Speed comes at a price - Bob Colwell, former chief architect at Intel
|
|
|
Microsoft's IE has still more flaws
INSECURITY EXPERTS have been having a look at Microsoft Internet Explorer (IE) vulnerabilities and have found, you guessed it, even more.
Core Security Technologies told Reuters that one of its consultants had discovered a series of four or five potentially exploitable flaws in IE that could be used to give an attacker remote access to a user's PC. Individually, none of the vulnerabilities could be used to break into PCs running IE, but linked together they could.
It has already brought the flaw to Microsoft's attention and intends to run a demo of the hack at a Black-Hat security conference in Washington early next month.
The last thing the Vole needs is another discovery of an Internet Exploder vulnerability, one of which led to a Chinese hack into Google's information on human rights activists, but now it has not just one but several. These tip up just days after it issued an out-of-band patch for its ms10-002 security bulletin.
As we mentioned last week, Microsoft had already been fully aware of the IE 6 flaw after Meron Sellen, a white-hat hacker employed as a security researcher by Israeli firm BugSec, had alerted the company back in September 2009.
It will be interesting to see if the Vole issues another out-of-band security patch for these flaws or will try to resume business as usual by addressing this raft of newly discovered vulnerabilities in its monthly security patches in February. µ
Share this:
Share
"The only users who still use IE6 are the ones with their Windows Updates turned off. As most Win XP users are aware, IE7 got pushed to all XP users as a critical update years ago."
Or users who company still has not upgraded all the systems to current specs (IE7). I am a Federal employee, and unless the actuall system I am logged and using is an "Admin" computer (not a general use or training) it is still running Office 03 and IE6.
"Microsoft's IE has still more flaws
It's a never ending story it seems"
Says it all.
Some people never learn.
However, the safe Firefox 3.6 downloads are taking place at a rapid pace.
"Firefox 3.6 has been downloaded…
15,379,105
times since January 21, 2010" - http://www.mozilla.com/en-US/firefox/stats/
I wonder if any piece of software has ever had as many faults for such a long time as IE.
The harm IE has caused, bye now, must be in the billion dollar range.
Does it worry Microsoft, hardly, as there is no money to make.
IE insecurities (although very bad) could be looked upon as a "red flag" pointing to insecure Microsoft programming in general.
And, sure enough, we see "critical vulnerabilities" occurring in all Windows platforms each and every month (for the past 15 + years). These "patches" never really seem to "fix" all these security holes...more like just moving them around to other places. So, if you cannot trust IE, you really cannot trust Windows, either.
I guess the first step toward addressing the problem would be to use a more secure, open-source browser such as Firefox (as France and Germany are advocating).
And the second step: switch to a secure open-source OS (Kubuntu, OpenSuse, etc.). I did both (and, hey presto, no virus/malware issues!).
The only users who still use IE6 are the ones with their Windows Updates turned off. As most Win XP users are aware, IE7 got pushed to all XP users as a critical update years ago.
So, the patch is only going to provide the potential attacker with more information about were to look to find the vunerability. Aka, it will make thing WORSE. It's never going to help IE6 users, as the only thing those users have to do is turn their Windows Update on and look for the critical update called "Internet Explorer 7".
There is no need for this patch. Just like we don't need a patch for Firefox 1.5. Period.
I use FireFox and refuse IE internet access through my firewall.
Simple.
I only use IE to access windows update.
So does firefox which is why we get updates to that also. But dont mention that because the INQ loves all things anti Microsoft.
What happened Billy G and Ballmer had thier way with every INQ editor girlfriend like a set of fingercuffs to cause so much hate toward Microsoft?
proving the "free market" can choose wrongly, and also M$ actually gets *more* cash on buggy products by promoting "upgrades" that supposedly fix their previous errors.
That's what you get without regulation.
Use Firefox, or Google chrome. I can't even stand to look at the over bearing I.E. even it if it was safe to use. I don't know why Microsoft with all it's cash can't get it right.