pancakes

MicrostockGroup Sponsors


Author Topic: Major IE password vulnerability  (Read 6498 times)

0 Members and 1 Guest are viewing this topic.

lisafx

« on: December 17, 2008, 10:01 »
0
For anyone who hasn't seen this, apparently IE has a major security vulnerability that makes your passwords easy to steal.  Looks legitimate and not a hoax...

http://tech.yahoo.com/blogs/null/111811;_ylt=ApMBhBPpk3wqYLJGuzOz3ygazJV4


« Reply #1 on: December 17, 2008, 10:15 »
0
Are there people who still use IE?! Firefox rulz. hhh

« Reply #2 on: December 17, 2008, 10:32 »
0
Are there people who still use IE?! Firefox rulz. hhh

I do use IE and not intend to go back to FF.

« Reply #3 on: December 17, 2008, 11:36 »
0
I used Firefox for quite a while, but the latest release still seems a little buggy (it crashes every now and then) and is much slower.

I switched to Google Chrome and have been enjoying it very much.


lisafx

« Reply #4 on: December 17, 2008, 12:02 »
0
I mostly use FF, but sometimes there will be sites (often istock) that aren't working right in FF so I switch to IE. 

Won't be doing that now, though.  There are already (unrelated to this IE issue) plenty of cautionary tales from people who have had their microstock accounts hacked and royalties stolen. 

« Reply #5 on: December 17, 2008, 12:46 »
0
Lisa, security is more a social issue rather than technical.
FF is not more secure than IE (link) per se, it has just different issues.

Just be careful about what you visit, install a good antivirus (Avast Home is free for personal use), never install anything unless you know where it's coming from and someone else used it before you and you will be absolutely fine with any browser. The rest is down to IStock security processes, for example.

lisafx

« Reply #6 on: December 17, 2008, 12:58 »
0
Fran, did you read the article I linked?

FWIW I have been fairly internet savvy for over 10 years and already use all the precautions you have mentioned plus a number of additional, and I don't believe or pass along any of the myriad hoaxes and warnings floating all over the net. 

If you are not concerned, feel free to blow this off, but it seemed serious and credible enough to me after reading the article that it was worth mentioning. 

« Reply #7 on: December 17, 2008, 16:16 »
0
Fran, did you read the article I linked?

FWIW I have been fairly internet savvy for over 10 years and already use all the precautions you have mentioned plus a number of additional, and I don't believe or pass along any of the myriad hoaxes and warnings floating all over the net. 

If you are not concerned, feel free to blow this off, but it seemed serious and credible enough to me after reading the article that it was worth mentioning. 

Yes Lisa, I have. I'm a programmer myself (I mean, I've always been since I was 8... awww geek) and I know it's a credible threat, as credible as other less publicised (so even more dangerous!) for other browsers. What I'm saying is that to be protected, just keep doing what you've always been doing and use the browser you are more comfortable with. IE is not less secure than FF. The security level comes primarly from our own practices and not from the software we use.

On the other hand it'd be very dangerous to change browser, as the article suggests, feeling more secure and lowering our defences, if you see what I mean. On a more technical level, if you are running Vista with UAC on and with normal priviliges (not as Administrator) you are very well protected against this kind of attacks on any browser.
« Last Edit: December 17, 2008, 16:19 by Fran »

lisafx

« Reply #8 on: December 17, 2008, 16:33 »
0
Thanks for the more detailed explanation Fran. 

Unfortunately I do not have UAC enabled.  It is a monstrous PITA.

On the browsers, I have both Spy Sweeper and Regvac do daily sweeps of the computer and I always notice many more bugs detected after I have been surfing with IE vs. the amount present after using FF. 

Obviously as a programmer you know a lot more about this than I do, but I agree with you that good security practices are essential whatever system or browser you have.  Out of curiosity, do you work (directly or indirectly) for Microsoft? 

« Reply #9 on: December 17, 2008, 16:41 »
0
I worked for Microsoft Games Studios since they acquired the game team I was in years ago, till, well, now. But I'm finally moving to Germany to an independent game developer. I'm really not much for Big Corps.
I make videogames and not browsers though :D

As much as UAC is annoying, and it bloody is!, i strongly suggest to keep it on as much as possible, cause it's the best line of defence against malicious software.

« Reply #10 on: December 17, 2008, 17:14 »
0
What is UAC?  :-\

lisafx

« Reply #11 on: December 17, 2008, 17:30 »
0
What is UAC?  :-\


It's User Account Settings.  It is the part of the program that constantly pops up asking if you really want to do what you just told the computer you wanted to do. 

« Reply #12 on: December 17, 2008, 17:38 »
0
IE is not less secure than FF

While I agree with most of the statements that you made, I have to disagree with this one.

IE is less secure by the fact that it is the most prevalent browser.  More people use it and this makes more people interested in hacking it.

Hackers are not that interested in less known browsers, since they will not give them the "bang for the buck" that they are looking for.

« Reply #13 on: December 17, 2008, 17:45 »
0
Which is why I love Firefox on Mac. Doesn't seem to be many folks who are interested in hacking Macs. And please, I'm not saying it can't be hacked, just saying the incidents are pretty low. Oops, hope I just didn't jinx myself.  ::)

« Reply #14 on: December 17, 2008, 17:54 »
0
While I agree with most of the statements that you made, I have to disagree with this one.

IE is less secure by the fact that it is the most prevalent browser.  More people use it and this makes more people interested in hacking it.

Hackers are not that interested in less known browsers, since they will not give them the "bang for the buck" that they are looking for.


This is opening a can of worms. I'd agree with you if you say that IE is the most attacked browser cause it's the most popular at the moment, but this doesnt automatically translate in being less secure. A decent objective measure of "security" is the number of security holes found, or even, better, the number currently unresolved. In this metric FF is slightly "less secure" than IE cause there are more vulnerabilities currently opened. You could say that IE, though more attacked, has less vulnerabilities.
I tend to prefer IE under Vista cause it works in conjuction with Vista Protected mode and UAC to keep malicious software away from my system. But it doesn't really matter cause FF is a perfectly capable and good browser to work with. The biggest hole in security is by far between the PC and the chair. If the user says yes when asked to install a program with Administrator rights, there is no browser and no security measure that will help him.

« Reply #15 on: December 17, 2008, 19:06 »
0
It seems that MS has issued an emergency patch for this vulnerability:

http://www.microsoft.com/technet/security/advisory/961051.mspx

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Basically, if you run Windows Update, you should receive "Security Update for Internet Explorer (960714)", which patches this issue.

lisafx

« Reply #16 on: December 17, 2008, 20:26 »
0
It seems that MS has issued an emergency patch for this vulnerability:

http://www.microsoft.com/technet/security/advisory/961051.mspx

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Basically, if you run Windows Update, you should receive "Security Update for Internet Explorer (960714)", which patches this issue.


Thanks for the link.  Off to update windows... :)

« Reply #17 on: December 18, 2008, 15:09 »
0
I have Windows updating itself automatically, should this be a concern?  I entered Windows Update site, and it shows me two .NET updates as high priority.  The others are optional.

Regards,
Adelaide

WarrenPrice

« Reply #18 on: December 18, 2008, 15:24 »
0
I've been following the IE problem since it was announced.  My computer has updated but I still have concerns.  Both my computers have gone a bit wierd. 

I'm only a little savvy about computers ... enough to really screw something up.  Is there any such thing as "half smart?"   :-\

Warren


 

Related Topics

  Subject / Started by Replies Last post
3 Replies
4858 Views
Last post September 15, 2008, 12:26
by Karimala
11 Replies
7324 Views
Last post August 10, 2010, 18:01
by donding
0 Replies
1803 Views
Last post July 10, 2012, 20:09
by sweetgirll
20 Replies
5068 Views
Last post July 20, 2013, 12:28
by Imagenomad
6 Replies
5103 Views
Last post February 06, 2014, 01:07
by ArenaCreative

Sponsors

Mega Bundle of 5,900+ Professional Lightroom Presets

Microstock Poll Results

Sponsors