Internet Explorer security alert
Posted by: GML on 16 December 2008
The advice is to change to another browser for the time being. Story here.
Get a grip
quote:Originally posted by fatcat:
Get a grip
+1
Microsoft is to release an emergency patch to fix a reported vulnerability in Internet Explorer. The update is set to be issued following the discovery of Trojans that are capable of stealing passwords that are believed to be based in China. Hackers have apparently used SQL injections to create malicious links on legitimate websites.
Christopher Budd, security response communications lead for Microsoft, said in a blog posting: “We've just published our advance notification for an out-of-band security bulletin release. We plan to release the security update tomorrow, December 17, 2008 to address the vulnerability we've discussed in Microsoft Security Advisory 961051. Our target time, as always, is 10:00 a.m. Pacific Time.
Graham Cluley, senior technology consultant at Sophos, said: “Concerns about the security bug escalated as it was discovered that it affected not only version 7 of Internet Explorer, but also IE 5.01 SP4, IE 6, IE 6 SP1 and IE 8 Beta 2. Attacks incorporating the exploit have also been seen on websites around the world, potentially putting Internet Explorer users at risk in the absence of a patch.
“Microsoft will have been working feverishly to put a patch together that can defend all the different versions of Internet Explorer, and testing that it works as expected. Within 24 hours the patch should be available for anyone to download, and fingers crossed computer users will be applying it without hesitation.
Arrange these words in to a well know phrase
after bolted door horse has shutting stable the the
I think I'll check my Amiga to see if it is affected - nope unaffected, it is perfectly safe
Christopher Budd, security response communications lead for Microsoft, said in a blog posting: “We've just published our advance notification for an out-of-band security bulletin release. We plan to release the security update tomorrow, December 17, 2008 to address the vulnerability we've discussed in Microsoft Security Advisory 961051. Our target time, as always, is 10:00 a.m. Pacific Time.
Graham Cluley, senior technology consultant at Sophos, said: “Concerns about the security bug escalated as it was discovered that it affected not only version 7 of Internet Explorer, but also IE 5.01 SP4, IE 6, IE 6 SP1 and IE 8 Beta 2. Attacks incorporating the exploit have also been seen on websites around the world, potentially putting Internet Explorer users at risk in the absence of a patch.
“Microsoft will have been working feverishly to put a patch together that can defend all the different versions of Internet Explorer, and testing that it works as expected. Within 24 hours the patch should be available for anyone to download, and fingers crossed computer users will be applying it without hesitation.
Arrange these words in to a well know phrase
after bolted door horse has shutting stable the the
I think I'll check my Amiga to see if it is affected - nope unaffected, it is perfectly safe
I don't use any Microsoft product except Windows XP. I switch off automatic updates, and use my ESET firewall to forbid any programme except, Firefox, Thunderbird, U-torrent and a few others from accessing the web.
Internet Explorer is forbidden from accessing the web, I occasionally allow it when checking my website for authoring problems.
I would strongly advise against using Internet Explorer at the best of times, it shares far too much code with Windows Explorer, and means you are pretty much dragging your operating system around unsafe places.
The basic problem with any Microsoft product is that they are designed to be constantly have updates added to them, and so hackers can mimic the updates, and then install malware.
Generally I would advise having any automatic updates switched off. If your system is working OK, why change it, and why let someone who has proved to be fairly untrustworthy (Microsoft) have access to YOUR computer.
I have found Firefox to be a better browser, with more features, and has had far less security issues than IE.
Unfortunately I need to use XP for some of the programmes I have on my PCs, but my the vast majority of work is still done on SGI UNIX/IRIX systems, never connected to the web, and with a reliable operating system.
____________________________________________________________________
While on the topic of security,I received a very persuasive spoof email purporting to be from PayPal, which had my first name (I am known by my middle name except for financial services) and was to an email account I have only had for 8 months, and has been spam free.
This probably obvious, but worth stating, if the reply link on a PayPal email does not start with w(w)w.paypal.com or (h\ttp
//w(\))w)w.paypal.com , is some thing like (h\ttp_)/email1.Paypal......., then it is spam. Never hit a link from a possible spoof email, if you need to go to the website to check things, then type the home address manually and navigate to your account, or their security centre.
I have spoken with the Visa security services as it looks like someone I have bought from over the last 8 months has had their security hacked.
Stating the obvious, I know, but never be too self confident that you can spot spam.
Brackets and junk have been added into the email addresses to disable the auto linking on the forum.
Internet Explorer is forbidden from accessing the web, I occasionally allow it when checking my website for authoring problems.
I would strongly advise against using Internet Explorer at the best of times, it shares far too much code with Windows Explorer, and means you are pretty much dragging your operating system around unsafe places.
The basic problem with any Microsoft product is that they are designed to be constantly have updates added to them, and so hackers can mimic the updates, and then install malware.
Generally I would advise having any automatic updates switched off. If your system is working OK, why change it, and why let someone who has proved to be fairly untrustworthy (Microsoft) have access to YOUR computer.
I have found Firefox to be a better browser, with more features, and has had far less security issues than IE.
Unfortunately I need to use XP for some of the programmes I have on my PCs, but my the vast majority of work is still done on SGI UNIX/IRIX systems, never connected to the web, and with a reliable operating system.
____________________________________________________________________
While on the topic of security,I received a very persuasive spoof email purporting to be from PayPal, which had my first name (I am known by my middle name except for financial services) and was to an email account I have only had for 8 months, and has been spam free.
This probably obvious, but worth stating, if the reply link on a PayPal email does not start with w(w)w.paypal.com or (h\ttp
//w(\))w)w.paypal.com , is some thing like (h\ttp_)/email1.Paypal......., then it is spam. Never hit a link from a possible spoof email, if you need to go to the website to check things, then type the home address manually and navigate to your account, or their security centre.I have spoken with the Visa security services as it looks like someone I have bought from over the last 8 months has had their security hacked.
Stating the obvious, I know, but never be too self confident that you can spot spam.
Brackets and junk have been added into the email addresses to disable the auto linking on the forum.