God made the food but the devil made the cooks
|
|
|
Microsoft fixes IE6 flaw off schedule
MICROSOFT'S HAND has been forced to issue a critical out-of-band advanced notification security bulletin to deal with potential hack attacks on Internet Explorer (IE) 6.
The out-of-band security advisory comes almost three weeks ahead of Microsoft's next official bicycle repair kit security patches due in February. It was fast-tracked because it addresses the zero-day vulnerabilities exploited by Chinese hackers who recently targeted Google.
The advisory was issued to deal with vulnerability flaws enabling targeted hack attacks on IE6 users, which could potentially allow attackers to perform remote code execution.
The Vole will release the MS10-002 patch later today, as close to 6pm UTC (10am PST) as possible. It will also be hosting a webcast to address customer questions on the out-of-band bulletin at 9pm UTC (1pm PST).
Wiping sweat from his brow, George Stathakopoulos, general manager of Microsoft's trustworthy computing group, issued the following statement:
"We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an out-of-band update is the right decision at this time."
The Vole's proactive fleet of foot movement to close the loop for all ten remaining IE6 users speaks volumes. It must have been dismayed when insecurity experts suggested that its more recent IE7 and IE8 could also be vulnerable. Earlier this week that led German and French Internet security authorities to recommend that users switch away from Internet Exploder to any of the rival web browsers, which are principally Firefox, Opera and Chrome.
This relatively innocuous story takes on a wider dimension because the vulnerability could have been responsible for allowing Chinese hackers to access information on human rights activists. Enter Google, stage left.
Microsoft's CEO, Steve Ballmer expressed bewilderment at Google's policy shift to consider pulling out of China last week and concluded that there hadn't been a fundamental shift in the security environment on the Internet. This was simply a Google problem. Enter Bing, stage right.
We don't expect much comment from Microsoft on any security issues with its ageing Internet Exploder 6 because it doesn't want any bad press while it's pushing Bing for the Chinese market. Though naturally, the Vole is keeping mum about its intentions to keep its relations with China basking in a rosy hue.
Does anyone know the Chinese translation for 'it don't mean a thing if it ain't got that Bing?' µ
Share this:
Share
There will never ever EVER, be a total secure computer. Holes are not accidental in their design. Holes are friends to unscrupulous computer programmers. In a way, they are security, for the programmers, extra cash and contracts security, to "FIX" the holes!
Every program CAN be passed trough an auto script analyser to find, filter and plug ALL the holes! AND nobody argue this with me, I'M NOT STUPID! OK!
One possible excuse I could find in avoiding the use of the auto script analyser is the fear of copyright and litigation because the generated code spit out by the analyser could match other competitors codes. Which is a convenient way to excuse leaving holes in the code in the first place and make money on elongated work contracts, selling security software "With probably more holes!" List truncated!
Now the question is: Does this mean there is basically a limited way to program a computer to totally secure it? The answer is a big YES! And right now If I happen to find myself with these people known or unknown actually doing this I would be beaten beyond recognition!
If your corporate intranet requires IE6 then set the proxy config on IE6 so that it cannot see the real world. Icons can be made for regularly used apps.
Then download a proper browser (non IE) and configure the proxy on that so that the managers can get to really important things like faecesbook and twitter.
DS, I'd like you to meet Reality. Reality, meet DS. You two have obviously not met before...
My computers all updated and all have IE8? I'm as vacant as a dead mans stare but what?
Because winXP is bundled with the damn thing. Every time we install/re-install the winXP, that little sh_it is there.
@DS:
You should say that to my IT executive...
Any IT department that allows their clients to use IE6 outside of the company intranet should be fired for exposing the company to unnecessary security risks.
Whoever thinks there are only ten remaining users of IE6 clearly doesn't work in corporate America where XP and IE6 are still pretty much the norm.
None of us "know" how many security holes are in IE (all versions, as all versions were affected by this latest security issue). All we know is that Microsoft can never seem to patch "all these holes", and that IE seems to be a direct path into the OS (being hardwired into Windows by Microsoft to try and shut-out other browser manufacturers).
At least with an open-source browser like Firefox the code can be independently audited by users and checked for security issues before a "hack" is used. And it's not hard-wired into the OS, so it will always be a safer bet than IE.
http://www.itworld.com/security/93045/dump-internet-explorer-now#comment-24067
"Anybody who's still using IE6 is fucking retarded, and deserves to get backhanded for their ignorance."
All of MS IE are flawed, reason for the constant monthly updates. IE was never designed for the consumer, it was for the behind a firewall corporate environment. Consumers have always been an after thought, hence why their is constant problems with IE.If you take IE off of the Internet and stay only in a intranet environment, 6 would be just fine with minor updates. 7,8, only gives the impression that major changes are happening when MS comes out with a new OS. Hell,IE6 could still be called IE6.648934 for all that matters in Win7.
A perfectly innocent click on a google link got me XXXToolbar and my address bar hijacked so effectively that I had to re-install XP!
That was four years ago, and I've not used IE since except to download Firefox.
Microsoft need to release a MANDATORY update for all versions of windows; which prevents users from using IE6 by constantly redirecting them to the download page for IE8; and not letting them view any other website until they've upgraded to IE8.
Anybody who's still using IE6 is fucking retarded, and deserves to get backhanded for their ignorance.
如果它没得到那Bing,它不意味一件事