[Red Moon]

Quote:

Internet Explorer users warned to change browser over security fears

Microsoft admitted today that a serious flaw in security has left all users of Internet Explorer, the default web browser for most people, vulnerable to attack from hackers.

The loophole allows criminals to commandeer victims’ computers by tricking them into visiting tainted websites that steal passwords. Computer users are advised to switch to an alternative internet browser, such as Firefox or Google Chrome, to be certain to avoid hackers who have so far corrupted an estimated 10,000 websites.

Microsoft said they are considering the release of an emergency update, which would close the flaw. The computing company claims that it has only detected attacks on Internet Explorer 7, the most common version of the programme, but warned that other versions are also potentially vulnerable. A spokesman today estimated that one in 500 internet users had been affected.

The hack was initially devised by Chinese criminals, who have been stealing computer game passwords that can be sold on the black market. However, Paul Ferguson, a security researcher for Trend Micro Inc, said the security breach is so severe that it could be “adopted by more financially motivated criminals for more serious mayhem - that’s a big fear right now.”

Since the security flaw was reported late last week, Microsoft said there has been a marked increase in new attacks attempting to make use of the vulnerability. These opportunistic hackers who exploit known security breaches are called “zero-day” attackers.

“Zero-day” threats occur as hackers race against software makers to attack the affected programmes, such as Explorer, before the known problems are repaired.

Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates.

John Curran, a spokesman for Microsoft, said: “Right now it’s affecting about 0.2 per cent of users who may have come in touch with the vulnerability.

“It has the potential to move world wide rather quickly so it’s a significant issue and that’s why Microsoft is working diligently to get it resolved as quickly as possible.

“We are recommending four steps [below] which would protect you from the vulnerabilities we know today but there could be variations to the vulnerabilities.

“Obviously the chance for this to be exploited is there.”

The company is telling users to employ a series of complicated workarounds to minimise the threat. It has been suggested that increasing the internet security zone level to high and disabling Ole32db.dll in the access control list could help protect a computer.

Many security experts, though, have advised Internet Explorer users switch to another browser until an update is released. The next scheduled patch is not due until January 13, in the New Year, but it is not unusual for Microsoft to release an emergency patch.

Microsoft’s advice for Internet Explorer users

1. Keep your anti-virus up-to-date. Microsoft has circulated the definitions of these vulnerabilities to all the major anti-virus providers.

2. Reset Internet Explorer to run in protected mode. This is the default mode in Windows Vista but not XP or the earlier version.

3. Set zone security to high.

4. Ensure Windows is updated. You can do this manually through Windows updater or set it to automatic updates.

More complex and comprehensive approaches are listed on the Microsoft website .

Source: The Times

[30stone]

So using firefox is the worst?

might use that google chrome thing then.

[Spike]

I can't say i'm surprised, IE has so many major flaws
I prefer and use Google Chrome and Safari anyway

[Red Moon]

Quote:

Originally posted by 30stone
So using firefox is the worst?

might use that google chrome thing then.

Sorry I had to delete the previous post, it was misleading as the article was from the end of last year. I would guess at the moment firefox 3.0 is safe since it being recommended in the Times article.

[Hugo]

Well I'm not going to change.

[lily.]

I use firefox. IE is shite anyway.

[Scarlett.]

I have used Firefox for ages now

[Hugo]

I can't cope without IE. I despise Firefox and Google Chrome -- the only bit I like about Chrome is the spell check. I am also worried about deletin history properly when ordering gifts for people ect.

[lily.]

Use Ccleaner before you log off and it'll clear all yer history in one go.

[Sarah.]

I switched to Firefox about 2 months ago because Internet Explorer was so annoying, I closed a window that was still processing [if that's the word lol] and 100's of new Internet Explorers would open and it wouldn't stop.
Firefox ftw.

[Red Moon]

Reading about the most secure browser is Opera with Firefox in second place in the secure bowser stake.

Source: Guardian

Also looking at some figures on vulnerabilities Opera had the lowest score at the figures I found.

If you want to download and try opera you can get it here: opera.com

[James]

Microsoft are putting out a fix for this today. You will get it if you have automatic updates on or at www.windowsupdate.com

http://www.nytimes.com/aponline/2008...er=rss&emc=rss