Microsoft has begun investigating a flaw in IE that most affects older versions of Windows, and turns vulnerable systems into a "public file server". The vulnerability means that hackers might be able to access files with an already known filename and location, providing they can trick users into visiting a maliciously …
ANOTHER vulnerability in Windows/IE. You couldn't make it up!!!!
I always wanted my own file server but not in this way.
So, move contents of My Documents to...
...a sub folder named asdf.asdf.qwerty123 ?
Now the whole internet knows where you keep your documents.
That's good to know.
Solution to the problem
Here is a linux disk, insert it and reboot.
If only if were that easy...
WINE won't run my critical line-of-business and industry specific applications, and there are no credible linux-ported alternatives that have passed even first round testing!
*RDP's back into his XP VM*
Ah there we go...now I can get back to making money.
"information disclosure" bug...
..is one way of describing it and of course being able to get key files from the directory structure (which being Windows will, in 99.9% of cases be c:\windows) isn't really a problem is it?
I mean being able to run off with things like the remembered form values and passwords from IE isn't really an issue is it......
How many people will have stored important info in files called passwords.txt or passwords.doc in their home directory.
isnt it strange
how many exploits that only affect Win XP have come out since Win 7 was launched?
... those porn flicks and warez must mean somebody's cracked my Windows peecee ... not mine ... onnist ...
This is perfect for MS
Finally, a reason for the XP holdouts to upgrade to Win7.
Has anyone found out exactly the source of this vulnerability or was the black-hat tipped off (by MS)?
Safety in openness
obviously one more reason to use Firefox.
As with most
A real HW firewall/NAT router will protect you.
Is it only me...
Or Windows XP is suddenly a pile load of insecure old trash...
Oh wait Windows 7 is the most secure windows ever...
The description of this situation does not tally with any common definition of a public file server. There's no excuse for such misinformation and hype.
Docs safe, applications less so?
If the exact filename and path is needed, this should mean your Documents are safe as the hacker will need to know your username to locate C:\Docs n Settings\Username\My Documents\passwords.txt
BUT... this surely means it is trivial to locate programs in the Windows folder. Like the registry files in c:\windows\system32\config\.
Is this also the same bug where the executables are usable? Did I read the demonstration ran c:\windows\calc.exe? As that would be a pain as C:\windows\regedit.exe is in the same place on everyone's windows PC.
Ah... of course... it is just a ploy to get everyone to upgrade from XP to Win7.
Time to dig out those Win3.11 disks and use IE3.
Disadvantages - no flash (boo hoo, like I ever use it)
Advantages: No-one writing viruses for it any more so I'm unlikely to have my machine compromised.
Tried it...no go
You may laugh, but I already tried that already (MS Virtual PC), and apart from dire colour resolution, there's no 16 bit browser available that can handle any of the current web technologies. The 'old' browsers either hang or can't render code properly. With a higher colour resolution and a capable browser 3.11 would be a great portable web OS
- Teardown Pop open this iPhone 6 and see where the magic oozes from ... oh hello again, Qualcomm
- Analysis Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring
- Pics Facebook's Oculus unveils 360-degree VR head tracking Crescent Bay prototype
- Bargain basement iPhone shoppers BEWARE! eBay exposes users to phishing vuln
- Something for the Weekend, Sir? Oh God the RUBBER on my SHAFT has gone wrong and is STICKING to things