Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Thread beginning with comment 404834
To view parent comment, click here.
To read all comments associated with this story, please click here.
Bryan
Member since:
2005-07-11

Well, those people are the CTO of McAfee and the white hat security researcher who's actually trying to expand upon the exploit, so they shouldn't be dismissed outright. Granted, the CTO points to a YouTube video on how McAfee software can block this exploit, so you could argue he's got an agenda. But that doesn't change the fact that the researcher has been able to get as far as read-only access to the system through IE7 on Vista. Hopefully, protected mode won't be easy to break out of, but still Microsoft needs to patch this ASAP. Mechanisms like DEP and protected mode are meant to be extra layers to mitigate the impact of exploits, but not long term substitute solutions. (Although after this incident, I would like to see an additional patch to opt-in IE7 to DEP by default; it probably couldn't be done in IE6 due to the same compatibility issue that have kept them from upgrading to newer versions.)

Reply Parent Score: 1