×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

US and UK Governments Advise Avoiding Internet Explorer Until Bug Fixed

samzenpus posted about 8 months ago | from the patch-please dept.

Microsoft 153

martiniturbide (1203660) writes "Reuters is reporting that 'The U.S. and UK governments on Monday advised computer users to consider using alternatives to Microsoft Corp's Internet Explorer browser until the company fixes a security flaw that hackers used to launch attacks.' The article states that 'The Department of Homeland Security's U.S. Computer Emergency Readiness Team said in an advisory released on Monday that the vulnerability in versions 6 to 11 of Internet Explorer could lead to "the complete compromise" of an affected system.'"

Sorry! There are no comments related to the filter you selected.

Oh Noes! (4, Funny)

Ol Olsoc (1175323) | about 8 months ago | (#46863279)

How are people going to download Firefox?

Re:Oh Noes! (5, Funny)

Anonymous Coward | about 8 months ago | (#46863355)

I telnet to getfirefox.org, you insensitive clod!

Re:Oh Noes! (1)

Anonymous Coward | about 8 months ago | (#46863391)

I telnet to getfirefox.org, you insensitive clod!

Why telnet if you can use butterflies to communicate with the server.

Re:Oh Noes! (2)

jonyen (2633919) | about 8 months ago | (#46863495)

I telnet to getfirefox.org, you insensitive clod!

Why telnet if you can use butterflies to communicate with the server.

Using butterflies would cause too many latency issues, whether you're using the butterflies for direct transmission or generating cosmic rays via the butterfly effect.

Re:Oh Noes! (3, Informative)

sharknado (3217097) | about 8 months ago | (#46863823)

Butterfly communication has become unreliable due to destruction of milkweed corridors. http://thinkprogress.org/clima... [thinkprogress.org]

Re:Oh Noes! (1)

Penguinisto (415985) | about 8 months ago | (#46863623)

Wuss: real men just use wget.

Re:Oh Noes! (1)

SeaFox (739806) | about 8 months ago | (#46864017)

The telnet client is not installed by default on Windows anymore. You'd have to teach people how to add it from the control panels.

Re:Oh Noes! (-1)

Anonymous Coward | about 8 months ago | (#46863497)

Firefox is for fucktards. Real men use Chrome.

Re:Oh Noes! (0)

Anonymous Coward | about 8 months ago | (#46863585)

Bull. Real men telnet to Port 80.

Re:Oh Noes! (2)

viperidaenz (2515578) | about 8 months ago | (#46863789)

Real men use telnet to port 443.

Re:Oh Noes! (1)

sharknado (3217097) | about 8 months ago | (#46863839)

Real men don't need a port. They make their own.

Re:Oh Noes! (0)

Anonymous Coward | about 8 months ago | (#46864113)

Real men design and make their own CPU first.

Re:Oh Noes! (0)

Anonymous Coward | about 8 months ago | (#46864435)

Real men design and build their own mechanical differential engine.

Re:Oh Noes! (1)

fizzer06 (1500649) | about 8 months ago | (#46864511)

Home-Built TTL Computer Processor (CPU) http://cpuville.com/ [cpuville.com]

Re:Oh Noes! (1)

quenda (644621) | about 8 months ago | (#46865273)

Real men design and make their own CPU first.

Real men don't need a CPU. They just whistle into the modem and listen to the response.

Re:Oh Noes! (0)

Anonymous Coward | about 8 months ago | (#46863679)

Real men lube up and bend over for a good fucking, what?

Bootstrap with a mobile device (1)

tepples (727027) | about 8 months ago | (#46863545)

Use your Android device to download the Firefox for Windows installer, then connect the device to your PC through USB. Or use a computer at a public library to download Firefox to a USB flash drive.

Re:Bootstrap with a mobile device (0)

Anonymous Coward | about 8 months ago | (#46863747)

  • 1) This is /. and real answers are not welcome.
  • 2) whoosh!

Re:Bootstrap with a mobile device (1)

mlts (1038732) | about 8 months ago | (#46863871)

Don't forget to check the Authenticode signature on the Firefox package (and check the key and CA as well...) Before anything gets installed on Windows, I check the signatures. I've been surprised, and quite glad that I've done so, as some download places "repackage" the installers for other programs and re-sign the executables... and usually there are unwanted (well, more accurately, potentially unwanted) additions.

Re:Oh Noes! (0)

Skarjak (3492305) | about 8 months ago | (#46863547)

With the numerous gaping holes in security discovered in IE over the years, it's incredible that people are still using it. I guess they don't know there are alternatives?

Re:Oh Noes! (1)

Anonymous Coward | about 8 months ago | (#46863643)

Easy. Microsoft suckasses in the I.T. department.

Re:Oh Noes! (2)

tepples (727027) | about 8 months ago | (#46863687)

With the numerous gaping holes in security discovered in IE over the years, it's incredible that people are still using it. I guess they don't know there are alternatives?

Someone who knows of alternatives may happen not to have ready access to another PC that already has Firefox. It's not like you can get public releases of Firefox through FTP anymore:

220- releases.mozilla.org now points to our CDN distribution network and no longer works for FTP traffic
[...]
230- Notice: This server is the only place to obtain nightly builds and needs to
230- remain available to developers and testers. High bandwidth servers that
230- contain the public release files are available at ftp://releases.mozilla.org/
230- If you need to link to a public release, please link to the release server,
230- not here. Thanks!
230-
230- Attempts to download high traffic release files from this server will get a
230- "550 Permission denied." response.

Re:Oh Noes! (2)

SeaFox (739806) | about 8 months ago | (#46864041)

Not directly through Mozilla. But there are third-party FTP servers run by trustworthy organizations that host it I'm sure.

Re:Oh Noes! (0)

Anonymous Coward | about 8 months ago | (#46864937)

But there are third-party FTP servers run by trustworthy organizations that host it I'm sure.

ftp://mirror.cs.utah.edu/slack... [utah.edu]

Re:Oh Noes! (0)

Anonymous Coward | about 8 months ago | (#46864329)

the alternatives are no better for security since they are also vulnerable to buffer overflow exploits that will run arbitrary code. Chrome, FF and their spinoffs have had their fair share of catastrophic exploits but they aren't as publicized.

Re:Oh Noes! (1)

Penguinisto (415985) | about 8 months ago | (#46863661)

Crap - *now* they tell me. I had to use IE (v.$latest in Windows 7) to get an .iso from MSDN, because the damned site screams and complains if you use anything else.

Re:Oh Noes! (0)

Anonymous Coward | about 8 months ago | (#46863831)

I download ISOs from MSDN subscriber downloads with Opera, no screaming (or if there is, it can be ignored).

Besides, it's not like the vulnerability will affect you unless you believe Microsoft is exploiting this hole as well. I know some of you wouldn't put it past them, but they have far better ways to run anything they want on your machine.

Re: Oh Noes! (1)

niftydude (1745144) | about 8 months ago | (#46863967)

Just because you trust Microsoft the company, doesn't mean that one of their webservers hasn't been hacked and had an exploit installled by a third party. Especially if you consider that MS web admins are probably using ie, and so may have had their work computers exploited.

Re: Oh Noes! (0)

Anonymous Coward | about 8 months ago | (#46864605)

If Microsoft's MSDN servers have been compromised, there are better ways to affect far more people than just exploiting an IE bug.

I don't generally trust Microsoft, but I do trust them to be aware of what goes on with their MSDN servers (like if files were updated suddenly with no scheduled changes).

If I didn't trust them to have that basic level of security, there's no way I'd be installing something from MSDN at all, IE exploit or not.

Re:Oh Noes! (0)

Anonymous Coward | about 8 months ago | (#46863727)

Have you looked at Firefox vulnerability statistics lately? I wouldn't be so cocky.. later versions of IE is mostly below Firefox and Chrome..

Re:Oh Noes! (1)

SeaFox (739806) | about 8 months ago | (#46864031)

How are people going to download Firefox?

You can open a Windows Explorer window and use it to access FTP servers.

Re:Oh Noes! (2)

VortexCortex (1117377) | about 8 months ago | (#46864441)

How are people going to download Firefox?

Open the command terminal* : [Towel Key + R]
  "cmd" [Enter]

In the resultant terminal:

ftp
open ftp.mozilla.org

The username and password are both "anonymous" (sans quotes).

cd pub/mozilla.org/firefox/releases/latest/win32/en-US
ls
binary
get "Firefox Setup [version].exe"
bye

Firefox Setup [version].exe

Replace [version] above with the version number you wish to download. You may also "lcd [directory]" to change the local directory the download will appear in. Selecting a 64 bit version of Firefox or downloading and installing Internet Explorer on GNU/Linux is a trolling exercise left to the reader.

* Known as the "Super Key" more recently by some -- A possible mutation by association considering that towels are super.
Translator's note: The labels have been removed from the largest and most important key of all boards to prevent human rediscovery of its true purpose;
However, traces of the vestigial memory remains after the wipe hilariously causing them to naturally associate the unlabeled key with our "Space Bar".
For so long as the humans remain contently oblivious the situation has been deemed "mostly harmless".

Re:Oh Noes! (1)

The New Guy 2.0 (3497907) | about 8 months ago | (#46864763)

There really should be some effort to distribute Firefox on SD card or other non-download media, or at least a placeholder that contacts mozzila.org without needing Internet Explorer. We've been reading about this kind of thing on Slashdot for years now.

On it! (2)

American AC in Paris (230456) | about 8 months ago | (#46863297)

Downloading Mosaic as we speak!

Re:On it! (1)

mlts (1038732) | about 8 months ago | (#46863435)

yum -y install lynx

Whew. OK here.

Re:On it! (link) (1)

SpaceLifeForm (228190) | about 8 months ago | (#46864039)

Mosaic Link [uiuc.edu]

Of course, it is a bit dated, and some of the bits may be rusty.

Re:On it! (1)

Hamsterdan (815291) | about 8 months ago | (#46864425)

That is one heck of an addictive game sir... congrats...

Looks like I can't use IE for a while. (0)

Anonymous Coward | about 8 months ago | (#46863299)

And nothing of value was lost.

Government (1)

Anonymous Coward | about 8 months ago | (#46863303)

How many government employees have no choice but to use IE themselves?

Re: Government (5, Informative)

Anonymous Coward | about 8 months ago | (#46863361)

Numerous NYS web pages whos use is MANDATED for local government REQUIRES IE 8. For the Win7 machines (dictated by HIPPA as securable) we have to disable ActiveX security, add it to trusted sites, AND fire up the developer tools to get it into IE 7 compatability. The page I am specifically thinking of is the Department of Health... you know where all your medical records are.

Security is poorly spun illusion at this point. If the feds wanted the Internet to be secure then they should have reigned in the spooks in the beginning.

minor edit... (1)

waddgodd (34934) | about 8 months ago | (#46863307)

you could have stopped after "explorer" and had just as valid a recommendation...

Kinda funny... (1)

Anonymous Coward | about 8 months ago | (#46863315)

... Internet Explorer 8 is the only authorized browser that my workplace (a government agency) lets us use.

we have to use "legacy mode" aka IE6 (1)

swschrad (312009) | about 8 months ago | (#46863363)

that pesky Visual Basic in all those hack apps...

Re:Kinda funny... (2)

tepples (727027) | about 8 months ago | (#46863551)

If your position does not require use of a browser, use no browser until it is repaired. If your position requires use of a browser, print out the advisory at home and show it to your supervisor.

Re:Kinda funny... (0)

Anonymous Coward | about 8 months ago | (#46864261)

We actually had a sit at my old job that was written specifically for IE (back in IE5 days)... if you hit it with another browser it would tell you that you needed to use IE to access it. (I think they finally retired/rewrote it entirely).

Too wordy (1)

CodeheadUK (2717911) | about 8 months ago | (#46863327)

About three words too many.

Convenient timing. (4, Insightful)

nurb432 (527695) | about 8 months ago | (#46863357)

Just in time for XP to go out of support for most people, now you get this 'well publicized' bug that wont get patched, in effect. I expect only the latest version of IE to be patched, which will NOT run on XP even if you wanted to.

Re:Convenient timing. (-1)

Anonymous Coward | about 8 months ago | (#46863511)

Care to cite any sources for this?
 
Just as I thought, some shithead gets modded up for something that's likely not true. When the evidence comes out contrary to n00b432's bullshit who's going to mod this bitch ass trick down?

Re:Convenient timing. (1)

Anonymous Coward | about 8 months ago | (#46863593)

How about MS's public statement that they've stopped providing security updates for XP as of earlier this month?

Re:Convenient timing. (2)

koreanbabykilla (305807) | about 8 months ago | (#46863647)

Care to cite any sources you have refuting this?

I was firmly under the impression XP updates are no more unless you are a huge company/government.

Source: http://windows.microsoft.com/e... [microsoft.com]

The solutions listed are:
"Upgrade" to win8.
Buy a new computer.

What the fuck makes you think they are 100% going to patch versions that work on XP?
I would even settle for why you believe it to be "likely not true"

Re:Convenient timing. (1)

viperidaenz (2515578) | about 8 months ago | (#46863843)

My assumption would be that they're going to patch the version that runs on Windows 2003, which is the same as the one that runs on XP.

Re:Convenient timing. (1)

nurb432 (527695) | about 8 months ago | (#46864007)

While it may happen, i wouldn't blindly assume that. They want people off 2003 as well.

Re:Convenient timing. (2)

triffid_98 (899609) | about 8 months ago | (#46864429)

I'm fairly sure that the corporate customers running 2003 might take exception to that, and by "take exception" of course we mean sue.

That OS doesn't officially EOL until next year.

Re:Convenient timing. (1, Insightful)

Ol Olsoc (1175323) | about 8 months ago | (#46864951)

Care to cite any sources you have refuting this?

I was firmly under the impression XP updates are no more unless you are a huge company/government.

Source: http://windows.microsoft.com/e... [microsoft.com]

The solutions listed are: "Upgrade" to win8. Buy a new computer."

Whoops - you missed a couple:

Buy a Mac

Run Linux

Go Chrome

FTFY

I could really give a Rat's ass if Microsoft blew up every OS they had, because Microsoft is on the fast track to being the outlier, the misfit, the non standard OS.

Writing programs for specific versions of IE is just the sort of short sighted stupidity that tells us that Microsoft shills are just what we think they are - incomparably unintelligent. Did these asshats think that the web and it's technology was going to magically stop at IE 6? Unforgivible, and almost criminally stupid.

Quick now, come back with your "installed user base meme" before it becomes irrelevant. Let us all now bow before the superior Microsoft Operating system before it goes the way of Zeus or Dagon, or the idea that we should all eat shit, because all those houseflies cannot be wrong.

Re:Convenient timing. (1)

viperidaenz (2515578) | about 8 months ago | (#46863825)

IE6, 7 and 8 will be patched for Windows Server 2003, which uses the same IE binaries.

Re:Convenient timing. (1)

edxwelch (600979) | about 8 months ago | (#46863925)

yeah and as no other browser works on XP, people have no choice but to ugrade :-O

Re:Convenient timing. (1)

nurb432 (527695) | about 8 months ago | (#46863935)

And some enterprise apps will choke on them, leaving your suggestion useless.

Re:Convenient timing. (1)

Tough Love (215404) | about 8 months ago | (#46864835)

Just in time for XP to go out of support for most people, now you get this 'well publicized' bug that wont get patched...

A rational observer would view that as borderline suicidal on Microsoft's part. I'm guessing that Satya will go the suicide route and I applaud.

Re:Convenient timing. (1)

Ol Olsoc (1175323) | about 8 months ago | (#46864957)

Just in time for XP to go out of support for most people, now you get this 'well publicized' bug that wont get patched...

A rational observer would view that as borderline suicidal on Microsoft's part. I'm guessing that Satya will go the suicide route and I applaud.

I'll bring the orange slices.

meanwhile, sensible people everywhere ... (0)

Anonymous Coward | about 8 months ago | (#46863359)

... avoid IE completely

Re:meanwhile, sensible people everywhere ... (1)

nurb432 (527695) | about 8 months ago | (#46863367)

And when your purchased app *requires* it.. ?

Don't buy garbage, or set UA header (1, Redundant)

raymorris (2726007) | about 8 months ago | (#46863437)

a) Don't buy garbage, stuff that works only in a specific version of a specific browser.

b) 90%+ plus, you can just set the user agent header in Seamonkey, Firefox, or Chrome to SAY it's IE and things work just fine.

Re:Don't buy garbage, or set UA header (3, Insightful)

tepples (727027) | about 8 months ago | (#46863579)

Don't buy garbage, stuff that works only in a specific version of a specific browser.

Three software products dominate a particular vertical market. When your employer chose to adopt one of these products, all three were garbage by your definition. Are you recommending that people in the affected industry resign en masse and retrain for a different industry?

90%+ plus, you can just set the user agent header in Seamonkey, Firefox, or Chrome to SAY it's IE and things work just fine.

Which works fine until an ActiveX control fails to load, or an IE-specific event listener fails to attach.

so you followed my suggestion. Example? (2)

raymorris (2726007) | about 8 months ago | (#46864193)

> When your employer chose to adopt one

If your employer did that before you arrived, or over your strong objections, then you followed my advice - you didn't buy garbage. Unfortunately someone else did.

However, I've dealt with a few different businesses and can't think of such a situation where all three leading solutions are ActiveX / IE only. I can think of one where for the GUI, you had to choose between ActiveX, Java, or a local client. A network CLI was also available. I'm curious what case you have in mind?

If I ddid run into a theoretical situation where a critical piece of software would rely on ActiveX, and therefore put the enterprise at the mercy of changing IE versions, I'd look at the broader picture and evaluate the business processes that are setting up that risk.

Re:Don't buy garbage, or set UA header (1)

nurb432 (527695) | about 8 months ago | (#46863917)

And once you get out of school, get a job, and move out of your mothers place, you will understand now the world actually works.

Until then, you only make yourself look stupid with those juvenile and clueless statements. Leave things to us adults.

sorry you screwed yourself (2)

raymorris (2726007) | about 8 months ago | (#46864253)

I'm sorry you got fucked. To avoid putting yourself in that situation again, you might want to do two things. First, recognise that vendor lock-in is a risk to the enterprise, and that risk has an accountable cost. When you choose to be locked into TWO vendors, the software vendor AND a supported version of IE, your risk is the multiple of two components.

Secondly, when you find yourself in a situation where such a risk seems unavoidable, broaden your perspective to look at the business processes that create that context. Perhaps there is no acceptable software that meets the defined requirements. In that case, you can take another look at the requirements from a broader enterprise perspective.

As you may know, I've been running businesses for 25 years, and we've NEVER put ourselves in the position of sole-vendor risk like that. It takes forethought, but it absolutely is possible to avoid that situation.

Re:Don't buy garbage, or set UA header (1)

Tough Love (215404) | about 8 months ago | (#46864849)

And once you [blah blah blah] you will understand now the world actually works

I thought it works on Android now? [phonearena.com]

Re:Don't buy garbage, or set UA header (1)

Ol Olsoc (1175323) | about 8 months ago | (#46864979)

And once you get out of school, get a job, and move out of your mothers place, you will understand now the world actually works.

Until then, you only make yourself look stupid with those juvenile and clueless statements. Leave things to us adults.

Well then, enjoy your Internet Explorer 6 app support and fully expect that you will be out of a job at some point because those people you are mandated to work for make really stupid decisions.

The world works a certain way for professional victims, and a different way for others. On one extreme there are people who won't put up with anything they don't like, and ther is your world. Neither work out well.

So if you have to shovel shit out of the sewers? Just be happy that you have a job, citizen. You will get just as much shit as you are willing to put up with.

Re:meanwhile, sensible people everywhere ... (0)

Anonymous Coward | about 8 months ago | (#46863615)

You are a sucker and it sucks to be you.

Internet Explorer? What's that? (1)

MindPrison (864299) | about 8 months ago | (#46863401)

I can't remember the last time I used IE(some version), seriously...I can't...must be like 8-10 years ago, or the numerous times I used a Windows computer...tried to follow an e-mail link that wanted me to use IE....when I denied it...just wanted to fire up my FireFox, so many times MS tried to force me to use IE, and I always ignored it because it never gave me what I want in the first place. Good riddance. RIP IE.

Re:Internet Explorer? What's that? (-1)

Anonymous Coward | about 8 months ago | (#46863631)

So you admit right off the bat that your experience is ENTIRELY irrelevant, and yet think that we need to hear anything else you have to say on the subject?

Way to add more useless noise to the conversation...

FYI: IE since version 9 is at least as capable, functional and secure as any other browser from a comparable timeframe.

-AC

Re:Internet Explorer? What's that? (1)

Tough Love (215404) | about 8 months ago | (#46864875)

I can't remember the last time I used IE(some version), seriously...I can't...must be like 8-10 years ago, or the numerous times I used a Windows computer...tried to follow an e-mail link that wanted me to use IE....when I denied it...just wanted to fire up my FireFox, so many times MS tried to force me to use IE, and I always ignored it because it never gave me what I want in the first place. Good riddance. RIP IE.

The only PC I saw lately where somebody habitually clicks the E instead of the Fox is completely malware ridden to the point of unusability. I figure, leave it that way, there's no point cleaning it up, it will be that way again in a day or two. Eventually I will stick in a new hard disk with Ubuntu on it and there will be no need to explain why it's better.

Don't forget this Flash 0-day (1)

trawg (308495) | about 8 months ago | (#46863415)

A 0-day for Adobe Flash was also patched today [krebsonsecurity.com] .

For some reason I had three different and separate updates I had to do to fix this:

1) Chrome automatically updated something and was running the latest version when I checked

2) The plugin that Firefox uses only seems to look for updates when I reboot. I found this guide [karlhorky.com] to trigger the update manually, which basically then resulted in it just opening a browser window & making me download an update .exe.

3) Even after that, IE still reported running the older version. I ran Windows Update manually and discovered there was an separate patch in there for Flash for IE.

Pretty awesome.

Re:Don't forget this Flash 0-day (1)

DMUTPeregrine (612791) | about 8 months ago | (#46865025)

IE uses an ActiveX plugin for Flash, Firefox uses an nsplugin, Chrome has it built in. So yes, three different flash plugins, and three ways to update.

Re:Don't forget this Flash 0-day (1)

Trax3001BBS (2368736) | about 8 months ago | (#46865249)

IE uses an ActiveX plugin for Flash, Firefox uses an nsplugin, Chrome has it built in. So yes, three different flash plugins, and three ways to update.

I've always seen the ActiveX as not installed

Flash Driver:
ActiveX Version: Not Installed
Plug-in Version : latest version

I show no default ActiveX running on my Win system other than
HHCtrl Object - hhctrl.ocx
Microsoft RPD Client Control - mstscax.dll ( Remote Desktop ActiveX control - go figure)
Which I've disabled.

And thanks for the word on the flash update, one of the requirements anymore, like it or not; I can't even access my router with out flash.

Some people don't care (2, Interesting)

Anonymous Coward | about 8 months ago | (#46863475)

AC because my boss reads /.

My boss, in all his good business instincts and mostly great technical attributes, insists on installing java and downgrading all computers to ie9 instead of going with 11. Now I know 11 had issues with compatibility from time to time, but I am hard pressed to believe that running ie9 with Java is a great way to stay virus free.

Then again we are in the small business and home user repair market maybe he is just trying to go for reoccurring client repairs

Re:Some people don't care (0)

ruir (2709173) | about 8 months ago | (#46863557)

I couldnt decide if I would mod you up funny or insightful. PHBs, I also had some in the past, from the jerk to the jerk who doesnt know anything which, or worse the jerk that knows a little, which is the most dangerous type of jerk, like you have it know. ;)

Re:Some people don't care (4, Interesting)

edman007 (1097925) | about 8 months ago | (#46863601)

Don't worry, I work in a government agency, IE8 is the only authorized browser (with java of course), and if you gained access to that computer you would have plenty of access to sensitive (but not classified) stuff.

Re:Some people don't care (1)

The New Guy 2.0 (3497907) | about 8 months ago | (#46864795)

Warning to IE8 fans... it goes away with Windows Vista, which is the next Windows OS to cross the "no longer supported" line like Windows XP did this month.

Incredible timing (-1)

Anonymous Coward | about 8 months ago | (#46863505)

Updates to the Mac mini and the MacBook Air are expected tomorrow. Time to switch!

nothing unusual imho (1)

callmetheraven (711291) | about 8 months ago | (#46863539)

could lead to "the complete compromise" of an affected system

= any browser that isn't Firefox+NoScript.

Left out of the commentary.. (0)

Anonymous Coward | about 8 months ago | (#46863597)

Is that Microsoft has already indicated that existing, fully-patched versions of IE 10 and 11 are immune to this attack if they have either a) activated Enhanced Security Configuration or b) installed EMET 4.1 or newer.

It's a little strange / odd that THAT little piece of information isn't getting included with most of the scare-mongering that's racing around the internet today... As for the XP idiots, wtf were people expecting?! -- Surely anyone with a brain would realise that malware producers would have been sitting on a cache of known vulnerabilities for the last half year or more KNOWING that after April 8th, legions of demonstrably idiotic XP users would be susceptible to such attacks FOREVER. How is anyone surprised that this kind of stuff would start cropping up after XP's end-of-life?

-AC

Re:Left out of the commentary.. (1)

mlts (1038732) | about 8 months ago | (#46863921)

Sadly, EMET isn't that often used. It really should be part of the OS and turned on by default similar to the NX protection. Then in a few OS revs, being active for all programs and not just IE, Office, and MS stuff. Other operating systems add security restrictions that are overall good for the ecosystem, but require major program changes left and right. Android's locking down of SD cards and SELinux set to enforce is one example.

I do know that XP does have support to some businesses and organizations. I wonder how long until those fixes wind up on the usual sites. IMHO, there is something ironic about having to pirate software to obtain security fixes.

Could they.... (2)

Moppusan (2837753) | about 8 months ago | (#46863741)

Couldn't they have just said "Don't use Internet Explorer, anytime, anywhere, ever?" That's so much easier.

Re:Could they.... (2)

Anomalyst (742352) | about 8 months ago | (#46863905)

Couldn't they have just said "Don't use Microsoft Products, anytime, anywhere, ever?" That's so much easier.

FTFY

Re:Could they.... (1)

viperidaenz (2515578) | about 8 months ago | (#46863931)

Except IE + EMET is the only browser configuration to never be exploited at pwn2own.

Firefox or Chrome (0)

Anonymous Coward | about 8 months ago | (#46863845)

Firefox or Chrome. Get either, install, don't ever go back, and suddenly 100 million viruses have no home. Seriously, how is it that people still use Internet Exploder? Crappy excuses like "oh my company needz it so bad, just so bad" means the people running the company don't have enough of a clue to run a company.

Re:Firefox or Chrome (0)

Anonymous Coward | about 8 months ago | (#46864243)

Heeey, guess what, it's TWENTY-FOURTEEN dude. Did someone freeze you in 2008 and you're just waking up?

Apparently so, since IE 10/11 w/ EMET are THE MOST SECURE browsers in the marketplace TODAY.

How about you jump back in the freezer and take your wildly anachronistic and inaccurate assumptions with you?

-AC

Re:Firefox or Chrome (0)

Anonymous Coward | about 8 months ago | (#46864409)

Firefox is notoriously bad for security, probably the worst of the lot. Look it up yourself. It's clear that anyone who still lambasts IE for being insecure while promoting FF is completely and utterly clueless about contemporary browser security issues.

Actual recommendation from US gov (1, Informative)

jader3rd (2222716) | about 8 months ago | (#46863907)

"US-CERT [us-cert.gov] recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds."
But don't confuse that with recommending not to use the browser.

Re:Actual recommendation from US gov (2)

whoever57 (658626) | about 8 months ago | (#46864607)

"US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds."

But don't confuse that with recommending not to use the browser.

Don't confuse a partial reading of the page with the full text, which goes on to say:

Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.

NSA hole becomes public (0)

Anonymous Coward | about 8 months ago | (#46863957)

Be in no doubt, Microsoft riddles their products with purposely coded exploits for the NSA, GCHQ and friends. At some point, an exploit (usually via Israeli Intelligence agents leaking knowledge of the hole, for profit, to their 'friends' in Ukrainian cyber-crime gangs) starts seeing use outside the West's intelligence community. Then, if the exploit is 'useful' enough, it becomes the tool of the dumber/down-market criminals and plain, outright vandals, at which time Microsoft issues a patch to close their hole (and introduce a bunch of new replacement holes, starting the cycle all over again).

There are programming practices that are forbidden at Microsoft, because they would limit the ability to exploit the OS and applications. Windows, especially Windows 8, is utterly broken by design. However, sadly, we have all recently seen how well the NSA can use its agents to build just-as-bad exploits into open-source solutions as well.

The NSA, GCHQ, and the Eugenicist Bill Gates, are a cancer on Human society. Gates' inBloom database system (developed in partnership with Rupert 'Fox News' Murdoch) was designed to track every aspect of every child's life in the USA. Gates has moved the inBloom project to the NSA FULL SURVEILLANCE computer facilities, and inBloom now draws its primary sources of data from NSA spying on computer systems used by individual schools (obviously, this is most straightforward and complete when schools use the fully compromised 'cloud' services to hold their private records).

At the same time, Bill Gates had his people issue LYING press releases describing how inBloom was being killed off. One can now assume the initial public nature of inBloom was a carefully devised strategy designed by Gates to 'prove' to senior politicians that such obscene spying MUST be done by the NSA in secret, to avoid public backlash.

Recommended browser for old XP machines? (1)

alexo (9335) | about 8 months ago | (#46863989)

What is the recommended free browser to install on an old XP machine, preferably along with an IE-like skin for the older generation?

Re:Recommended browser for old XP machines? (2)

SeaFox (739806) | about 8 months ago | (#46864025)

I'd say Firefox with Adblock Plus, so they wont get fooled by malicious ads on sites.

Re:Recommended browser for old XP machines? (0)

Ol Olsoc (1175323) | about 8 months ago | (#46865005)

What is the recommended free browser to install on an old XP machine, preferably along with an IE-like skin for the older generation?

Go here:

http://www.linuxmint.com/downl... [linuxmint.com] Download, burn an .iso disk, boot from it, and follow the instructions.

Free browser, a modern and free OS, and it just works.

Life is good.

World's smallest violin (1)

fibonacci8 (260615) | about 8 months ago | (#46864585)

playing my heart bleeds for you.

Sigh, another day another IE dilemma. (1)

Trax3001BBS (2368736) | about 8 months ago | (#46865215)

I don't allow Internet explorer to run, nor have I since Win 3.x. To do so is an equivalent of Russian roulette, it may be good today, but tomorrow it's in the news for a hack out a week ago.

My first use of IE was to log on to Microsoft. I went to the downloads, found a game that sounded good and downloaded it. Only it didn't download, it started installing itself; I unplugged the computer.

It went against everything I saw as safe hex. I know now it was due to ActiveX another bad news MS creation.

I went to Netscape, then to Opera (neither run ActiveX) - Now I guess FireFox as Opera has stepped out.

I use Winpatrol and disable all ActiveX (but two that are required for a game I play (for features I don't use)). My firewall is set to block IE (first thing I do), it will load but it can't cause any damage.

Why "until"? (1)

ignavus (213578) | about 8 months ago | (#46865239)

Just avoid Internet Explorer all the time.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?