Public Service Announcement: DO NOT USE INTERNET EXPLORER!!!! Definition: MySpace [Mai' thpathe] (pronounced with a lithp), N. - 1. A shrine to Terrible teener web programming, the worst M$ driven Web2.sl0 has to offer.


IE Fans Beware: Hackers Are Exploiting a Serious Unpatched Flaw

Please dont use Inturdnet Exploder and plug up my inbox with spam and my firewall with mindless hammering when your crackheaded M$ Winders box gets trojaned and zombified! 80% of all spam is generated by infected Windows machines. Windows is a registered albatross of Micro$oft corp.

If you've never tried Firefox, Safari, Opera Google Chrome or other Internet Explorer alternatives, now might be a good time.

Micro$oft's flagship browser, the default choice on countless Windows machines, currently has a serious security flaw that affects all versions of the browser running on any version of Windows. The vulnerability allows hackers to gain access to any sensitive data on your PC.

Even more worrying, the exploit is already in the wild and no there's no fix in sight**, leading a number of security researchers to suggested that, in the interest of avoiding malicious software, users switch to another browser.

If you're the pry-it-out-of-my-cold-dead hands sort of IE fan, there is one bright side to news that some 10,000 sites are ready to pwn your PC: so far the sites are mostly Chinese and the malicious software is mainly after passwords for computer games, which can be sold on the black market.

But given the scope of the flaw and the fact that Microsoft has yet to release a patch**, don't expect that to last. Eventually far more sophisticated trojans will likely emerge with far more dangerous goals.

Obviously Microsoft isn't recommending you ditch IE (though the company didn't hesitate to suggest dumping Apple's Safari browser when it suffered from a far less serious vulnerability). Instead the company has released a security bulletin with possible workarounds, including running IE in Protected Mode and running Windows as an non-administrative user (to limit the damage an attacker can inflict).

Microsoft also says it is investigating the flaw and may push out an emergency software patch, rather than wait for the next monthly patch cycle to roll around.

**UPDATE - This has been patched. It took them far too long, but better late than never. Get the patch HERE

It is mentioned that other browsers have vulnerabilities... Yes that's true, but no other browser is so carelessly integrated with Windows as are Internet Explorer and the M$ HTML stack. When you look at your files and directories on your computer - IE libraries are accessed. The toolbar on Windows Explorer(what launches with "My Computer") uses IE libraries. IE is hooked by the shell and by a number of processes running with SYSTEM(higher than Administrator) level privileges such as Automatic Updates. Most people have to run Windows as a member of Administrators, thus, anything running as that user Runs As Administrator! And don't think just because you run Vista and you aren't running as admin, as numb to those G%#$amn (Confirm) (Deny) as people are, you're bound to _give_ permission to an app that needs it for world domination. As in WARGAMES, the only way to win the game, is not to play.

No comments: