ANOTHER Internet Explorer Flaw Found

[Phantasm66]

You have to be kidding me on? Do they purposefully put these things in, or something....?? More IE problems:

"Microsoft on Friday released a fix that's designed to protect computers from one of three flaws that, together, could be used to digitally slip past a PC's security through the browser. This weekend, however, a security researcher identified another flaw that could serve the same purpose and that isn't fixed by Microsoft's patch."

Apparently the fixes by Microsoft only address a part of the problem, and that Microsoft have acknowledged the latest issue and said more fixes would be forthcoming.

 

[Phantasm66]

Originally posted by Phantasm66
This weekend, however, a security researcher identified another flaw that could serve the same purpose and that isn't fixed by Microsoft's patch.

Could you shout that a little louder please? I think there were some virus writers and crackers who didn't quite hear the details of this next exploit properly!

I do stop and wonder what's worse - Microsoft with all of these crap problems with IE or security experts finding the problems and posting instructions on how to re-create them where 13 year olds can find them?!?!

 

[Strakian]

It's like the News when they do "terror security reports"...

'if they attacked here we'd all be helpless and crippled for months, all they'd need is a bomb of some sort in location A during the weekday...'

We're one of the few countries that is too busy telling everyone to be afraid of stuff whilst telling the people who shouldn't know how to take advantage of something they probably never thought about.

 

[Federelli]

Making a vulnerability even more vulnerable... god.

 

[Unregistered]

I don't use IE... but I did want to put a little perspective on this.

It shouldn't be a shock that IE gets patched for security issues on an extremely regular basis. It is the biggest target. Other browsers benefit from "security through obscurity". It's not worth a hacker's time to write code that takes advantage of a vulnerability in Opera simply because there are so few people using it. All things being equal, IE is likely no more or less a security risk than any other browser. It's just the biggest target.

 

[DigitAlex]

It's not sufficient. What makes IE a target worth hacking is that it is part of the operating system and it makes it a huge door wide open to access the underlying system. A browser such as Mozilla, Opera or Firefox is not tied to the OS and is not using the same COM objects as those used by the OS...

 

[Didou]

Originally posted by Unregistered
I don't use IE... but I did want to put a little perspective on this.

It shouldn't be a shock that IE gets patched for security issues on an extremely regular basis. It is the biggest target. Other browsers benefit from "security through obscurity". It's not worth a hacker's time to write code that takes advantage of a vulnerability in Opera simply because there are so few people using it. All things being equal, IE is likely no more or less a security risk than any other browser. It's just the biggest target.

It has been said allready that IE no longer accounts for 95% of the browser market. Rick had some more recent numbers in this thread (Time to Dump Internet Explorer)

Originally posted by Rick
Browser Trends
Browser trends is important information. What you can read from the statistics below, is that Internet Explorer 6 is the dominating browser, XP is the most popular operating system, and most users are using a display with 800x600 pixels or more, with a color depth of at least 65K colors.


--------------------------------------------------------------------------------

Browser Statistics

IE6 - 72.8%
IE5 - 8.6%
Opera 7 - 2.3%
Mozilla - 11.4%
Netscape Navigator 3 - 0.3%
Netscape Navigator 4 - 0.3%
Netscape Navigator 7 - 1.4%

Browsers that count for less than 0.5% are not listed.

--------------------------------------------------------------------------------

OS Platform Statistics
Current trend is that Windows XP is growing fast. The windows family counts for more than 90%:

2004 Win XP W2000 Win 98 Win NT Win 95 Linux Mac
Windows XP - 51.2%
Windows 2000 - 29.6%
Windows 98 - 8.0%
Windows NT - 2.0%
Windows 95 - 0.3%
Linux - 2.9%
Macintosh - 2.5%

Platforms that count for less than 0.5% are not listed.

--------------------------------------------------------------------------------

Display Resolution
The current trend is that more and more computers are using a screen size of 1024x768 pixels:

2004 Higher 1024x768 800x600 640x480 Unknown
Higher than 1024x768 - 10%
1024x768 - 47%
800x600 - 37%
640x480 - 1%
Uknown - 5%

Developers be aware: Many users still have only 800x600 display screens

Those numbers are also skewed in the sense that many times, even though certain browser can display the pages properly, certain sites will display a "toned down" version if the browser identifies as anything other then IE. They tend have to spoof sites into believing that they actually are IE & that can leade to more numbers for IE in the stats.

 

[Phantasm66]

Wednesday, July 07, 2004
What To Do About IE?
By Mary Jo Foley

Should IT shops simply give up the security battle and replace Internet Explorer (IE) with Firefox or some other browser? Or should they simply attempt to follow Microsoft's (and CERT's) guidance and disable ActiveX and Active Scripting? While more folks are discussing whether or not to dump IE, enterprise users and IT shops are reluctant to change horses, primarily because of their reliance on IE-specific intranet applications and sites.

http://www.microsoft-watch.com/article2/0,1995,1620502,00.asp