Digital delinquents thrive on IE6 exploits Hackers have more more luck targeting users of older versions of Internet Explorer for exploitation than other demographics, according to figures culled from a popular attack tool. Web security firm PrevX lifted the illuminating stats after breaking into the an open admin panel for the Fiesta exploit pack, one of the current …
"IE6 has lots of vulnerabilities, so if it's not patched you're gonna get hit," Erasmus said.
It's gonna get hit even if it is patched!
Isn't it time for whoever's in charge at MS to say "there's something seriously wrong with the way this company develops software" and then do something about it?
Here's a question for the el Reg crowd to chew on: what fraction of these insecurities could be found via code reviews? Is the underlying issue that the code base for Windows and the related apps is now so big, and in parts so old, that it's no longer possible to review it effectively?
Paris because I haven't used her icon lately and she's getting lonely.
Er, yes, IE6 is old and therefore has a wide attack silhouette - little effort to fix problems and a long time for attackers to find and exploit them makes it a relatively easy target.
What really worries me is that the company who owns it are patching the next version and still failing miserably to cover the vulnerabilities in that.
If I ran security for MegaCorp(tm), I'd have the lawyers write in a simple clause for our customers "by using MS products to access our systems, patched or otherwise, you accept all responsibility for fraud, and cannot hold us responsible for <continue lawyer boilerplate> under any circumstances".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
