to avoid clicking on the 'e' although you still lapse when you aren't thinking.

Week 4. Firefox. You've mastered the addiction. You're free to browse the Internet worry free. Even looking at the 'e' makes you nauseous.

Congratulations on taking the first step to breaking the IE addiction.

[John]

So glad (1)

goldaryn (834427) | more than 4 years ago | (#30824490)

I'm so glad I upgraded from XP to Windows 7; with multi-core optimisations and improved app performance, I'm compromised faster than ever before!

Re:So glad (1)

GaryOlson (737642) | more than 4 years ago | (#30824858)

You forgot the most important part of The Compromise Toolkit: Adobe Reader

Re:Maybe not so glad about WMP (1)

Old Flatulent 1 (1692076) | more than 4 years ago | (#30825510)

I just updated to 9.3 after having shut off the reader auto update! However after reading the specifics of how reader before version 9.3 was compromised it is rather telling that the attack vector was a call to a WMP that left open space. It left buffers open but not in the Reader section of the malloc. This would indicate that there might just be another un-patched hole in external program calls to Windows Media Player or perhaps in WMP itself. It would not surprise me if the Reader exploit was actually another WMP exploit involving bad memory allocation practices from Microsoft!

Worst Job Ever (1)

cpscotti (1032676) | more than 4 years ago | (#30824528)

This comes in handy to define the worst job a human can get!
Fixing major flaws in a 10 y.o. completely flawed browser...
You could call it: "Senior Ancient Flaws Engineer" or whatever!..
.. not that maintaining IE8 would be much better but I can bet they pay u more!

To little to late (1)

koan (80826) | more than 4 years ago | (#30824634)

And what's going to happen to all those "IE only" web sites the government, public schools and other agencies like to use?

Re:To little to late (1)

Professor_UNIX (867045) | more than 4 years ago | (#30824828)

Also, what about all of us that can't use anything other than IE6 because that's the latest version that Windows98 supports?

Re:To little to late (1)

koan (80826) | more than 4 years ago | (#30824978)

WHy are you using Windows 95? Get a linux variant. (did I miss the joke?)

Re:To little to late (1)

Culture20 (968837) | more than 4 years ago | (#30825010)

And what's going to happen to all those "IE only" web sites the government, public schools and other agencies like to use?

They'll still exist, but the error page might get changed to:
"This page is IE only. Type '?browser=firefox' at the end of the URL to be automatically moved to the non-IE page. Safari users type '?browser=firefox' too. There are no other browsers *Jedi hand wave*."

Re:To little to late (1)

burkmat (1016684) | more than 4 years ago | (#30825456)

They'll be rewritten to actually work?

Tbh, I think it's already reached the point where any entity creating a new fancy website these days has to comply with standards, simply due to the percentage of users who aren't using IE anymore. All that remains is for the archaic IE-only websites to go extinct.

Regarding that so called sobering post. (0)

Anonymous Coward | more than 4 years ago | (#30824722)

.. what a one-sided crock.

If you were under attack from a foreign entity wouldn't you fight back with everything you had? Chicken, meet egg [washingtontimes.com] .

Mr. Coleman said China's military is equal to U.S. and Russian military cyberwarfare.

"This is a three-horse race, and it is a dead heat," Mr. Coleman said.

The US has been attacking China for years and vice versa. Let's be honest here. If either let their guard down there'd be more of a victim than a search engine and advertising company.

Re:Regarding that so called sobering post. (1)

rickb928 (945187) | more than 4 years ago | (#30825580)

And what entity in the U.S. is protecting us from Chinese cyber attacks?

Just curious. Who would be putting us at risk by 'letting their guard down'?

Stop the madness (1)

xednieht (1117791) | more than 4 years ago | (#30824780)

Instead of releasing more trash - recall IE. Problem solved.

"Emergency" reaction (2, Informative)

burkmat (1016684) | more than 4 years ago | (#30825398)

Wow, so that's... 4 days after full disclosure that they announce their response.

"Could be here as soon as this weekend", which is still more than a week from the exploit being published. That's swell.
Anyone else grateful MSFT doesn't run the fire department?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...