Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Thread beginning with comment 404934
To view parent comment, click here.
To read all comments associated with this story, please click here.
DEP does not work all the time
by kragil on Tue 19th Jan 2010 16:06 UTC in reply to "RE: DEP does not work on all machines"
kragil
Member since:
2006-01-04

http://www.vupen.com/exploits/Microsoft_Internet_Explorer_Use_after...

They have an exploit for IE8 with DEP enabled.

This makes this whole article totally wrong and downright dangerous, because just because there is no publically available code does not mean that bad guys can't figure it out. Took that company only a few days.

Reply Parent Score: 2

Thom_Holwerda Member since:
2005-06-29

Funny how when there's a proof of concept of a Linux or Mac vulnerability, it's all discarded as "it's not in the wild" and "show me a real infection" and so on...

...yet when it's Microsoft, proof of concepts and even regular concepts are accepted without so much as a blink of the eye.

Double standards. You has them.

On top of that, they bypassed DEP. What about protected mode? Did you buy (yes, you have to buy it) the concept to test it out? Or do you believe that security company's (BUY OUR PRODUCT) puppy eyes?

Edited 2010-01-19 16:30 UTC

Reply Parent Score: 1

kragil Member since:
2006-01-04

You are wrong again. I never ever said anything like that. I am the first who wants fixes for Linux bugs.
All you will find me saying is that sometimes it makes no real sense to use exploits on Linux or OSX because there are just too few users running the software.

You said the flaw would only work on XP with IE6 and that DEP and protected mode would make you safe. That again was wrong. Protected mode has been circumvented on Vista and DEP in IE8. It is just a matter of time before all IEs on all versions of windows are vulnerable.

And the thing is: Exploiting bugs in browsers is big business now. Once a flaw is found it will be exploited if there enough users running that browser.

So contary to what you said I think that every possible exploit will be used if it makes economically sense for the attacker.

In the case of IE it does.

Reply Parent Score: 3