back to article Hackers just POURING through unpatched Internet Explorer zero-day hole

An as-yet-unpatched zero-day vulnerability affecting Internet Explorer is being abused much more widely than analysts had previously suspected. The vulnerability first came to public attention last week with the Operation DeputyDog attacks against targets in Japan, as first reported by net security firm FireEye. Websense, …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Shit browser gets hacked

    MS slow to patch. All the more reason to use an alternative.

    1. Bob Vistakin
      Facepalm

      Re: Shit browser gets hacked

      Phew, its only ie so no-one noticed.

      1. Anonymous Coward
        Anonymous Coward

        Re: Shit browser gets hacked

        Yes, they were all busy craping themsevles about the loads of highly critical unpatched holes in Chrome....

        http://secunia.com/advisories/55087

    2. Yet Another Anonymous coward Silver badge

      Re: Shit browser gets hacked

      Good job people are using this modern supported version of the OS rather than the doom laden unsupported XP

    3. Anonymous Coward
      Anonymous Coward

      Re: Shit browser gets hacked

      "MS slow to patch"

      Actually on average, they are much faster than OS-X or commercial Linux flavours with fewer days at risk versus # vulnerabilities...

  2. Anonymous Coward
    Anonymous Coward

    More accurately most used browser in business and therefore most profitable to be hacked continuously attacked for profit.

    It doesn't matter what browser you use when it becomes profitable to hack that browser will be torn to shreds.

    1. hplasm
      Holmes

      It doesn't matter what browser you use..

      If it is as shitty and unpatched as IE,that is.

      No matter how much it is "improved", using it is like Groundhog Day.

      Time after time, the same headline... you could use a rubber stamp.

      Don't use it.

      1. Anonymous Coward
        Anonymous Coward

        Re: It doesn't matter what browser you use.. @hplasm

        "... you could use a rubber stamp."

        And people like you do Bored now - do you realise that trotting out the same old crap here is likely to have zero effect, except getting automatic upvotes from the other guys who thought Eadon was sane?

        1. Anonymous Coward
          Anonymous Coward

          Re: It doesn't matter what browser you use.. @hplasm

          Cue downvote -1

        2. hplasm
          Windows

          Re: It doesn't matter what browser you use.. @hplasm

          "...do you realise that trotting out the same old crap here is likely to have zero effect..."

          Indeed- see Microsoft sales.

      2. Anonymous Coward
        Anonymous Coward

        Re: It doesn't matter what browser you use..

        "If it is as shitty and unpatched as IE,that is."

        IE since V7 onwards has actually had far fewer vulnerabilities than say Chrome, Safari or Firefox....

    2. Matt Bryant Silver badge
      Happy

      Re: MattEvansC3

      So Safari should be safe for quite a while then!

      1. Rick Giles
        Linux

        Re: MattEvansC3

        "So Safari should be safe for quite a while then!"

        Use Lynx...

  3. Bladeforce

    OMG people wake up and get away from the Microsoft crap! Its been full of security holes, bugs for years now and will be the same until its death and even then its coffin will be full of bugs forever!

    1. SisterClamp

      Unfortunately, Paypal support....

      ....is telling people to use IE because of a "technical issue" they're having with other browsers.

      (Yes, look, I'd love to use another payment system as well, but this is the one I'm currently stuck with, okay?)

    2. Anonymous Coward
      Anonymous Coward

      "get away from the Microsoft crap! Its been full of security holes, bugs for years now "

      But for about the last decade or so, far fewer security holes than the competition. You would simply be moving the problem.

      Just look at what happened with Linux in both webservers and Android - hacked to shreds and stuffed with malware respectively once they went mass market...Ditto OS-X - now it hit a couple of percentage points of market share - we have already seen a number of exploits / malware instances...

  4. Simon2
    Thumb Up

    Firefox with Noscrpt FTW.

    Since this is JavaScript code, users of Firefox with NoScript will be safe.

    1. Old Handle
      Facepalm

      Re: Firefox with Noscrpt FTW.

      Doubly so since the bug is in a completely different browser...

      Point taken about JavaScript though. It does seem responsible for more than its fair share of security flaws.

  5. Anonymous Coward
    Anonymous Coward

    I forgot Internet Explorer was still a thing.

  6. Anonymous Coward
    Anonymous Coward

    Of course, the other browsers are perfectly secure ;) easy to hate on Microsoft

    Firefox

    http://www.cvedetails.com/cvss-score-charts.php?product_id=3264&fromform=1

    Chrome:

    http://www.cvedetails.com/cvss-score-charts.php?product_id=15031&fromform=1

    IE

    http://www.cvedetails.com/cvss-score-charts.php?product_id=9900&fromform=1

    I personally don't trust any of them. I do all my browsing in isolated virtual machines.

    1. Anonymous Coward
      Anonymous Coward

      If they're isolated, what websites do you view? Must be a wonderfully interesting intranet hosted on that VM.

      1. Paul 116

        You can be *literal* about wording if you'd like. The fact is VM-breaking exploits are much rarer than browser exploits or even OS exploits. It's unlikely any infection you manage to pick up while browsing (and even that's unlikely if you're careful) would be able to break out.

        1. Anonymous Coward
          Anonymous Coward

          In other words, the VM isn't isolated, it's sandboxed.

          Which isn't a bad practice actually, just a little inconvenient dealing with a VM.

          The hardware I support for a living: no Internet connection, some of it there isn't even a VPN we can use to do remote access. That's what I understand by the term "isolated".

    2. Magnus_Pym

      Of course, the other browsers are perfectly secure

      The old 'It's OK to put to see in sieve because even ocean liners sink sometimes" argument

  7. asdf

    opera lol

    Where are all the smug opera users touting how the %.0001 market share actually protects them? Oh thats right, now that Opera is nothing but basically a skin for Chrome's layout engine (Blink) they can't count on security by obscurity.

    1. Not That Andrew
      FAIL

      Re: opera lol

      Actually, it isn't even that. It's a slightly customised version of Chromium, covered in Opera branding. There is more original code in basic Webkit browsers like Midori and QTWeb.

  8. asdf

    proof

    Once again more proof why using network software that can't be easily uninstalled is generally a bad idea. Force the sheep to have access to something and the wolves won't be far behind.

  9. David Roberts
    Coat

    Roll back to Vista - you know it makes sense!

    " The exploit we analyzed worked only on Windows XP or Windows 7 running Internet Explorer 8 or 9. "

    (1) A subtle plot to get users on to W8 or IE10 on W7?

    (2) A big "Yay!!" for Vista - the secure version of the MS range :-)

    Cheers

    LGC

    1. teebie

      Re: Roll back to Vista - you know it makes sense!

      They probably couldn't find anyone with a Vista PC to test it on.

      1. David Roberts
        Coat

        Re: Roll back to Vista - you know it makes sense!

        http://en.wikipedia.org/wiki/Usage_share_of_operating_systems

        Got more market share than Linux, still.

        Mine's the one with the target on the back.

      2. Anonymous Coward
        Coat

        Re: Roll back to Vista - you know it makes sense!

        They probably couldn't find anyone with a Vista PC to test it on.

        Ohh they did… but the moment they tried to connect, RAM filled up, the disk started thrashing the swap and the TCP connection timed out before they got anywhere.

This topic is closed for new posts.