Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: NEW ALERT Serious security flaw in IE

GUEST,punkfolkrocker 16 Dec 08 - 06:56 AM
treewind 16 Dec 08 - 07:14 AM
The Villan 16 Dec 08 - 08:21 AM
alex s 16 Dec 08 - 08:28 AM
JohnInKansas 16 Dec 08 - 09:42 AM
GUEST 16 Dec 08 - 10:08 AM
JohnInKansas 16 Dec 08 - 05:47 PM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:




Subject: NEW ALERT Serious security flaw in IE
From: GUEST,punkfolkrocker
Date: 16 Dec 08 - 06:56 AM

latest from BBC news this morning:

http://news.bbc.co.uk/1/low/technology/7784908.stm


"Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it. "


I've scanned forum quick in case of duplication before posting this,
but could not find any prior notice.
If this is already posted here somewhere delete as apropriate....

I've just downloaded 8 Microsoft updates, but am obviously not too certain if there are more to follow in next few days..!!??


Post - Top - Home - Printer Friendly - Translate

Subject: RE: NEW ALERT Serious security flaw in IE
From: treewind
Date: 16 Dec 08 - 07:14 AM

More details at The Register. The problem's been known about for a week or two, but exploits are on the increase.

Anahata
(Posting relatively safely through Google Chrome)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: NEW ALERT Serious security flaw in IE
From: The Villan
Date: 16 Dec 08 - 08:21 AM

Ive got google chrome as my back up browser. Maybe I will switch for a while.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: NEW ALERT Serious security flaw in IE
From: alex s
Date: 16 Dec 08 - 08:28 AM

It's real all right. I use Mozilla Firefox.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: NEW ALERT Serious security flaw in IE
From: JohnInKansas
Date: 16 Dec 08 - 09:42 AM

There's little info on just how serious a threat this is to most of us likely to be here.

It appears that nearly all attacks have been in China, Taiwan, and other Asian areas, but of course reports are that it has been "growing" quite rapidly. Reports indicate that a server in Taiwan has been the most prolific "propagator."

A couple of reports have indicated that the "payload" downloaded by all known successful exploits is aimed at finding "access codes" for game programs, but it is warned that other exploits could appear.

McAfee, and others, indicate that the payload signature seen thus far is blocked/removed by their AV programs, and that the actual trojan being used in the exploits thus far seen is several years old (ca. 2005). Most sites offering this assurance add the obligatory warning that new payloads could use the exploit.

Microsoft suggests that if you're concerned you should set security in IE to High (Tools|Internet Options, Security Tab, in Internet Zone push the slider all the way to the top. You should also be sure that there's a check in the box for "Enable Protected Mode").

Setting the security level to high may give you lots of warnings and requests for permissions on some sites, but you can eliminate those for sites you really trust by adding them to the "Trusted Sites" list (Tools|Internet Options|Privacy tab, Sites button).

IF YOU SET THE SECURITY LEVEL UP to maximum, you'll want to add two Microsoft sites to the trusted list or you won't get updates:

*.windowsupdate.microsoft.com

and

*.update.microsoft.com

(Both of these will appear with "Always Allow" in the sites box as microsoft.com, but you're advised to add them each separately, as indicated, by the Microsoft IT bulletin.)

The security setting is indicated by Microsoft as "mitigating" the threat, but is not a full prevention. Several alternative "other actions" are described, but I'm not sure that the descriptions are likely to be sufficiently clear for many users to implement them easily, or to turn them off if/when they're no longer needed. Warnings of "reduced functionality" come with each of the alternatives.

It appears that the threat is currently fairly minimal for those with good AV and a good firewall; but nobody - that I've found thus far - really is willing to give much of an assurance on that.

If there's a real concern, you can take a look at the

KB article for Users

and/or the

advisory for IT professionals.

It is indicated that any one of the alternate methods is sufficient, but (IMO) most users will have difficulty deciding which to use, and as yet there is little real guidance for the non-professional user like most of us.

A significant vulnerability, but with fewer known exploits at the time of the notes, was reported for Firefox about the middle of last week, and I've seen no reports of a patch issued for it either. (As I don't use it, I might have missed the solution.) If you decide to use it instead of IE, checking for latest version and updates would be a good idea, perhaps.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: NEW ALERT Serious security flaw in IE
From: GUEST
Date: 16 Dec 08 - 10:08 AM

Linux with Firefox is the answer and they're both free!!!

Peace,
Ed


Post - Top - Home - Printer Friendly - Translate

Subject: RE: NEW ALERT Serious security flaw in IE
From: JohnInKansas
Date: 16 Dec 08 - 05:47 PM

MSNBC has just posted an announcement that Microsoft will begin distributing a patch for this vulnerability on Wednesday (tomorrow) as an out of sequence emergency update.

Windows users receiving automatic updates should get it without any requirement to take any action - if you can avoid infection for another day or so.

Note: I haven't confirmed the distribution directly from any of the Microsoft security sites, but the MSNBC news should be reliable.

John


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 24 February 3:37 PM EST

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.