Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Thread beginning with comment 404791
To view parent comment, click here.
To read all comments associated with this story, please click here.
abraxas
Member since:
2005-07-07

Good luck getting through DEP, ASLR, and protected mode.

Since Vista's inception, it hasn't been cracked.


Not true. All three have been circumvented at some point. Apparently the randomization on Vista wasn't that random because of too little entropy which made it possible to guess address locations. Protected mode was circumvented through an implementation flaw of Vista's Integrity Levels and DEP was circumvented with Java.

Reply Parent Score: 2

kragil Member since:
2006-01-04

No use telling him. Judging by this write up he is on MS payroll.

First of all IE6 is still officially supported by MS. People are still paying to get security patches and so it is not the fault of the users when they get hacked.

So:
_It is Microsofts fault._

2. The exploit works on IE7 on XP and Vista (not all setups, but still)

3. This article makes it sound like the good advancements in Vista regarding security cure all potential holes.

_They do not._

In conclusion:
This thing needs updates or should be deleted. Security is serious stuff for experts to write about.

Reply Parent Score: 0

Thom_Holwerda Member since:
2005-06-29

Ah, the "I disagree so he must be paid by Microsoft argument".

Very convincing argument. Cicero would be proud.

Seriously now - it's fine you disagree with me, but at least try to do so in a constructive manner (like Kroc did), because people aren't going to take you seriously this way. Your dislike for all things MS is clear enough without childish stuff like this.

Reply Parent Score: 2

nt_jerkface Member since:
2009-08-26

People are still paying to get security patches and so it is not the fault of the users when they get hacked.


They are when they are told by the company that they are putting themselves at risk when they use IE6 to surf the web.

Who doesn't know that IE6 is a massive security risk? Google should have been the last company to be compromised by something like. Don't make excuses for cheapskate companies.

Reply Parent Score: 2