Feeds

back to article Hackers just POURING through unpatched Internet Explorer zero-day hole

An as-yet-unpatched zero-day vulnerability affecting Internet Explorer is being abused much more widely than analysts had previously suspected. The vulnerability first came to public attention last week with the Operation DeputyDog attacks against targets in Japan, as first reported by net security firm FireEye. Websense, …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Shit browser gets hacked

MS slow to patch. All the more reason to use an alternative.

10
5
Silver badge
Facepalm

Re: Shit browser gets hacked

Phew, its only ie so no-one noticed.

4
0
Silver badge

Re: Shit browser gets hacked

Good job people are using this modern supported version of the OS rather than the doom laden unsupported XP

2
0
Anonymous Coward

Re: Shit browser gets hacked

"MS slow to patch"

Actually on average, they are much faster than OS-X or commercial Linux flavours with fewer days at risk versus # vulnerabilities...

0
4
Anonymous Coward

Re: Shit browser gets hacked

Yes, they were all busy craping themsevles about the loads of highly critical unpatched holes in Chrome....

http://secunia.com/advisories/55087

0
0
Bronze badge

More accurately most used browser in business and therefore most profitable to be hacked continuously attacked for profit.

It doesn't matter what browser you use when it becomes profitable to hack that browser will be torn to shreds.

7
14
Silver badge
Holmes

It doesn't matter what browser you use..

If it is as shitty and unpatched as IE,that is.

No matter how much it is "improved", using it is like Groundhog Day.

Time after time, the same headline... you could use a rubber stamp.

Don't use it.

14
5
Anonymous Coward

Re: It doesn't matter what browser you use.. @hplasm

"... you could use a rubber stamp."

And people like you do Bored now - do you realise that trotting out the same old crap here is likely to have zero effect, except getting automatic upvotes from the other guys who thought Eadon was sane?

9
15
Anonymous Coward

Re: It doesn't matter what browser you use.. @hplasm

Cue downvote -1

0
2
Silver badge
Happy

Re: MattEvansC3

So Safari should be safe for quite a while then!

0
1
Silver badge
Windows

Re: It doesn't matter what browser you use.. @hplasm

"...do you realise that trotting out the same old crap here is likely to have zero effect..."

Indeed- see Microsoft sales.

0
0
Anonymous Coward

Re: It doesn't matter what browser you use..

"If it is as shitty and unpatched as IE,that is."

IE since V7 onwards has actually had far fewer vulnerabilities than say Chrome, Safari or Firefox....

1
1
Bronze badge
Linux

Re: MattEvansC3

"So Safari should be safe for quite a while then!"

Use Lynx...

0
0
Bronze badge

OMG people wake up and get away from the Microsoft crap! Its been full of security holes, bugs for years now and will be the same until its death and even then its coffin will be full of bugs forever!

7
2

Unfortunately, Paypal support....

....is telling people to use IE because of a "technical issue" they're having with other browsers.

(Yes, look, I'd love to use another payment system as well, but this is the one I'm currently stuck with, okay?)

0
1
Anonymous Coward

"get away from the Microsoft crap! Its been full of security holes, bugs for years now "

But for about the last decade or so, far fewer security holes than the competition. You would simply be moving the problem.

Just look at what happened with Linux in both webservers and Android - hacked to shreds and stuffed with malware respectively once they went mass market...Ditto OS-X - now it hit a couple of percentage points of market share - we have already seen a number of exploits / malware instances...

1
4
Thumb Up

Firefox with Noscrpt FTW.

Since this is JavaScript code, users of Firefox with NoScript will be safe.

2
0
Silver badge
Facepalm

Re: Firefox with Noscrpt FTW.

Doubly so since the bug is in a completely different browser...

Point taken about JavaScript though. It does seem responsible for more than its fair share of security flaws.

0
0
Anonymous Coward

I forgot Internet Explorer was still a thing.

1
0
Anonymous Coward

Of course, the other browsers are perfectly secure ;) easy to hate on Microsoft

Firefox

http://www.cvedetails.com/cvss-score-charts.php?product_id=3264&fromform=1

Chrome:

http://www.cvedetails.com/cvss-score-charts.php?product_id=15031&fromform=1

IE

http://www.cvedetails.com/cvss-score-charts.php?product_id=9900&fromform=1

I personally don't trust any of them. I do all my browsing in isolated virtual machines.

1
1
Silver badge

If they're isolated, what websites do you view? Must be a wonderfully interesting intranet hosted on that VM.

3
0

You can be *literal* about wording if you'd like. The fact is VM-breaking exploits are much rarer than browser exploits or even OS exploits. It's unlikely any infection you manage to pick up while browsing (and even that's unlikely if you're careful) would be able to break out.

0
1

Of course, the other browsers are perfectly secure

The old 'It's OK to put to see in sieve because even ocean liners sink sometimes" argument

2
0
Silver badge

In other words, the VM isn't isolated, it's sandboxed.

Which isn't a bad practice actually, just a little inconvenient dealing with a VM.

The hardware I support for a living: no Internet connection, some of it there isn't even a VPN we can use to do remote access. That's what I understand by the term "isolated".

0
0
Silver badge

opera lol

Where are all the smug opera users touting how the %.0001 market share actually protects them? Oh thats right, now that Opera is nothing but basically a skin for Chrome's layout engine (Blink) they can't count on security by obscurity.

2
5
Bronze badge
FAIL

Re: opera lol

Actually, it isn't even that. It's a slightly customised version of Chromium, covered in Opera branding. There is more original code in basic Webkit browsers like Midori and QTWeb.

0
1
Silver badge

proof

Once again more proof why using network software that can't be easily uninstalled is generally a bad idea. Force the sheep to have access to something and the wolves won't be far behind.

1
1
Coat

Roll back to Vista - you know it makes sense!

" The exploit we analyzed worked only on Windows XP or Windows 7 running Internet Explorer 8 or 9. "

(1) A subtle plot to get users on to W8 or IE10 on W7?

(2) A big "Yay!!" for Vista - the secure version of the MS range :-)

Cheers

LGC

1
0
Bronze badge

Re: Roll back to Vista - you know it makes sense!

They probably couldn't find anyone with a Vista PC to test it on.

0
0
Coat

Re: Roll back to Vista - you know it makes sense!

http://en.wikipedia.org/wiki/Usage_share_of_operating_systems

Got more market share than Linux, still.

Mine's the one with the target on the back.

0
1
Silver badge
Coat

Re: Roll back to Vista - you know it makes sense!

They probably couldn't find anyone with a Vista PC to test it on.

Ohh they did… but the moment they tried to connect, RAM filled up, the disk started thrashing the swap and the TCP connection timed out before they got anywhere.

0
0
This topic is closed for new posts.