Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Thread beginning with comment 404828
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Is this accurate?
by kragil on Tue 19th Jan 2010 03:30 UTC in reply to "RE[2]: Is this accurate?"
kragil
Member since:
2006-01-04

A Vista machine _might_ not do much, but XP has no protected mode and will do whatever the exploit wants.

But once you have native code running finding another bug somewhere or use another unpatched flaw is just another small step. Most black hats have multiple options at that point.

Just like DEP only really works on new CPUs. Athlon XPs and P4s etc are out of luck.

Anyways, IE8 is still kinda new and the majority of XP users still use IE6 (like the whole of China) or IE7 and they are right now all f--ked. So it is still the majority of Windows users overall and with each passing day it is likely to get worse.

Edited 2010-01-19 03:47 UTC

Reply Parent Score: 3

RE[4]: Is this accurate?
by nt_jerkface on Tue 19th Jan 2010 04:35 in reply to "RE[3]: Is this accurate?"
nt_jerkface Member since:
2009-08-26

A Vista machine _might_ not do much, but XP has no protected mode and will do whatever the exploit wants.

That's still too much speculation at this point.


Anyways, IE8 is still kinda new and the majority of XP users still use IE6 (like the whole of China) or IE7 and they are right now all f--ked.


Yes a lot of people are still using IE6 thanks to pirates in Asia who don't want to upgrade or switch to another browser. Most Windows users are not all f--ked however, it isn't a virus. They still have to be led to a website containing malicious code and there haven't been any IE7 attacks in the wild.

I know people like you want to use this as an opportunity to push alternative browsers but I think the real lesson is that there is a major problem with companies and individuals holding onto legacy systems.

Reply Parent Score: 2

RE[5]: Is this accurate?
by kragil on Tue 19th Jan 2010 12:54 in reply to "RE[4]: Is this accurate?"
kragil Member since:
2006-01-04

http://www.itpro.co.uk/619561/microsoft-admits-flaw-may-hit-ie7

And hacked websites are all over the web, there were even banking sites that had exploit code embedded. If you surf the web with an insecure browser that is used by billions of people you are at risk PERIOD

Reply Parent Score: 2