Urgent Message - Don't Use IE (Internet Explore) Browser, Security flaw in Internet Explorer still not fixed

3 views
Skip to first unread message

Aung Kyaw Myo

unread,
Dec 16, 2008, 11:13:06 AM12/16/08
to Burma_Informat...@yahoogroups.com.au, burmane...@yahoogroups.com, burmese_students_l...@yahoogroups.com, Burmesestu...@yahoogroups.com, club...@yahoogroups.com, Democracy...@yahoogroups.com.au, democrac...@yahoogroups.co.uk, free...@yahoogroups.com, imc-bur...@lists.indymedia.org, imc-...@lists.indymedia.org, MAYK...@listserv.indiana.edu, mm_profess...@yahoogroups.com, mon...@yahoogroups.com, myanmar_i...@yahoogroups.com, myanmarco...@yahoogroups.com, Myanm...@yahoogroups.com, myanmarinforma...@yahoogroups.com, myanmarlin...@yahoogroups.com, Myanmar...@googlegroups.com, NLDmembrsnSupporte...@yahoogroups.com, NYPMyanma...@yahoogroups.com, sycb...@yahoogroups.com, ThanLwin...@yahoogroups.com, tpmyanma...@yahoogroups.com, WOMEN_LEAG...@yahoogroups.com

http://myanmarisp.com/20080816/ICTN/ictnews0108/

Security flaw in Internet Explorer still not fixed |

Experts Say To Switch Browsers In Light of IE Vulnerability

Users of all current versions of Microsoft Corp.'s Internet Explorer browser might be vulnerable to having their computers hijacked because of a serious security hole in the software that had yet to be fixed Monday.

Security flaw in Internet Explorer still not fixed | Experts Say To Switch Browsers In Light of IE Vulnerability

Security flaw in Internet Explorer still not fixed. Experts Say To Switch Browsers In Light of IE Vulnerability.


Last Updated: Tuesday, December 16, 2008 | 8:30 AM ET
The Associated Press

The flaw lets criminals commandeer victims' machines merely by tricking them into visiting web sites tainted with malicious programming code. As many as 10,000 sites have been compromised since last week to exploit the browser flaw, according to antivirus software maker Trend Micro Inc.


The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the black market. However, the hole is such that it could be "adopted by more financially motivated criminals for more serious mayhem — that's a big fear right now," Paul Ferguson, a Trend Micro security researcher, said Monday.


"Zero-day" vulnerabilities like this are security holes that haven't been repaired by the software makers. They're a gold mine for criminals because users have few ways to fight off attacks.


The latest vulnerability is noteworthy because Internet Explorer is the default browser for most of the world's computers. Also, while Microsoft says it has detected attacks only against Version 7 of Internet Explorer, which is the most widely used edition, the company warned that other versions are also potentially vulnerable.


Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates, but declined further comment. The company is telling users to employ a series of complicated workarounds to minimize the threat.


Many security experts, meanwhile, are urging Internet Explorer users to use another browser until a patch is released.


It appears that the exploit in IE briefly mentioned a few days ago is causing a serious reaction: SteveAU writes


"Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched. The flaw, which affects all versions of Microsoft Internet Explorer, is manifested via malware and has infected over 6000 sites thus far. Microsoft states: 'The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.'" According to the BBC report, though, Microsoft itself is only asking that users be "vigilant while it investigated and prepared an emergency patch"; it's outside experts who say to dump IE (at least for now).


Source : CBC News & Slashdot News


--
Office Manager
Burma Information Technology Team (BIT)
1st Floor, WZ - 109, Bodhella Village, Vikaspuri
New Delhi - 110018, Inida.
www.MyanmarISP.com
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages