Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Thread beginning with comment 404952
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:

You are wrong again. I never ever said anything like that. I am the first who wants fixes for Linux bugs.
All you will find me saying is that sometimes it makes no real sense to use exploits on Linux or OSX because there are just too few users running the software.

You said the flaw would only work on XP with IE6 and that DEP and protected mode would make you safe. That again was wrong. Protected mode has been circumvented on Vista and DEP in IE8. It is just a matter of time before all IEs on all versions of windows are vulnerable.

And the thing is: Exploiting bugs in browsers is big business now. Once a flaw is found it will be exploited if there enough users running that browser.

So contary to what you said I think that every possible exploit will be used if it makes economically sense for the attacker.

In the case of IE it does.

Reply Parent Score: 3

Thom_Holwerda Member since:

You said the flaw would only work on XP with IE6 and that DEP and protected mode would make you safe.

Except, that's not what I said.

What I said was that you're safe against the CURRENT EXPLOIT. You know, the one everyone's talking about, as used in the Google attack? The headline didn't tip you off?

Reply Parent Score: 1

kragil Member since:

There is a difference.

On the one hand there is currently available exploit code. That is what is what MS and you are talking about.
On the other hand there is the IE flaw that was used to hack Google. The available exploit code is not the code the (Chinese) hackers used to hack Google. They used the flaw in IE and their own code.

It is not like all hackers rely on publically available code. They can code themselves.

Reply Parent Score: 3