Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Thread beginning with comment 404820
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Is this accurate?
by nt_jerkface on Tue 19th Jan 2010 02:53 UTC in reply to "RE: Is this accurate?"
nt_jerkface
Member since:
2009-08-26

I'm guessing you're talking about this:
http://blogs.pcmag.com/securitywatch/2010/01/aurora_exploit_ported_...

Even if he has developed an exploit that doesn't mean the machine can be taken over. From the same article:
Note that IE7 still has protected mode implemented by default, so even if an attacker can get the exploit to execute, there's not a lot he can do, because he's running in the crippled user context of protected mode.

Reply Parent Score: 2

RE[3]: Is this accurate?
by kragil on Tue 19th Jan 2010 03:30 in reply to "RE[2]: Is this accurate?"
kragil Member since:
2006-01-04

A Vista machine _might_ not do much, but XP has no protected mode and will do whatever the exploit wants.

But once you have native code running finding another bug somewhere or use another unpatched flaw is just another small step. Most black hats have multiple options at that point.

Just like DEP only really works on new CPUs. Athlon XPs and P4s etc are out of luck.

Anyways, IE8 is still kinda new and the majority of XP users still use IE6 (like the whole of China) or IE7 and they are right now all f--ked. So it is still the majority of Windows users overall and with each passing day it is likely to get worse.

Edited 2010-01-19 03:47 UTC

Reply Parent Score: 3

RE[4]: Is this accurate?
by nt_jerkface on Tue 19th Jan 2010 04:35 in reply to "RE[3]: Is this accurate?"
nt_jerkface Member since:
2009-08-26

A Vista machine _might_ not do much, but XP has no protected mode and will do whatever the exploit wants.

That's still too much speculation at this point.


Anyways, IE8 is still kinda new and the majority of XP users still use IE6 (like the whole of China) or IE7 and they are right now all f--ked.


Yes a lot of people are still using IE6 thanks to pirates in Asia who don't want to upgrade or switch to another browser. Most Windows users are not all f--ked however, it isn't a virus. They still have to be led to a website containing malicious code and there haven't been any IE7 attacks in the wild.

I know people like you want to use this as an opportunity to push alternative browsers but I think the real lesson is that there is a major problem with companies and individuals holding onto legacy systems.

Reply Parent Score: 2