Linked by Thom Holwerda on Mon 18th Jan 2010 17:03 UTC
Internet Explorer France has echoed calls by the German government for web users to find an alternative to Microsoft's Internet Explorer to protect security. Certa, a government agency that oversees cyber threats, warned against using all versions of the web browser.
Thread beginning with comment 404831
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[6]: Comment by Kroc
by lemur2 on Tue 19th Jan 2010 03:58 UTC in reply to "RE[5]: Comment by Kroc"
lemur2
Member since:
2007-02-17

"The particular exploit which this is all about affects almost all versions of IE and Windows.
Here's a better link: http://blogs.technet.com/srd/archive/2010/01/15/assessing-risk-of-i... As you can see it's only exploitable in IE6. You linked to an article by SJVN who is a well known ABMr that could care less about providing a honest assessment of the situation. "

The exploit code example that was released only affects XP and IE6. The security hole that was exploited exists in IE6, IE7 and IE8, on most versions of Windows.

SJVN might well be an ABMr just as you are an anti-freedomer, but nevertheless when he indicated which versions of IE and Windows were vulnerable, SJVN was only quoting Microsoft themselves.

To be exact, according to Microsoft, the same security hole is in IE6, IE7 and IE8 on Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2 are vulnerable to attack.


Edited 2010-01-19 04:01 UTC

Reply Parent Score: 3

RE[7]: Comment by Kroc
by nt_jerkface on Tue 19th Jan 2010 08:23 in reply to "RE[6]: Comment by Kroc"
nt_jerkface Member since:
2009-08-26


SJVN might well be an ABMr just as you are an anti-freedomer, but nevertheless when he indicated which versions of IE and Windows were vulnerable, SJVN was only quoting Microsoft themselves.


He left out this little tidbit from the report:

At this time, we are aware of limited, targeted attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other versions of Internet Explorer.


Just because a vulnerability exists doesn't mean that it can used to takeover a system. His article is deceptive in that it makes it sound like all IE users are under threat of attack. It's alarmist with the intent of switching users to non-Microsoft systems.

As for me being an "anti-freedomer" I don't buy into Stallman's newspeak definition of freedom so that means nothing to me. I measure software based on utility which puts me at odds with FOSS advocates since I don't value software in Stallman's moral terms.

Oh and this was posted from Chrome.

Reply Parent Score: 2

RE[8]: Comment by Kroc
by lemur2 on Tue 19th Jan 2010 10:00 in reply to "RE[7]: Comment by Kroc"
lemur2 Member since:
2007-02-17

"SJVN might well be an ABMr just as you are an anti-freedomer, but nevertheless when he indicated which versions of IE and Windows were vulnerable, SJVN was only quoting Microsoft themselves.


He left out this little tidbit from the report:
At this time, we are aware of limited, targeted attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other versions of Internet Explorer.

Just because a vulnerability exists doesn't mean that it can used to takeover a system. His article is deceptive in that it makes it sound like all IE users are under threat of attack. It's alarmist with the intent of switching users to non-Microsoft systems.
"

Just to clarify ... I don't read the same thing when I see "vulnerability" as when I see "exploit". I read a "vulnerability" as a potential way to compromise a system, and an "exploit" as realised code that can actually do it. Your apparent reading of those terms is close enough to mine.

So then, for this latest episode, all the versions of IE and Windows mentioned by SJVN are vulnerable, just as he claimed them to be ... Microsoft themselves agree. In the actual attack against this vulnerability, the exploit code that was used was only effective against IE6 on Windows XP.

Can we agree on that?

OK ... the vulnerability is still there, on all those versions of Windows. It hasn't been patched yet. If attackers can use better exploit code, they may well still be able to compromise even the very latest up-to-date version of Windows 7 and IE8.

As for me being an "anti-freedomer" I don't buy into Stallman's newspeak definition of freedom so that means nothing to me.


It means something to me, and to millions upon millions of people. As I said, you are an "anti-freedomer" just as much as you accuse SJVN of being an "ABMr". If you can use disparaging terms, so too can others against you. If you want respect, you must give it. OTOH, if you withdraw your disparagement and dreadful attitude towards others, those other people just may hold a bit more respect for you in return.

I measure software based on utility which puts me at odds with FOSS advocates since I don't value software in Stallman's moral terms.


Whatever your views, it doesn't mean you should attack others who see it differently to you. I, for example, am not willing to give over control of my machine and surrender my privacy and security to an American profit-motivated corporation in exchange for imagined utility that turns out to be a marketing/PR illusion in any event.

Oh and this was posted from Chrome.


What do you want, a medal or something?

Use what you are happy with. Just don't be vicious towards others who aren't happy with something shoddy that you apparently are prepared to put up with.

Edited 2010-01-19 10:03 UTC

Reply Parent Score: 2