Pennock's Fiero Forum
  Totally O/T
  New hack threat to internet explorer? "Zero Day"

Post New Topic  Post A Reply
Email This Page to Someone! | Printable Version


next newest topic | next oldest topic
New hack threat to internet explorer? "Zero Day" by 2.5
Started on: 04-28-2014 03:54 PM
Replies: 10 (223 views)
Last post by: theogre on 05-01-2014 08:45 PM
2.5
Member
Posts: 43166
From: Southern MN
Registered: May 2007


Feedback score: (1)
Leave feedback





Total ratings: 184
Rate this member

Report this Post04-28-2014 03:54 PM Click Here to See the Profile for 2.5Send a Private Message to 2.5Edit/Delete MessageReply w/QuoteDirect Link to This Post
"Hackers targeting newly discovered flaw in Internet Explorer

This is what is known as a “zero-day” threat because there was zero time between the discovery of the vulnerability and the first attack by someone exploiting it.

The flaw relies on a well-known flash exploitation technique to bypass Windows security protection. Once the bad guys are in, they can install malicious software without users knowing."
...

http://www.washingtonpost.c...-explorer/?tid=hp_mm


The vulnerability is in all IE versions 6-11

[This message has been edited by 2.5 (edited 04-28-2014).]

IP: Logged
PFF
System Bot
jetman
Member
Posts: 7776
From: Sterling Heights Mich
Registered: Dec 2002


Feedback score: (4)
Leave feedback





Total ratings: 273
Rate this member

Report this Post04-28-2014 05:44 PM Click Here to See the Profile for jetmanClick Here to visit jetman's HomePageClick Here to Email jetmanSend a Private Message to jetmanEdit/Delete MessageReply w/QuoteDirect Link to This Post
Yeah, just 2 weeks after support for XP is terminated, they suddenly "discover" this security flaw. The cynical part of me thinks they knew before XP support ended, just another way to force the purchase of newer software. With 20% of computers still running XP, they ought to fix this for XP users too.
IP: Logged
fastblack
Member
Posts: 3696
From: Riceville, IA
Registered: Nov 2003


Feedback score: N/A
Leave feedback





Total ratings: 50
Rate this member

Report this Post04-29-2014 12:22 AM Click Here to See the Profile for fastblackSend a Private Message to fastblackEdit/Delete MessageReply w/QuoteDirect Link to This Post
Does Firefox have a version compatible with XP? If so, I would think this is a pretty easy fix for those folks.
IP: Logged
theogre
Member
Posts: 31111
From: USA
Registered: Mar 99


Feedback score: N/A
Leave feedback





Total ratings: 563
Rate this member

Report this Post04-29-2014 03:00 AM Click Here to See the Profile for theogreClick Here to visit theogre's HomePageSend a Private Message to theogreEdit/Delete MessageReply w/QuoteDirect Link to This Post
Shouldn't surprise anyone. IE has a long history of Zero Day bugs.
Flash has yet another one this week too.

 
quote
Originally posted by fastblack:
Does Firefox have a version compatible with XP? If so, I would think this is a pretty easy fix for those folks.

Yes But Flash bug affect most browsers...

------------------
Dr. Ian Malcolm: Yeah, but your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should.
(Jurassic Park)


The Ogre's Fiero Cave (It's also at the top and bottom of every forum page...)

IP: Logged
firstfiero
Member
Posts: 4879
From: york,pa,17403
Registered: Dec 2000


Feedback score: N/A
Leave feedback





Total ratings: 172
Rate this member

Report this Post04-29-2014 04:40 AM Click Here to See the Profile for firstfieroClick Here to Email firstfieroSend a Private Message to firstfieroEdit/Delete MessageReply w/QuoteDirect Link to This Post
seriously.. people still use windows explorer?
IP: Logged
Cliff Pennock
Administrator
Posts: 11152
From: Haarlem, The Netherlands
Registered: Jan 99


Feedback score: (2)
Leave feedback





Total ratings: 698
Rate this member

Report this Post04-29-2014 09:05 AM Click Here to See the Profile for Cliff PennockClick Here to visit Cliff Pennock's HomePageClick Here to Email Cliff PennockSend a Private Message to Cliff PennockEdit/Delete MessageReply w/QuoteDirect Link to This Post
Apparently, this is a very serious threat. So serious that the Department of Homeland Security warns against using Internet Explorer until the bug is patched. In addition, several other governments (like the British and Dutch governments) have advised the same thing. Some IT experts even predict this may be the nail in Microsoft's coffin.

One thing's for sure. XP users will not receive a patch, even though it's estimated that 15%-30% of all PC's world wide still run XP.
IP: Logged
2.5
Member
Posts: 43166
From: Southern MN
Registered: May 2007


Feedback score: (1)
Leave feedback





Total ratings: 184
Rate this member

Report this Post04-29-2014 09:28 AM Click Here to See the Profile for 2.5Send a Private Message to 2.5Edit/Delete MessageReply w/QuoteDirect Link to This Post
Is it safe to have I.E. installed but not use it? Or should it be somehow removed?
IP: Logged
theogre
Member
Posts: 31111
From: USA
Registered: Mar 99


Feedback score: N/A
Leave feedback





Total ratings: 563
Rate this member

Report this Post04-29-2014 01:36 PM Click Here to See the Profile for theogreClick Here to visit theogre's HomePageSend a Private Message to theogreEdit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
Originally posted by 2.5:
Is it safe to have I.E. installed but not use it? Or should it be somehow removed?

Most/all no choice.
IE runs many services like Window Update site, most/all MS Cloud services, etc.

Any browser isn't much safer, if any, then IE. Browser themselves or plugins causes problems.
All uses Flash Player and that has repeatedly zero days bugs too.
Adobe's Flash Player gets an emergency update (computerworld, posted April 28, 2014 01:37 PM ET)

Heartbleed is old news? Nope. That bug affect many things, not just web sites.
Example It’s Crazy What Can Be Hacked Thanks to Heartbleed (Wired)
IP: Logged
jetman
Member
Posts: 7776
From: Sterling Heights Mich
Registered: Dec 2002


Feedback score: (4)
Leave feedback





Total ratings: 273
Rate this member

Report this Post05-01-2014 05:42 PM Click Here to See the Profile for jetmanClick Here to visit jetman's HomePageClick Here to Email jetmanSend a Private Message to jetmanEdit/Delete MessageReply w/QuoteDirect Link to This Post
I just got a security update for internet explorer, anybody else get this on may 1st?

Edit,,, Yes, Microsoft decided to update IE and even for XP users.

http://krebsonsecurity.com/...y-includes-xp-users/

[This message has been edited by jetman (edited 05-01-2014).]

IP: Logged
Ravant
Member
Posts: 630
From: Garner, NC
Registered: Feb 2007


Feedback score: N/A
Leave feedback

Rate this member

Report this Post05-01-2014 06:51 PM Click Here to See the Profile for RavantSend a Private Message to RavantEdit/Delete MessageReply w/QuoteDirect Link to This Post
Disclaimer: Part of my job working for a smart metering firm involves wide-scale penetration testing of various applications for high security environments. So my statements below reflect only experience gathered by that testing. It is in no way to be construed as legal advice, and I do not take any responsibility for any actions you take in response to the information left below.

The Flash bug is part in parcel of the IE bug. The other issue is the vector markup language rendering engine IE uses. Unregistering VGX.dll will remove the second attack vector utilized in this situation. There are others via Java and ActiveX controls, but Flash and the VML vulnerabilities are the two biggest ones. This ZD is being patched quickly because it has an effect on so many versions of the browser and windows as a whole. However, this should be everyone's wake-up to stop using IE in general. It's never been standards-compliant, the code-base has always been an amalgamation of flatly embarrassing flaws and inefficiencies, and really should be considered the red-headed step-child of the browser world to be avoided like it has every plague the human race has ever known. And some it has yet to discover. Microsoft is only now trying to save face by retroactively allowing XP to receive the patch as well.
IP: Logged
theogre
Member
Posts: 31111
From: USA
Registered: Mar 99


Feedback score: N/A
Leave feedback





Total ratings: 563
Rate this member

Report this Post05-01-2014 08:45 PM Click Here to See the Profile for theogreClick Here to visit theogre's HomePageSend a Private Message to theogreEdit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
Originally posted by Ravant:
The Flash bug is part in parcel of the IE bug.

This time.
Flash, Acrobat (Full and Reader), and other Adobe products have a long history of security bugs and affects 1, 2, or all browsers or w/o any browser.
Acrobat have problems with and w/o any browser.
Many sites are useless w/o Flash plug-in and worse, many sites use Flash cookies to add to or bypass Browser cookies rules.

Same for Java... I got tried of one ZD bug after another so I dumped old menu. Menu I use now works even when J-Scipt is off.
My main system hasn't use Java ever since. Not even installed.
(Reminder to everyone... If used Java only to access my cave then Remove Java.)
IP: Logged
PFF
System Bot

next newest topic | next oldest topic

All times are ET (US)

Post New Topic  Post A Reply
Hop to:

Contact Us | Back To Main Page

Advertizing on PFF | Fiero Parts Vendors
PFF Merchandise | Fiero Gallery | Ogre's Cave
Real-Time Chat | Fiero Related Auctions on eBay



Copyright (c) 1999, C. Pennock