Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Thread beginning with comment 404851
To read all comments associated with this story, please click here.
Good analysis
by strcpy on Tue 19th Jan 2010 07:24 UTC
Member since:

Good calm analysis, Thom.

Due to the inherited (and unfortunate) complexity and ever-growing bling of the web, all modern browsers are presumably more or less exploitable.

And for the record: Firefox ain't doing good in the security front either.

From interview with Charlie Miller:

Alan: So, if you had to make a recommendation, Mac, PC, or Linux? Or do you find them to be equally (in)secure?

Charlie: I'll leave Linux out of the equation since I know my grandma couldn't run it. Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.

Reply Score: 3

RE: Good analysis - no mention of FF
by jabbotts on Tue 19th Jan 2010 17:55 in reply to "Good analysis"
jabbotts Member since:

I'm not sure how your quote relates to FF security history as there's only mention of Linux, osX and Windows platforms with the focus on osX and based on popularity rather than it's technical level of security.

Granted, FF did rank in the top patch counts for 2009 but that's kind of expected since they openly disclose vulnerabilities as a matter of policy. A high patch count is perfectly acceptable and potentially desirable provided the time between bug discovery and patch release remains short. If FF is being used in a major attack blitz or falling over with lists of un-patched vulnerabilities, I'd like to see those reports as remaining unaware of them doesn't help me or my users.

Reply Parent Score: 2