Internet Explorer users (that's everyone) watch out!!
#1
Scooby Regular
Thread Starter
Join Date: Nov 2002
Location: Talk to the hand....
Posts: 13,331
Likes: 0
Received 0 Likes
on
0 Posts
Internet Explorer users (that's everyone) watch out!!
This was plastered all over the front page of London Lite on the way home:
This from the ITpro website:
"Another wave of attacks target Internet Explorer.
The vulnerability looks like it is getting very serious, with Ivan Macalintal, advanced threats researcher for Trend Micro, reporting that the number of infected sites had risen to 6,000 and was quickly increasing in number.
The website Shadowserver has listed a number of domains known to be exploiting the vulnerability. According to Microsoft, the current trend for attack uses SQL injection attacks against websites, and proceeds to load attack code.
A new advisory has warned that as well as Internet Explorer 7, other versions potentially vulnerable to attacks are IE 5.01 Service Pack 4, IE 6 Service Pack 1, IE 6 and IE 8 Beta 2.
Some experts have advised users to use an alternative browser until Microsoft issues a patch for the problem."
Another wave of attacks target Internet Explorer | IT PRO
That may not be until sometime in January apparently. I presume Scoobynet is still clean but apparently this virus can be downloaded to your machine from infected website then used to access all your passwords and other secure data. It can even be used to set up illegal websites ON YOUR MACHINE without you even knowing.
Needless to say I am posting this from a fresh install of the Mozilla Firefox browser which is secure and would suggest everyone else did the same till the patch is released.
This from the ITpro website:
"Another wave of attacks target Internet Explorer.
The vulnerability looks like it is getting very serious, with Ivan Macalintal, advanced threats researcher for Trend Micro, reporting that the number of infected sites had risen to 6,000 and was quickly increasing in number.
The website Shadowserver has listed a number of domains known to be exploiting the vulnerability. According to Microsoft, the current trend for attack uses SQL injection attacks against websites, and proceeds to load attack code.
A new advisory has warned that as well as Internet Explorer 7, other versions potentially vulnerable to attacks are IE 5.01 Service Pack 4, IE 6 Service Pack 1, IE 6 and IE 8 Beta 2.
Some experts have advised users to use an alternative browser until Microsoft issues a patch for the problem."
Another wave of attacks target Internet Explorer | IT PRO
That may not be until sometime in January apparently. I presume Scoobynet is still clean but apparently this virus can be downloaded to your machine from infected website then used to access all your passwords and other secure data. It can even be used to set up illegal websites ON YOUR MACHINE without you even knowing.
Needless to say I am posting this from a fresh install of the Mozilla Firefox browser which is secure and would suggest everyone else did the same till the patch is released.
Last edited by unclebuck; 16 December 2008 at 08:10 PM.
#3
Scooby Regular
Thread Starter
Join Date: Nov 2002
Location: Talk to the hand....
Posts: 13,331
Likes: 0
Received 0 Likes
on
0 Posts
Here's more from the BBC for those who may doubt my sources:
BBC NEWS | Technology | Serious security flaw found in IE
Don't want a Mac, cos it won't run the software I use.
BBC NEWS | Technology | Serious security flaw found in IE
Don't want a Mac, cos it won't run the software I use.
#6
Moderator
iTrader: (1)
Shouldn't be a problem on vista x64....
Well, because nothing else works on it <ba-boom-tish>
(and well all know thats a lie, because I've been using x64 for well over a year now, and I don't want to get the mac boys over-excited )
Well, because nothing else works on it <ba-boom-tish>
(and well all know thats a lie, because I've been using x64 for well over a year now, and I don't want to get the mac boys over-excited )
Last edited by ALi-B; 16 December 2008 at 08:22 PM.
Trending Topics
#9
Scooby Regular
Thread Starter
Join Date: Nov 2002
Location: Talk to the hand....
Posts: 13,331
Likes: 0
Received 0 Likes
on
0 Posts
People are free to do whatever they choose of course, but don't shoot the messenger. And, the SN spell checker works in Firefox - never seemed to work in explorer.
#13
Scooby Regular
iTrader: (1)
Join Date: Jul 2004
Location: There on the stair
Posts: 10,208
Likes: 0
Received 0 Likes
on
0 Posts
Well the professionals seem to be taking it pretty seriously. I think I'd prefer their advice to the opinion of 'some bloke off the internet'.
People are free to do whatever they choose of course, but don't shoot the messenger. And, the SN spell checker works in Firefox - never seemed to work in explorer.
People are free to do whatever they choose of course, but don't shoot the messenger. And, the SN spell checker works in Firefox - never seemed to work in explorer.
It is fairly overblown - I was indulging in hyperbole
(and my job is IT Security, so I'm not quite 'some bloke off the internet'. I had to provide a report on this for my management this morning)
Being serious, it's another exploit of MS initial open invite coding methods. This one goes back to IE4. the easiest thing to do (for average Joe) is to set IE browsing to HIGH (stopping ActiveX and HTML scripting from running) and avoid sites you don't know or trust.
Oh, and I wasn't shooting the messenger. Sorry if you got that impression
Last edited by Kieran_Burns; 16 December 2008 at 08:41 PM.
#17
Scooby Regular
Thread Starter
Join Date: Nov 2002
Location: Talk to the hand....
Posts: 13,331
Likes: 0
Received 0 Likes
on
0 Posts
I was being facetious. I figured from your response that you probably worked in something like IT Security.
#20
Scooby Regular
Thread Starter
Join Date: Nov 2002
Location: Talk to the hand....
Posts: 13,331
Likes: 0
Received 0 Likes
on
0 Posts
#22
Scooby Regular
Kieran's right i'm afraid
everyone using Mac's (whatever they are) firefox opera etc etc are just living in a cosy world in "false sense of security land"
basically if you dont want to get infected dont go to sites you dont trust and if you don't trust any sites then you shouldn't be on the www full stop
they only target IE coz it's used by 90% of internet users not because its any worse than the others
and believe me i'm no mickysoft lover
if you want to "surf" then do as i do and use a "virtual" machine or simply a "dirty" laptop that you dont mind reloading every week
everyone using Mac's (whatever they are) firefox opera etc etc are just living in a cosy world in "false sense of security land"
basically if you dont want to get infected dont go to sites you dont trust and if you don't trust any sites then you shouldn't be on the www full stop
they only target IE coz it's used by 90% of internet users not because its any worse than the others
and believe me i'm no mickysoft lover
if you want to "surf" then do as i do and use a "virtual" machine or simply a "dirty" laptop that you dont mind reloading every week
#23
Just to make you all feel better MS will be issuing a patch tomorrow for the issue i have been informed -
http://www.microsoft.com/technet/sec.../ms08-dec.mspx
http://www.microsoft.com/technet/sec.../ms08-dec.mspx
#26
#27
Scooby Regular
Originally Posted by Apple
Apple has removed a widely publicized support document from its website that encouraged Mac OS X users to install antivirus software, explaining that its operating system was designed with safeguards to protect against malicious attacks on its own.
The recommendation drew widespread attention given that the Mac maker has been critical in its television advertisements of Windows users' need to stock up on virus detection software while its own computers remain immune to viral threats.
It was later revealed that the document was about a year old and only caught the attention of industry watchers after Apple recently updated it to reflect changes in the version numbering of the antivirus software it was recommending.
"Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult," the document said, in part.
Speaking to CNet News.com, Apple spokesperson Bill Evans said the article was removed last night because it was deemed to be "old and inaccurate."
"The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box," he said. "However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection."
TidBITS security editor Rich Mogull speculates that Apple may have never intended to urge Mac users to install antivirus software, and that the support article may have found its way to the company's website without being filtered through the proper channels.
The recommendation drew widespread attention given that the Mac maker has been critical in its television advertisements of Windows users' need to stock up on virus detection software while its own computers remain immune to viral threats.
It was later revealed that the document was about a year old and only caught the attention of industry watchers after Apple recently updated it to reflect changes in the version numbering of the antivirus software it was recommending.
"Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult," the document said, in part.
Speaking to CNet News.com, Apple spokesperson Bill Evans said the article was removed last night because it was deemed to be "old and inaccurate."
"The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box," he said. "However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection."
TidBITS security editor Rich Mogull speculates that Apple may have never intended to urge Mac users to install antivirus software, and that the support article may have found its way to the company's website without being filtered through the proper channels.
#30
I know it is old news, but you can't deny that as more and more people switch to Mac there will be more attempts to attack OS.
I am not sure how secure my mac is, and as part of the apple propaganda apparently it has magic powers that protect it from attack. Those frequent updates must bestow it with anti virus lasers and voodoo spyware curses!
The propaganda is a brilliant sales strategy and seems to keep all the people happy who take what they are told at face value...
Open your eyes, PCs and Macs are the same thing, just one has fewer (but more pretentious ) users.
I am not sure how secure my mac is, and as part of the apple propaganda apparently it has magic powers that protect it from attack. Those frequent updates must bestow it with anti virus lasers and voodoo spyware curses!
The propaganda is a brilliant sales strategy and seems to keep all the people happy who take what they are told at face value...
Open your eyes, PCs and Macs are the same thing, just one has fewer (but more pretentious ) users.