View Full Version : Potentially serious IE Security flaw
Just came across this one and thought I woudl ahre it.
http://bmonday.com/articles/496.aspx
Click on the exploit demo, and move the security dialog to see just what they are doing.
Scary stuff.
Sloan
02-04-2004, 09:57 AM
There are so many bugs in Windows, IE, OE, Outlook that Microsoft knows about and refuses to fix it is scary. I'm forced to use windows at work, but no way are they going to make me use IE and OE.
the worker
02-04-2004, 10:25 AM
what web browser is a good one to use ?
Sloan
02-04-2004, 10:39 AM
Mozilla, Firebird, Opera, Netscape
Fonzie
02-04-2004, 10:41 AM
I don't know if the others are really much safer (I don't have any expertise in this area), but it seems to me that the virus writers and security-flaw-exploiters focus their anger on Microsoft products. So, in that sense most anything that's not Microsoft-created will probably be better.
dixieflatline
02-04-2004, 10:56 AM
I don't know if the others are really much safer (I don't have any expertise in this area), but it seems to me that the virus writers and security-flaw-exploiters focus their anger on Microsoft products. So, in that sense most anything that's not Microsoft-created will probably be better.
I am not sure I completely agree with this. In general, open source code writers are aware that if they leave huge security holes in their programs it will easily be detected so security is generaly priority one for them. That said, hole are found in all programs but because the code is open source things tend to get patched up very quickly once a problem has been detected because a lot of people can work on solving the problem.
Sloan
02-04-2004, 11:20 AM
Even if these other items were as insecure as their MS counterparts when they were released, the developers actively try to close the security holes. I have no idea how MS decides which bugs to fix and which ones to leave open.
GoldenEagle
02-04-2004, 11:43 AM
Bill Gates knows never to release a perfect product. As long as people continue to feed the cash cow it will be this way. But I like to play games and such so have to use Windwows.
k0ruptr
02-04-2004, 03:19 PM
wow, what an AWESOME bit of code. im in awe. genius
rkmsuf
02-04-2004, 03:26 PM
it's all done with ball bearings...
sterlingice
02-04-2004, 04:20 PM
Bill Gates knows never to release a perfect product. As long as people continue to feed the cash cow it will be this way. But I like to play games and such so have to use Windwows.
Every time something like this happens, I think back to the recent Bond movie with Jonathan Pryce as the Gates/Turner-esque super villain. There's a scene where he's talking to all of his media generals and there's quote about making sure the bugs are in the new software release so users will have to upgrade for generations to come. If that wasn't a shot at Billy Gates, I don't know what was.
SI
Daimyo
02-04-2004, 05:01 PM
Every OS and every application is vulnerable. Obviously since the vast majority of the world uses MS products, most hackers focus their efforts there. If your goal was to affect as many machines under your control as possible, would you write an exploit that has a potential target base of 85% of the world's computers or one that only targets 10%? Factor in that most people who use linux are more computer savy and more likely to take the appropriate precations and its a no wonder most of the exploits you hear about are directed at Microsoft products.
The good news is that with such a large user base its more likely the exploits will be discovered by the good guys before they're discovered by bad guys. Just about all of these vulnerabilities are patched before exploit code is ever written.
dawgfan
02-04-2004, 06:37 PM
Every OS and every application is vulnerable. Obviously since the vast majority of the world uses MS products, most hackers focus their efforts there. If your goal was to affect as many machines under your control as possible, would you write an exploit that has a potential target base of 85% of the world's computers or one that only targets 10%? Factor in that most people who use linux are more computer savy and more likely to take the appropriate precations and its a no wonder most of the exploits you hear about are directed at Microsoft products.
The good news is that with such a large user base its more likely the exploits will be discovered by the good guys before they're discovered by bad guys. Just about all of these vulnerabilities are patched before exploit code is ever written.
Daimyo, I'm afraid your post is far too rational; don't you understand that Micro$oft is the most evil company in the world - ever! They're all incompetant coders and evil fuckheads to boot, led by Satan himself, Bill Gates.
Ryan S
02-04-2004, 06:47 PM
Just came across this one and thought I woudl ahre it.
http://bmonday.com/articles/496.aspx
Click on the exploit demo, and move the security dialog to see just what they are doing.
Can someone tell me what you are seeing?
I set IE6 security pretty tight, and I have no intention of loosening it for a second. :)
Vince
02-04-2004, 07:30 PM
It pops up a window that says you're entering a harmless site..but if you drag that window away from the original location, it shows that the text that you read that was on the 'window' stays where it was, and what was actually on the window you were to click 'ok' on is something completely different.
Karim
02-04-2004, 07:52 PM
My download manager kicked in before anything happened, prompting me if I wanted to download an .exe which I would never do if it wasn't intentional.
Not exactly security, but it's a start.
Sloan
02-04-2004, 08:04 PM
Just about all of these vulnerabilities are patched before exploit code is ever written.
This is exactly the opposite of what I was trying to say earlier. There are many wide open security holes that have been reported to MS and the various security sites, but MS refuses to fix them.
sterlingice
02-05-2004, 05:14 AM
Daimyo, I'm afraid your post is far too rational; don't you understand that Micro$oft is the most evil company in the world - ever! They're all incompetant coders and evil fuckheads to boot, led by Satan himself, Bill Gates.
And I'm afraid that if you think MS is a benevolent monopoly concerned with making a good product before making a quick buck then you're just flat out ignorant.
SI
It pops up a window that says you're entering a harmless site..but if you drag that window away from the original location, it shows that the text that you read that was on the 'window' stays where it was, and what was actually on the window you were to click 'ok' on is something completely different.
You enter the site and are presented with this dialog :
http://www.fidosoft.com/one.gif
However, if you move the dialog be dragging on the title bar you see that its really the following:
http://www.fidosoft.com/two.gif
dawgfan
02-05-2004, 02:59 PM
And I'm afraid that if you think MS is a benevolent monopoly concerned with making a good product before making a quick buck then you're just flat out ignorant.
SI
Microsoft is a business. I'm not ignorant of that fact. What galls me is the vitriol with which so many people have towards the company.
If you want to argue about the quality of the code produced by MS, if you want to argue the business ethics of their actions, if you want to want to argue the benefits of open-source programming vs. a private business model, these are all areas that can be debated.
When I see people equating Gates with the Anti-Christ and such declarations as Microsoft is evil and the most reprehensible company in the world, that's insanity. People that think this way really need to get some perspective on life.
Microsoft makes software; you can argue about the quality and the ethics of how they control the marketplace, but at the end of the day it's still software. This is not a company deliberately hiding the facts about it's addictive and unhealthy product; this is not a company engaged in exploiting poor workers in other countries and taking advantage of very loose labor and environmental laws; this is not a company that has a long and ugly history of fouling the environment; I could go on and on, but hopefully you get my point.
For those making the argument that MS purposely ignore security holes in their software, please explain to me how this makes any sense - what's the motivation for MS, which is continuously being hammered for security issues in their software, to purposely ignore known problems?
sterlingice
02-05-2004, 03:44 PM
Microsoft makes software; you can argue about the quality and the ethics of how they control the marketplace, but at the end of the day it's still software. This is not a company deliberately hiding the facts about it's addictive and unhealthy product; this is not a company engaged in exploiting poor workers in other countries and taking advantage of very loose labor and environmental laws; this is not a company that has a long and ugly history of fouling the environment; I could go on and on, but hopefully you get my point.
They aren't an oil company or tobacco company so they'd have to work pretty hard to pollute and addict people. However, much of the west coast is littered with companies run out of business by their illegal monopolistic practices. They have run quite a few companies out of business not through having superior products but by leveraging their illegally maintained monopoly.
SI
vBulletin v3.6.0, Copyright ©2000-2026, Jelsoft Enterprises Ltd.