Microsoft confirms IE zero-day behind Google attack

[Alias]

<http/www.computerworld.com/s/article/9144938/Microsoft_confirms_IE_zero_day_behind_Google_attack>

Do you use IE? DON'T!

--
Alias

 

[Frank]

Alias wrote:
> <http/www.computerworld.com/s/article/9144938/Microsoft_confirms_IE_zero_day_behind_Google_attack>
>
>
> Do you use IE? DON'T!
>
Read the article you STUPID MORON!

"...The only encouraging news is that there are tools that protect Vista
and Windows 7 on IE7 and newer, so that an exploit would crash [those
browsers] rather than allow code execution."

You're posting in a Windows 7 ng you IDIOT where the default version of
IE is 8.
Oops!

Oh and I see you're cross posting to comp.os.linux.advocacy, that den of
MS hate mongers.

 

[Kerry Brown]

The code used in the attack is only effective against IE6 and possibly IE7
and 8 on computers running XP SP2 or older OS's. It's also possible that if
someone deliberately relaxed the security way beyond what would be
considered normal that newer OS's with newer versions of IE may be affected.

http://blogs.zdnet.com/Bott/?p=1645

I'd say the message here is to keep things up to date and don't relax
security in the name of convenience. You'd have to be a couple years behind
on updates or an idiot to be affected by this. It's mind boggling that the
companies that got hacked are that mindless about updates. The story that's
slowly emerging is that there were probably several different methods used
to penetrate their security.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/


"Alias" <Alias@nospam.com.invalid> wrote in message
news:hisqqp$lau$1@news.eternal-september.org...
> <http/www.computerworld.com/s/article/9144938/Microsoft_confirms_IE_zero_day_behind_Google_attack>
>
> Do you use IE? DON'T!
>
> --
> Alias

 

[Chris Ahlstrom]

Frank pulled this Usenet boner:

> Oh and I see you're cross posting to comp.os.linux.advocacy, that den of
> MS hate mongers.

MS does a fine job of mongering MS hate on its own.

http://www.groklaw.net/staticpages/index.php?page=2005010107100653

Microsoft Litigation

Please note that this is not a complete list, and if you have other cases
you'd like to have included, please let us know. You can click on the
email icon to email PJ. Thank you.

--
Time to be aggressive. Go after a tattooed Virgo.

 

[Enkidu]

Kerry Brown wrote:

> You'd have to be a couple years behind
> on updates or an idiot to be affected by this.

Is there a shortage of computers a couple of years behind on updates or
of idiots?
--
Enkidu

 

[Ezekiel]

"Enkidu" <enkidu@nogodhere.net> wrote in message
news:20100116172902.3320.80961.XPN@nogodhere.net...
> Kerry Brown wrote:
>
>> You'd have to be a couple years behind
>> on updates or an idiot to be affected by this.
>
> Is there a shortage of computers a couple of years behind on updates or
> of idiots?

It's reported that the hacked computers were still running IE 6. They didn't
even upgrade to IE7 let alone IE8 and they've only had over 3 years to
upgrade.

Internet Explorer 7 was released on October 18, 2006. How secure is a 3+
year old install of Firefox????

 

[Frank]

Chris Ahlstrom wrote:
> Frank pulled this Usenet boner:
>
>> Oh and I see you're cross posting to comp.os.linux.advocacy, that den of
>> MS hate mongers.
>
> MS does a fine job of mongering MS hate on its own.
>
> http://www.groklaw.net/staticpages/index.php?page=2005010107100653
>
> Microsoft Litigation
>
> Please note that this is not a complete list, and if you have other cases
> you'd like to have included, please let us know. You can click on the
> email icon to email PJ. Thank you.
>
Thanks for proving my point, you MS hate filled linturd asshole loser.

 

[Frank]

Ezekiel wrote:
> "Enkidu" <enkidu@nogodhere.net> wrote in message
> news:20100116172902.3320.80961.XPN@nogodhere.net...
>> Kerry Brown wrote:
>>
>>> You'd have to be a couple years behind
>>> on updates or an idiot to be affected by this.
>> Is there a shortage of computers a couple of years behind on updates or
>> of idiots?
>
> It's reported that the hacked computers were still running IE 6. They didn't
> even upgrade to IE7 let alone IE8 and they've only had over 3 years to
> upgrade.
>
> Internet Explorer 7 was released on October 18, 2006. How secure is a 3+
> year old install of Firefox????
>
>
>
>
>
>
Like a sieve!...LOL!

 

[Enkidu]

Ezekiel wrote:

>
> "Enkidu" <enkidu@nogodhere.net> wrote in message
> news:20100116172902.3320.80961.XPN@nogodhere.net...
>> Kerry Brown wrote:
>>
>>> You'd have to be a couple years behind
>>> on updates or an idiot to be affected by this.
>>
>> Is there a shortage of computers a couple of years behind on updates or
>> of idiots?
>
> It's reported that the hacked computers were still running IE 6. They didn't
> even upgrade to IE7 let alone IE8 and they've only had over 3 years to
> upgrade.
>
> Internet Explorer 7 was released on October 18, 2006. How secure is a 3+
> year old install of Firefox????

You are correct. But saying the problem wouldn't exist except for
unpatched systems in worthless . . . there are unpatched systems now,
there have been as long as the internet has been open to the public, and
there always will be.

Letting developers off the hook for writing shitty insecure software
doesn't help anyone. Granny shouldn't have to know to disable java in
Adobe Reader or any of a thousand other stupid holes developers have
left open. The developers should be liable for the damages their
software errors cause.

Would you accept it as "just life" if your car stopped working at 10,000
miles because the odometer buffer overflowed? Why is softeware treated
differently?

--
Enkidu

 

[Enkidu]

Frank wrote:

>> MS does a fine job of mongering MS hate on its own.
>>
>> http://www.groklaw.net/staticpages/index.php?page=2005010107100653
>>
>> Microsoft Litigation
>>
>> Please note that this is not a complete list, and if you have other cases
>> you'd like to have included, please let us know. You can click on the
>> email icon to email PJ. Thank you.
>>
> Thanks for proving my point, you MS hate filled linturd asshole loser.

You had a point? What was it?

--
Enkidu

 

[Conor]

In article <20100116190600.4260.6543.XPN@nogodhere.net>, Enkidu says...

> Letting developers off the hook for writing shitty insecure software
> doesn't help anyone. Granny shouldn't have to know to disable java in
> Adobe Reader or any of a thousand other stupid holes developers have
> left open. The developers should be liable for the damages their
> software errors cause.
>
Does that include the Linux devs as well?

> Would you accept it as "just life" if your car stopped working at 10,000
> miles because the odometer buffer overflowed? Why is softeware treated
> differently?

Because a car only has 1500 or so parts, not millions. It is far more
simpler. It also doesn't have hundreds of thousands of people
deliberately trying to break it for personal monetary gain.



--
Conor
www.notebooks-r-us.co.uk

I'm not prejudiced. I hate everybody equally.

 

[Frank]

Enkidu wrote:
> Frank wrote:
>
>>> MS does a fine job of mongering MS hate on its own.
>>>
>>> http://www.groklaw.net/staticpages/index.php?page=2005010107100653
>>>
>>> Microsoft Litigation
>>>
>>> Please note that this is not a complete list, and if you have other cases
>>> you'd like to have included, please let us know. You can click on the
>>> email icon to email PJ. Thank you.
>>>
>> Thanks for proving my point, you MS hate filled linturd asshole loser.
>
> You had a point? What was it?
>
You didn't even have to duck in order to miss that one!
Oops!

 

[Enkidu]

Conor wrote:

> In article <20100116190600.4260.6543.XPN@nogodhere.net>, Enkidu says...
>
>> Letting developers off the hook for writing shitty insecure software
>> doesn't help anyone. Granny shouldn't have to know to disable java in
>> Adobe Reader or any of a thousand other stupid holes developers have
>> left open. The developers should be liable for the damages their
>> software errors cause.
>>
> Does that include the Linux devs as well?

It's hard to get a refund for something you didn't pay for in the first
place. Use free software, caveat emptor. If somebody gives me a free
car, I'm on weak ground complaining about problems with it. If I pay
for it, I wound't expect the warrenty to say "You bought it, you own it,
and anything that goes wrong is your problem, sucker!"

So, yes . . . if you buy Red Hat or any other commercial distribution,
you should have recourse it it's bug-ridden. It should be suitable for
it's advertised use.

--
Enkidu

 

[Death]

Alias wrote:

> <htp/www.computerworld.com/s/article/Microsoft_confirms_IE_zero_day_behind_Google_attack>
>
> Do you use IE? DON'T!
>

http://packages.ubuntu.com/karmic/gnome-games

--

Vita brevis breviter in brevi finietur,
Mors venit velociter quae neminem veretur.

 

[Kerry Brown]

"Enkidu" <enkidu@nogodhere.net> wrote in message
news:20100116190600.4260.6543.XPN@nogodhere.net...
> Ezekiel wrote:
>
>>
>> "Enkidu" <enkidu@nogodhere.net> wrote in message
>> news:20100116172902.3320.80961.XPN@nogodhere.net...
>>> Kerry Brown wrote:
>>>
>>>> You'd have to be a couple years behind
>>>> on updates or an idiot to be affected by this.
>>>
>>> Is there a shortage of computers a couple of years behind on updates or
>>> of idiots?
>>
>> It's reported that the hacked computers were still running IE 6. They
>> didn't
>> even upgrade to IE7 let alone IE8 and they've only had over 3 years to
>> upgrade.
>>
>> Internet Explorer 7 was released on October 18, 2006. How secure is a
>> 3+
>> year old install of Firefox????
>
> You are correct. But saying the problem wouldn't exist except for
> unpatched systems in worthless . . . there are unpatched systems now,
> there have been as long as the internet has been open to the public, and
> there always will be.
>
> Letting developers off the hook for writing shitty insecure software
> doesn't help anyone. Granny shouldn't have to know to disable java in
> Adobe Reader or any of a thousand other stupid holes developers have
> left open. The developers should be liable for the damages their
> software errors cause.
>
> Would you accept it as "just life" if your car stopped working at 10,000
> miles because the odometer buffer overflowed? Why is softeware treated
> differently?
>

Your analogy is flawed. Installing updates is normal maintenance for a
computer. If you neglected normal maintenance on a car it would not last as
long as it should. You would end up in a dangerous situation when the brake
pads, tires, and suspension wore out. Your engine may seize because the oil
was never changed. You may end up stranded on the side of the road because
the spark plugs were never changed. You would experience many problems, some
serious, some not, because you neglected to maintain the car. Cars have been
around over 100 years now. The technology and best practices are well
understood by the manufacturers. Software development is still in the
immature stages. In the early days of automobile manufacturing many
independent horse carriage manufacturers and even enterprising home based
inventors tried building cars. Some were more successful than others. None,
even the well established, very large manufacturers had trouble free cars.
That's the stage we're at with software development. I'd guess if you had to
compare the two software development would compare to auto manufacturing in
the 1930's or 1940's. Even today cars still need maintenance, not as often
but the need is still there. Just as with software I don't think it will
ever go away.

--
Kerry Brown

 

[Frank]

Kerry Brown wrote:
>
> "Enkidu" <enkidu@nogodhere.net> wrote in message
> news:20100116190600.4260.6543.XPN@nogodhere.net...
>> Ezekiel wrote:
>>
>>>
>>> "Enkidu" <enkidu@nogodhere.net> wrote in message
>>> news:20100116172902.3320.80961.XPN@nogodhere.net...
>>>> Kerry Brown wrote:
>>>>
>>>>> You'd have to be a couple years behind
>>>>> on updates or an idiot to be affected by this.
>>>>
>>>> Is there a shortage of computers a couple of years behind on updates or
>>>> of idiots?
>>>
>>> It's reported that the hacked computers were still running IE 6. They
>>> didn't
>>> even upgrade to IE7 let alone IE8 and they've only had over 3 years to
>>> upgrade.
>>>
>>> Internet Explorer 7 was released on October 18, 2006. How secure is
>>> a 3+
>>> year old install of Firefox????
>>
>> You are correct. But saying the problem wouldn't exist except for
>> unpatched systems in worthless . . . there are unpatched systems now,
>> there have been as long as the internet has been open to the public, and
>> there always will be.
>>
>> Letting developers off the hook for writing shitty insecure software
>> doesn't help anyone. Granny shouldn't have to know to disable java in
>> Adobe Reader or any of a thousand other stupid holes developers have
>> left open. The developers should be liable for the damages their
>> software errors cause.
>>
>> Would you accept it as "just life" if your car stopped working at 10,000
>> miles because the odometer buffer overflowed? Why is softeware treated
>> differently?
>>
>
> Your analogy is flawed. Installing updates is normal maintenance for a
> computer. If you neglected normal maintenance on a car it would not last
> as long as it should. You would end up in a dangerous situation when the
> brake pads, tires, and suspension wore out. Your engine may seize
> because the oil was never changed. You may end up stranded on the side
> of the road because the spark plugs were never changed. You would
> experience many problems, some serious, some not, because you neglected
> to maintain the car. Cars have been around over 100 years now. The
> technology and best practices are well understood by the manufacturers.
> Software development is still in the immature stages. In the early days
> of automobile manufacturing many independent horse carriage
> manufacturers and even enterprising home based inventors tried building
> cars. Some were more successful than others. None, even the well
> established, very large manufacturers had trouble free cars. That's the
> stage we're at with software development. I'd guess if you had to
> compare the two software development would compare to auto manufacturing
> in the 1930's or 1940's. Even today cars still need maintenance, not as
> often but the need is still there. Just as with software I don't think
> it will ever go away.
>
Well stated Kerry.

 

[Ezekiel]

"Enkidu" <enkidu@nogodhere.net> wrote in message
news:20100116193303.4260.49478.XPN@nogodhere.net...
> Conor wrote:
>
>> In article <20100116190600.4260.6543.XPN@nogodhere.net>, Enkidu says...
>>
>>> Letting developers off the hook for writing shitty insecure software
>>> doesn't help anyone. Granny shouldn't have to know to disable java in
>>> Adobe Reader or any of a thousand other stupid holes developers have
>>> left open. The developers should be liable for the damages their
>>> software errors cause.
>>>
>> Does that include the Linux devs as well?
>
> It's hard to get a refund for something you didn't pay for in the first
> place. Use free software, caveat emptor.

I see. So now you've started moving goalposts. Because until now there was
no mention about what the cost of the software is. It was simply 'developers
should be liable for the damages their software errors cause.' So you don't
really care if *developers* are liable - only developers who charge for
their software. In your world as long as the software costs nothing then
it's perfectly okay if it creates havoc. There's no responsibility at all on
the part of the developers.

 

[Conor]

In article <20100116193303.4260.49478.XPN@nogodhere.net>, Enkidu says...
>
> Conor wrote:
>
> > In article <20100116190600.4260.6543.XPN@nogodhere.net>, Enkidu says...
> >
> >> Letting developers off the hook for writing shitty insecure software
> >> doesn't help anyone. Granny shouldn't have to know to disable java in
> >> Adobe Reader or any of a thousand other stupid holes developers have
> >> left open. The developers should be liable for the damages their
> >> software errors cause.
> >>
> > Does that include the Linux devs as well?
>
> It's hard to get a refund for something you didn't pay for in the first
> place.

And? That doesn't excuse it. It is even less excusable considering that
open source is supposed to have everyone able to look at the code.

--
Conor
www.notebooks-r-us.co.uk

I'm not prejudiced. I hate everybody equally.

 

[bbgruff]

Ezekiel wrote:

>
> "Enkidu" <enkidu@nogodhere.net> wrote in message
> news:20100116172902.3320.80961.XPN@nogodhere.net...
>> Kerry Brown wrote:
>>
>>> You'd have to be a couple years behind
>>> on updates or an idiot to be affected by this.
>>
>> Is there a shortage of computers a couple of years behind on updates or
>> of idiots?
>
> It's reported that the hacked computers were still running IE 6. They
> didn't even upgrade to IE7 let alone IE8 and they've only had over 3 years
> to upgrade.
>
> Internet Explorer 7 was released on October 18, 2006. How secure is a 3+
> year old install of Firefox????

I think that perhaps you are overlooking a couple of points.

I seem to recall that one of the reasons (the main reason) that there are so
many instances of I.E.6 around still is that I.E.6 is still used by a large
number of corporations. In fact, I.E.6 still accounts for 21% of ALL
browser use, and that is roughly one third of all MS Browser use.
http://marketshare.hitslink.com/browser-market-share.aspx?qprid=2

I don't believe that the situation is likely to change soon, in that the
reason is "lock in". A lot of those companies have intranet applications
which *only* work on I.E.6, and they are stuck with it for a long time yet,
much as South Korea is stuck with I.E. for its banking.

In addition, we should perhaps remember that these attacks were very
specific and targetted. It is *corporations* that they were directed
against - and it is there that the greatest concentration of I.E.6 installs
lies.

One could (I suppose) argue that this could have happened via *any* browser,
had such a vulnerability been found there? It seems to me though that
there are two items coming into play, one being the vulnerability of the
browser (I.E.), and the other the ability to exploit the OS (Windows) into
executing the downloaded malware.
One thing I think is for sure - *diversity* of browsers and of OSs would
be/is a great help in these things.

Finally, this is the very thing which I understand the upcoming Google
Chrome OS is being designed to put a stop to!


From what I have read, I also suspect that you are placing a great deal of
faith in the newer versions (and patches to) I.E. The Bonn government (for
example) does not seem to share your conviction.

 

[Enkidu]

Conor wrote:

> In article <20100116193303.4260.49478.XPN@nogodhere.net>, Enkidu says...
>>
>> Conor wrote:
>>
>> > In article <20100116190600.4260.6543.XPN@nogodhere.net>, Enkidu says...
>> >
>> >> Letting developers off the hook for writing shitty insecure software
>> >> doesn't help anyone. Granny shouldn't have to know to disable java in
>> >> Adobe Reader or any of a thousand other stupid holes developers have
>> >> left open. The developers should be liable for the damages their
>> >> software errors cause.
>> >>
>> > Does that include the Linux devs as well?
>>
>> It's hard to get a refund for something you didn't pay for in the first
>> place.
>
> And? That doesn't excuse it. It is even less excusable considering that
> open source is supposed to have everyone able to look at the code.

And yet, Linux *is* more stable than Windows. Do you know anyone who has
a Windows box running for a year without a reboot?
--
Enkidu