Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nasty Data-Stealing Bug Haunts Internet Explorer 8

Soulskill posted about 4 years ago | from the waiting-for-the-right-tuesday dept.

Internet Explorer 151

Trailrunner7 writes "There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way IE8 handles CSS. The vulnerability can be exploited through an attack scenario known as cross-domain theft, and researcher Chris Evans originally brought the problem to light in a blog post in December. At the time, all of the major browsers were vulnerable to the attack, but since then, Firefox, Chrome, Safari and Opera all have implemented a simple defense mechanism. The upshot of this is that if a victim has visited a given Web site, authenticated himself to the site, and then visits a site controlled by an attacker, the attacker would have the ability to hijack the user's session and extract supposedly confidential data. This attack works on the latest, fully patched release of IE8."

cancel ×

151 comments

Sorry! There are no comments related to the filter you selected.

Ie9 ? (1, Interesting)

Anonymous Coward | about 4 years ago | (#33477600)

how about ie9?

Re:Ie9 ? (1)

davester666 (731373) | about 4 years ago | (#33478798)

You're asking if it's been fixed in an pre-release, unsupported version of IE?

Re:Ie9 ? (2, Funny)

Anonymous Coward | about 4 years ago | (#33480740)

Isn't that all of them?

Re:Ie9 ? (2, Interesting)

symbolset (646467) | about 4 years ago | (#33479398)

IE9 may as well be Mac software for most people. It will only work in Windows 7 and Vista.

Let me the first to say..... (-1, Troll)

Anonymous Coward | about 4 years ago | (#33477602)

....BWAHAHAHAAAAAAAA!!!

Internet Explorer: mainlining malicious code into YOUR OS for 30 years, and counting.

Re:Let me the first to say..... (3, Informative)

straponego (521991) | about 4 years ago | (#33477674)

Eh, more like 15, but who's counting?

Re:Let me the first to say..... (5, Funny)

AnonymousClown (1788472) | about 4 years ago | (#33477744)

Well, now, using Einstein's time dilation equations and multiplying by the number of years that IE has existed, the internet, the speed of the signals around the net, that 15 years from our perspective is actually 30 by IE's perspective.

Steve Hawking goes into a little more depth in his new book and Greene actually says String theory supports it too.

We're on our way to a Unified Theory all thanks to IE and Microsoft.

Re:Let me the first to say..... (1)

PapayaSF (721268) | about 4 years ago | (#33478518)

The disparity in years is just IE misinterpreting the dimension of time, like the box model bug [wikipedia.org] .

Re:Let me the first to say..... (1)

camperslo (704715) | about 4 years ago | (#33479292)

>15 years from our perspective is actually 30 by IE's perspective.

The there are those that feel it should be measured in dog years

Re:Let me the first to say..... (2, Insightful)

hedwards (940851) | about 4 years ago | (#33477798)

To be fair, it's an honest enough mistake. It just seems like it's been 30 years, what with all the waiting and the retro styling for all those years.

Re:Let me the first to say..... (0, Flamebait)

FatdogHaiku (978357) | about 4 years ago | (#33478986)

Hey! It's 30... if you did the math on a Windows PC...

Re:Let me the first to say..... (0)

Anonymous Coward | about 4 years ago | (#33480790)

Eh, more like 15, but who's counting?

Internet Explorer is not one browser, but a legion of browsers.

Versions of IE still in use (not counting minor, but still mutually incompatible and in use, versions, or old Mac IE):
IE 4: 13 years
IE 5: 11 years
IE 6: 9 years
IE 7: 4 years
IE 8: 1 year
============
IE: 29 years

30 years sounds like a good estimate.

No way! (2)

bragr (1612015) | about 4 years ago | (#33477642)

IE as well know, unpatched security vulnerabilities? Thats so surprising!

Re:No way! (2, Interesting)

itlurksbeneath (952654) | about 4 years ago | (#33479092)

Yeah, but what is surprising is that it has been a known issue for 8 months and still is an issue. Other major browser vendors patched and moved on.

Re:No way! (2, Interesting)

hitmark (640295) | about 4 years ago | (#33480170)

would not surprise me if some major corporations intraweb (or whatever the term is) package makes use of this as a feature in their design. As such, Microsoft needs to find a way to block the issue without destroying the workings of said package.

Old news (1)

symbolset (646467) | about 4 years ago | (#33479548)

Here's a nice pdf archived by wikimedia that shows where the problem is: AOL/NCSA Online Safety Study [j.mp] (2004).

I can't believe I'd never seen this before today.

What? (4, Funny)

lennier1 (264730) | about 4 years ago | (#33477646)

People still use MSIE?

Re:What? (1)

dandart (1274360) | about 4 years ago | (#33477694)

I'm as surprised as you. I think only people who have no idea about security use it. And not even more of them.

Re:What? (1, Interesting)

Anonymous Coward | about 4 years ago | (#33477724)

I'm as surprised as you. I think only people who have no idea about security use it. And not even more of them.

Agreed: only people who don't know any better use MSIE. That and MS fanboys. Yes, they all have their vulnerabilities, but experience (12 years worth) tells me that getting off of IE is the first step to getting rid of malware.

Re:What? (1)

smash (1351) | about 4 years ago | (#33480108)

No, not necessarily. If you have sharepoint (or a million other different legacy apps) in the workplace, IE is a necessity.

If you want to easily roll out configuration settings in an MS environment, you use IE.

And given the above, to maintain a sane, controlled, easy to maintain and troubleshoot environment - you roll ONE standard browser and keep that maintained. Anything else = unsupported.

If you happen to be on Windows, IE is already there anyway. Adding another browser simply means 2 sets of security settings and updates to maintain.

So, IE gets rolled out.

If you secure it properly with a content filtering firewall, security zones, and locked down secure configuration settings for the zones, IE security is bearable.

And given it is the ONLY browser that works with a lot of intranet type web-applications from the late 90s and early 00s, that is "good enough".

By which i mean that the work involved in securing the fleet of PCs and rebuilding the odd one that does end up getting broken is FAR less than the work involved in supporting a bunch of other browsers, their updates, configuration settings, etc.

I hate IE as much as the next guy, and only run it for internal intranet type sites - but as an SOE component, its what I and pretty much 95% of the rest of the corporate world has to deal with.

Re:What? (-1, Flamebait)

Anonymous Coward | about 4 years ago | (#33477772)

I'm as surprised as you. I think only people who have no idea about security use it. And not even more of them.

Fuck 'em. Their stupidity isn't remotely painful enough for them. Really, they resist every last effort to educate them so they 100% deserve everything they get. The only unfortunate side-effect is that their compromised machines are used in botnets that attack and spam the clueful.

Re:What? (2)

hedwards (940851) | about 4 years ago | (#33477810)

I'd agree with you were it not for the fact that their computers often times end up in botnets attacking services I want to use, or just generally gobbling up bandwidth which is then not available for myself and others of legitimate purpose. Now, if they'd install an arm which would fold out and slap them whenever they did something stupid like that, perhaps then we could get some change. Either that or we could suggest that they make better use of their cup holder.

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33479426)

I'd agree with you were it not for the fact that their computers often times end up in botnets attacking services I want to use, or just generally gobbling up bandwidth which is then not available for myself and others of legitimate purpose. Now, if they'd install an arm which would fold out and slap them whenever they did something stupid like that, perhaps then we could get some change. Either that or we could suggest that they make better use of their cup holder.

so uh, did you not read the last sentence of my four-sentence post? good job.

Re:What? (1)

Hylandr (813770) | about 4 years ago | (#33479654)

Civilization is the Bane of Society, as stupidity is no longer fatal.

- Dan.

Re:What? (1)

oldspewey (1303305) | about 4 years ago | (#33477902)

I use FF as my everyday browser, but I can tell you there are plenty of corporate portals, etc. I have to deal with that only render properly in IE. I'm not defending the practice, and I think anyone who deliberately codes a page that breaks standards should be shot, but that doesn't change the fact I have to use IE (and hence windows) at various times throughout the week.

Re:What? (1)

zuperduperman (1206922) | about 4 years ago | (#33478826)

There have been a bunch of vulnerabilities that were rendered completely ineffective by IE's protected mode which, I think, is still unmatched by other browsers. I think IE has evened the game up a lot now, and there's a reasonable argument that since IE is pretty much forced to be on the computer anyway you are best limiting the surface area of attack by not installing any more browsers or other software that you don't need.

Now, as it happens, IE is so much more unpleasant to use (mainly speed, but other features too) that I'm more than happy to go with the risk of a slightly increased security threat to get a much nicer browser (in my case, Chrome). But that is more based on features and speed than security these days.

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33479298)

Chrome uses the same low-integrity mode technique for its tab processes that IE does. Has there even been a non-plugin-based exploit made for either browser which managed to escape the newly-introduced sandbox protections? It would probably have to take advantage of a flaw in either browser's implementation; defeating the Windows process integrity security is likely to be far more challenging.

Re:What? (1)

smash (1351) | about 4 years ago | (#33480128)

+1 to this. All our new office machines are Windows 7 64 bit with IE8 in protected mode, and sites locked down into security zones. IE 8 is a mandatory install on all the old XP boxes.

And yes, javascript performance (and web performance in IE8 in general) is pretty abysmal, but IE is already there, and installing anything else in addition to that is simply increasing your exposure, configuration and patch maintenance, etc.

Re:What? (-1, Flamebait)

Anonymous Coward | about 4 years ago | (#33477696)

Yes. You know this. Don't you have a fucking original thing to contribute to the conversation? I figured as much.

Re:What? (1, Troll)

0123456 (636235) | about 4 years ago | (#33477716)

People still use MSIE?

I used it last week on a friend's computer, and was amazed to discover that this product of a multi-billion dollar software company doesn't even support multicolumn rendering or HTML5 video tags. It felt like I'd fallen through a time warp into the 1990s.

Re:What? (1)

lennier1 (264730) | about 4 years ago | (#33477738)

Don't be surprised. It took them long enough to finally interpret the alpha information stored in PNG images.

Re:What? (2, Informative)

Jorl17 (1716772) | about 4 years ago | (#33477828)

And yet, I'm pissed off at the fact that they keep saying all over the Web that IE9 kicks other browsers' ass. My family all wants to try the new MS product because of those FUCKING PROMOTIONS.

Re:What? (2, Insightful)

Anonymous Coward | about 4 years ago | (#33477966)

Welcome to the world of marketing. Contrary to popular opinion, advertisement works.

Re:What? (2, Insightful)

Firehed (942385) | about 4 years ago | (#33477990)

As a web app developer, I welcome IE9 with open arms. I'm certainly not going to be switching to it for personal use, but it promises to at least catch IE up with the browsers of three years ago.

Perfect? Not even close. Acceptable? Sure. Any time I spend fighting with it will be over minor CSS3 graphical enhancements, not basic rendering. And yes, I'd prefer if MS just bit the bullet and switched to an open rendering platform like Webkit, but if IE9 ends up living up to the claims, it's as good as I can hope for.

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33478136)

What was the last MS product that lived up to the claims? Has there ever been one? I'm being absolutely serious here. It isn't [entirely] the fault of the coders at MS, either. Marketing has far, far too much power at that company.

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33478262)

windows 7 is pretty damn nice. best yet.

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33478510)

My dog's last poop was pretty nice, best yet.

Re:What? (1)

smash (1351) | about 4 years ago | (#33480152)

DOS 5 (built in EMS/XMS support, upper memory use). Windows 2000 (those who weren't administering MS networks before active directory have no idea on the improvement), Windows 7.

Were those products best in class? No, but they were huge improvements that worked with your existing MS stuff, and made your life a hell of a lot easier if you were in a microsoft shop (as most corporates are).

Re:What? (1)

smash (1351) | about 4 years ago | (#33480142)

Ditto. However I think microsoft are trapped by their own success. There is that much legacy content out there on corporate intranets, etc that they can't change rendering engines. They need to keep all the old cruft in there so that they can fall back to IE6 mode to render content generated by their own software (eg, sharepoint, etc) properly.

I'm certainly looking forward to IE9 as it means I'll have a half-decent standards compliant (or certainly better than current) browser that I can lock down with group policy, and works with the corporate intranet.

Re:What? (0, Troll)

Blakey Rat (99501) | about 4 years ago | (#33478074)

So it doesn't support standards that aren't finished? Wow, how criminal.

Look, if you're going to blame someone for holding up the web, blame the W3C... it's their job. The only reason HTML5 is going ahead at all is because an outside group did most of the work.

It's unfair to gripe at Microsoft for not supporting unfinished standards, considering:
1) How much they got burned by implementing CSS1 early, then having the box model "clarified" out from under them when their implementation was already in released software.
1) Despite that, they *do* have support for both of those in the next version of the browser due... next month? Or really really soon now.

Re:What? (2, Insightful)

0123456 (636235) | about 4 years ago | (#33478566)

So it doesn't support standards that aren't finished? Wow, how criminal.

Browsers have always supported standards that aren't finished, at least since I started using them in the early 90s; heck, many of the standards themselves co-opted features that browsers had implemented themselves.

And every other major browser I'm aware of already supports those things, which puts IE well into the second rank in terms of features as well as security.

Re:What? (3, Insightful)

Blakey Rat (99501) | about 4 years ago | (#33478622)

Browsers have always supported standards that aren't finished, at least since I started using them in the early 90s; heck, many of the standards themselves co-opted features that browsers had implemented themselves.

Oh, I agree with you completely. But you can't *blame* them for it.

The complaint sums to: "they didn't go as much above and beyond as other browsers have."

Re:What? (1, Insightful)

Anonymous Coward | about 4 years ago | (#33480516)

So your defense is, "yeah, they are clearly the worst of the bunch but you can't blame them for it". I guess it would be easy to agree with you if the result hadn't been so destructive to the progress of the whole internet.

I don't understand what you want W3C to do by the way... they've tried the "let's standardize first and wait for implementations later" before and it's failed miserably.

Re:What? (1)

Decker-Mage (782424) | about 4 years ago | (#33480590)

You shouldn't have been modded troll and I've been modding for years. Anyone who complains that any program doesn't fully support a draft standard is Loony-Toons. In a perfect world, the draft and the approved standards would be the same but as I've noticed over the last three decades, this world is a far piece from perfect. The only excuse for that mod is sheer anti-MS bias. Stupid.

As a (multi-disciplinary) systems engineer, I deal in reality and I'm nobodys fanboi but I know when the ideal meets the real that a train-wreck is about to happen. Maybe HTML 5 won't be a train-wreck but I definitely won't hold my breath until a perfectly compliant browser, especially without a massive dev team, is released. Been there, done that, burned the t-shirt and myself with it too many times.

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33478244)

So HTML5 is complete? Must have missed that.

Re:What? (1)

blai (1380673) | about 4 years ago | (#33479210)

not only that, but 94% of CUSTOMERS of my company use IE. And we're a -big- company.

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33479984)

How do you know they are? Are you relying on what the browser says it is? That can easily be spoofed, especially by default on a lot of machines as the web site requires IE and users can't be bothered to keep switching between what they are really using or pretending to be using IE.

Re:What? (2, Interesting)

$RANDOMLUSER (804576) | about 4 years ago | (#33477726)

People still use MSIE?

Yes, and there are women who stay with abusive husbands because "he said he's sorry, and he loves me, and it'll never happen again".

Re:What? (5, Funny)

Beelzebud (1361137) | about 4 years ago | (#33477886)

At least they get told "sorry, I love you, it won't happen again".

People using IE don't even get that much!

Re:What? (3, Funny)

$RANDOMLUSER (804576) | about 4 years ago | (#33477898)

Sure they do: "It's the most secure Windows, ever!".

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33478066)

Windows has a very smart security model, where they double security with every release.
2*0=0.

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33479080)

..and then there're husbands that stay with their abusive wives because leaving them would be financial suicide. I think this is the more apt analogy...at least as far as buisness goes.

Re:What? (1)

Decker-Mage (782424) | about 4 years ago | (#33480600)

A far more apt analogy! Those that don't work in large organizations, and I have worked in two of the largest on the planet, know about the legacy effect. SOA exists for a reason and that reason has everything to do with that legacy hangover.

About 80% to 85% of all users worldwide... (2, Interesting)

Anonymous Coward | about 4 years ago | (#33477864)

IE's world-wide market share is currently around 80% to 85% of all web users.

Alternate browsers have very poor support for properly rendering the text of most Asian languages, while IE has exceptionally good support, so the use of alternate browsers in places like Japan, China, Thailand, Taiwan and the Koreas is virtually unheard of. These markets, which are already far larger than the American or European markets, are still growing.

Don't let the W3Schools stats confuse you. Those are for a small subset of the comparatively small American market, and thus aren't indicative of the global trends.

Re:About 80% to 85% of all users worldwide... (3, Insightful)

93 Escort Wagon (326346) | about 4 years ago | (#33477922)

Don't let the W3Schools stats confuse you. Those are for a small subset of the comparatively small American market, and thus aren't indicative of the global trends.

Just keep fiddling while Rome burns, Nero.

Re:About 80% to 85% of all users worldwide... (5, Informative)

Lanteran (1883836) | about 4 years ago | (#33478130)

actually its only 52% and dropping rapidly. If nothing else, at least MS is having to make a modern standards complaint browser. I for one, don't think it'll be enough to gain back much lost market share, but at least it'll make it easier on us web developers. Source: http://en.wikipedia.org/wiki/Internet_Explorer#Market_adoption_and_usage_share [wikipedia.org]

Re:About 80% to 85% of all users worldwide... (1)

Lanteran (1883836) | about 4 years ago | (#33478172)

*52-60%

Re:About 80% to 85% of all users worldwide... (1)

Xojo (612402) | about 4 years ago | (#33478720)

a modern standards complaint browser.

You got THAT right! ;-)>

Re:About 80% to 85% of all users worldwide... (1)

haruchai (17472) | about 4 years ago | (#33479178)

Beat me to it.

Re:About 80% to 85% of all users worldwide... (1)

RobertM1968 (951074) | about 4 years ago | (#33478890)

actually its only 52% and dropping rapidly. If nothing else, at least MS is having to make a modern standards complaint browser. I for one, don't think it'll be enough to gain back much lost market share, but at least it'll make it easier on us web developers. Source: http://en.wikipedia.org/wiki/Internet_Explorer#Market_adoption_and_usage_share [wikipedia.org]

I'd mod you "+1 Damn, I've been dreaming of that day for ages!!" but apparently slashdot doesnt have such a mod.

Below 50% for the last 3 weekends (0)

Anonymous Coward | about 4 years ago | (#33478316)

and it's barely above 50% on weekdays. [statcounter.com] That'll end soon too.

Re:What? (1)

haruchai (17472) | about 4 years ago | (#33479156)

Which twat modded this Flamebait? Mod it Funny, twat or don't mod it at all.

Re:What? (0)

Anonymous Coward | about 4 years ago | (#33480010)

Probably a MS fanboy.

Bummer (2, Funny)

symbolic (11752) | about 4 years ago | (#33477698)

I just upgraded to IE 8 yesterday to verify a support issue.

Re:Bummer (1)

davester666 (731373) | about 4 years ago | (#33478824)

So, now that you've upgraded, do you have issues with support?

News? (-1, Flamebait)

krzysz00 (1842280) | about 4 years ago | (#33477700)

IE only browser to leave this unpatched. What a surprise! Everyony but microshaft fixes security bugs promptly while M$ pursues shiny. This is news?

Re:News? (-1, Troll)

Anonymous Coward | about 4 years ago | (#33477804)

This hole [goatse.fr] is also still unpatched, all Microsoft's fault.

Times change (2, Insightful)

oldhack (1037484) | about 4 years ago | (#33477750)

Can't remember the last time I fired up IE (I do have IE8 installed).

Kudos to FF team. Thank god I don't work on webapps anymore.

Re:Times change (0, Redundant)

Linkota (1888746) | about 4 years ago | (#33477830)

Can't remember the last time I fired up IE (I do have IE8 installed).

Oh? What about windows update?

Re:Times change (3, Informative)

Blakey Rat (99501) | about 4 years ago | (#33478092)

What year are you from? IE hasn't been used for Windows Update since... well, hell, it was optional even in Windows XP. Going to the site in Vista (almost 4 years old now) or higher just redirects you to the control panel.

It's not 1998 anymore.

Re:Times change (1)

trapnest (1608791) | about 4 years ago | (#33478778)

Getting some updates, or getting the auto-update process started required using internet explorer.

Re:Times change (2, Funny)

Blakey Rat (99501) | about 4 years ago | (#33478964)

I guess I had the magic version of XP, where all you had to do was check "automatically download and install updates" in the Windows Update control panel.

Re:Times change (1)

WrongSizeGlass (838941) | about 4 years ago | (#33478138)

Oh? What about windows update?

I think the updates will find their way to your computer automatically if you select either of two certain radio buttons in a control panel somewhere ... you don't need IE to get them. Also, in case you're a rebel and/or a maverick, you can read the MS security bulletin in a non-MS browser, follow the links and download the updates manually to be installed at your convenience.

Re:Times change (1)

smash (1351) | about 4 years ago | (#33480172)

Or, if you have more than about 5 PCs on the network, you should install WSUS and control it from there.

Re:Times change (0)

Anonymous Coward | about 4 years ago | (#33479598)

Kudos to FF team.

Mozilla Firefox Insecure Library Loading Vulnerability: http://secunia.com/advisories/41095 [secunia.com] . Potato / Patahto.

IE and Microsoft (5, Interesting)

js3 (319268) | about 4 years ago | (#33477784)

It's a strange thing. It seems the only reason IE exists it to repeated punch microsofts reputation in the face. I'm surprised one executive hasn't gotten so fed up and fired the "IE team" or replaced them with monkeys. I watch Channel 9 and there are some seriously smart people working at this company and yet this one program has done more to harm the company's reputation like no other.

Re:IE and Microsoft (0)

Anonymous Coward | about 4 years ago | (#33477904)

I rather imagine the executives had to suck some dick to get a team of competent programmers willing to work on IE9.
And by 'suck some dick' I mean promise to stay out of their way and let them implement actual standards.
Seems to have worked, though. The IE9 team almost doesn't appear incompetent at all, by Microsoft standards.

Re:IE and Microsoft (4, Funny)

Zixaphir (845917) | about 4 years ago | (#33478002)

It's a strange thing. It seems the only reason Ballmer exists it to repeated punch Microsoft's reputation in the face. I'm surprised shareholders haven't gotten so fed up and fired the "Monkey Dance" Ballmer or replaced him with a better monkey. I watch Channel 9 and there are some seriously smart people working at this company and yet this one person has done more to harm the company's reputation like no other.

Re:IE and Microsoft (4, Funny)

WrongSizeGlass (838941) | about 4 years ago | (#33478146)

I'm surprised one executive hasn't gotten so fed up and fired the "IE team" or replaced them with monkeys.

Do you have any proof that they haven't been replaced by monkeys?

Re:IE and Microsoft (0)

Anonymous Coward | about 4 years ago | (#33478182)

Do you have any proof that they haven't been replaced by monkeys?

Sure, I am the proof, I work there.

Did you see my banana, it was up here on my tree near the keyboard.

Re:IE and Microsoft (1)

JonJ (907502) | about 4 years ago | (#33478394)

Mr. Ballmer, you are definitely not proof that there aren't monkeys at Microsoft.

Re:IE and Microsoft (1)

WrongSizeGlass (838941) | about 4 years ago | (#33478640)

Kwyjibo [wikipedia.org] is that you?

Re:IE and Microsoft (3, Funny)

Nidi62 (1525137) | about 4 years ago | (#33478254)

Has Microsoft put out any Shakespeare yet? Then there's your proof.

Re:IE and Microsoft (5, Funny)

grcumb (781340) | about 4 years ago | (#33478766)

Has Microsoft put out any Shakespeare yet? Then there's your proof.

I dunno, I consider MSIE to be the of the great tragedies of my lifetime....

Re:IE and Microsoft (2, Funny)

Jedi Alec (258881) | about 4 years ago | (#33480710)

That's only proof that it's not an infinite amount of monkeys...or that they haven't been given typewriters and are struggling with all of Word's delightful little habits.

Re:IE and Microsoft (2, Insightful)

drolli (522659) | about 4 years ago | (#33479812)

Well - you know the big fight they posed about "IE being a core part of Windows". And i guess a selling point for large administrations was "working together very well with the OS" and "supporting you old web applications with active X as long as you want". Yeah sure.

Go to your customers with 10000 licences of Windows (and 10000 licenses of MS Office) and tell them in the face: "Sorry guys, we know we said IE would be working forever and especially well with windows, but you know, we cant afford that team any more, they just suck too much - take care about yourself.".

Good luck with that.

At MS it has always been a policy that if something does not crash immediately and enables the customer to do some work you can put it on a floppy disk/press the cd. To the standard PEBKAC the cuprit is not obvious anyway - if the computer crashes, is hacked, rund slower than before, need more memory than before to do the same work - for sure its not MS fault. However if something visible to the PEBKACs goes missing, then they would blame Microsoft.

you F2ail It.. (-1, Offtopic)

Anonymous Coward | about 4 years ago | (#33477952)

If it is broke (1, Funny)

Anonymous Coward | about 4 years ago | (#33478004)

why fix it?

So? (3, Insightful)

Lanteran (1883836) | about 4 years ago | (#33478094)

if you're using internet explorer, you deserve every bug you get. If you're in one of those companies that mandates IE or something, company data theft is their fault and their loss. If you're reading slashdot, chances are you know that entering your personal data on one of those computers is probably a bad idea because besides internet explorer, they also more than likely have company monitoring software installed.

Re:So? (1)

smash (1351) | about 4 years ago | (#33480184)

This is why you put a content filtering firewall in front of it. As is a good idea to protect the average "blue E = teh intarwebs!!" luser, irrespective of browser selection.

all of the major browsers were vulnerable (0)

networkzombie (921324) | about 4 years ago | (#33478164)

No matter what browser you use you should expect a bug like this. Thinking your browser is secure because it has patched a flaw that Internet Explorer has not is a colossal oversight.

in the wild (1)

AnAdventurer (1548515) | about 4 years ago | (#33478248)

We always hear about "sites controlled by an attacker", any one have a daily updating list of compromised sites?

Re:in the wild (2, Funny)

a_n_d_e_r_s (136412) | about 4 years ago | (#33480180)

Yes there is sites out there where the company behind them send out software that infect your computer and causes it to become open for anyone to take over.

Some of them even pretend to do useful things for you like pretending to be a way to secure your computer from nasty attacks.

For one nasty example check out this site:

http://www.microsoft.com/ [microsoft.com]

think about it ... (2, Funny)

jobst (955157) | about 4 years ago | (#33479168)

God's ten commandments aren't adhered to ... well at least a major subset of them. How can you expect the rest of the population to listen to administrators when they suggest "don't use IE"?

Why oh why. (1)

jeffgtr (929361) | about 4 years ago | (#33479266)

We have Firefox, Chrome, Safari, Opera and people are still using IE. It sure makes one pause for a moment.

Re:Why oh why. (1)

cboslin (1532787) | about 4 years ago | (#33479936)

Even crazier when you consider that there are well over 100 different browsers on the market...I was shocked to discover this, like most people I knew about Firefox, Netscape (no uses that any more right?), Opera, Safari, Konqueror, Gnuzilla, SeaMonkey, Iceweasel, Fennec, Maemo, Lynx...was not surprised when I went to the wikipedia page on browsers and started counting. http://en.wikipedia.org/wiki/List_of_web_browsers [wikipedia.org] . I stopped at 90...well over 100...yet fools still use IE...amazingly crazy (Using the same browser and expecting a different result).

Re:Why oh why. (1)

VGPowerlord (621254) | about 4 years ago | (#33479998)

And yet, of that list, chances are 90% of them:
1. Use the IE core, or
2. Use the Firefox core, or
3. Use the WebKit core

There are a small handful of browsers that don't use the above, but they are few and far between.

Browser usage (1)

Decker-Mage (782424) | about 4 years ago | (#33480628)

Actually I use all of the above save Safari. [Me and Apple related stuff don't get along. I can even crash current Macs just using them normally. Well, normally for me.] Each browser has its virtues and its warts. And in my setting, all of them usually run as a virtual appliance since all of them could, hell probably have, 0-days and currently unpublicized vulnerabilities. Fact of life, deal with it. Since I normally 'power-off' the VA rather than save it, any crack ain't going very far. I've been doing this since VMWare started releasing betas way back around the turn of the millenium. [Its why I virtualized my browsers and servers in the first place. Security and ease of recovery. Consolidation once computers became powerful enough was just a side benefit.]

Here IE is only used on Microsoft sites and in beta-testing. Otherwise, it's usually FF since I have it customized my way. A ton of security extensions, especially Reverse DNS, and my current favorite shadow theme. Opera is just sweet and doesn't get the attention it deserves.

Just my $.02

Theft, really? (3, Insightful)

noidentity (188756) | about 4 years ago | (#33479632)

There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site.

Data theft is easy to detect, just look for missing data. These sound like data spying/eavesdropping attacks, that is, where the attacker is able to monitor all your data without your knowledge. Nowadays it seems that "theft" has come to mean "something I don't like".

You can "steal" data but can't "steal" songs? (-1, Redundant)

Anonymous Coward | about 4 years ago | (#33480270)

They're just copying 0s and 1s right?

Amazing Slashdot hypocrisy. Well we all know this is a troll zoo but quit making it so obvious to the newcomers!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?