Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

New Vulnerability in Every Version of Internet Explorer Since IE6

posted by n1 on Monday April 28 2014, @06:11AM   Printer-friendly
from the film-at-11 dept.

AnonTechie writes:

Late Saturday, Microsoft confirmed the existance of a new zero-day vulnerability that resides in all versions of Internet Explorer since IE6 has been spotted in the wild. The vulnerability, which could allow remote code execution, is being used in "limited, targeted attacks," according to an advisory issued by Microsoft. While all versions of the web browser, IE6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm Fire Eye, which first reported the flaw Friday.

 
This discussion has been archived. No new comments can be posted.
New Vulnerability in Every Version of Internet Explorer Since IE6 | Log In/Create an Account | Top | 34 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Funny) by timbim on Monday April 28 2014, @07:27AM

    by timbim (907) on Monday April 28 2014, @07:27AM (#37053)

    What's the difference between ie5 and ie6? Maybe everyone should switch to ie5 to be safe. Maybe ie1 is the safest browser available in today's world?

    Starting Score:    1  point
    Moderation   +3  
       Funny=3, Total=3
    Extra 'Funny' Modifier   0  
    Total Score:   4  

  • (Score: 3, Interesting) by AnonTechie on Monday April 28 2014, @07:50AM

    by AnonTechie (2275) on Monday April 28 2014, @07:50AM (#37057) Journal

    Possibly ... until somebody comes up with another NEW vulnerability with affects IE version 1 to version 5 !!

    --
    Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."

  • (Score: 5, Informative) by Hairyfeet on Monday April 28 2014, @08:12AM

    by Hairyfeet (75) <bassbeast1968NO@SPAMgmail.com> on Monday April 28 2014, @08:12AM (#37060) Journal

    Most likely because IE 6 was released at the start of the whole "Web 2.0 lets run everything in a browser" phase of stupid that we are seeing til this very day. I mean sure, put all these extra features to allow a rich app experience in the browser, what could go wrong?

    I've said it before and I'll say it again, the whole "lets just run code from anywhere, rich apps in a browser" thing needs to go and we really need to start over, starting with tossing JavaScript. When JavaScript was thought up nobody even thought about what bad actors might do to it, much less that the web would become "monetized" in a way that actively encouraged website owners to take third party code sight unseen from middlemen, and crap like this is the result. All this sandboxing and other crap which keeps pushing up the browser bloat while still letting shit like this happen? Its just bandaids on bulletwounds and does nothing to address that the web is currently working on a retarded model where a single page can have a dozen redirects on it to shit that the person that wrote the website has no clue about.

    When I started out a browser easily fit on a floppy and even on 28k pages loaded pretty damned quickly, now we have pipes several orders of magnitude larger and these huge browsers that are more like a mini-OS than the page rendering tools of old yet if anything pages are slower and the experience is worse. Hell so many pages have so much third party shit on them now that surfing without adblock is fricking painful and do these webmasters even have a clue what is being done on their pages from view to view? Nope, hell considering how many ads from conservative companies I've seen in videos reviewing sex toys I seriously doubt the companies buying the ads have a clue either. This whole system seriously needs a do-over, and common sense needs to be used when it comes to the web, though as long as companies and webmasters can make money from this broken design I sadly doubt it'll change.

    --
    ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.

    • (Score: 3, Funny) by jimshatt on Monday April 28 2014, @08:18AM

      by jimshatt (978) on Monday April 28 2014, @08:18AM (#37063) Journal
      You forgot to add "get off-a my lawn!"

    • (Score: 2) by kaszz on Monday April 28 2014, @09:27AM

      by kaszz (4211) on Monday April 28 2014, @09:27AM (#37080) Journal

      Javascript code looks like hell and perhaps should have had some thought in naming to avoid the name confusion with Java (bytecode). The whole system just seems thoughtless.

      Sandboxing is likely a necessary evil but as the font bug [slashdot.org] shows. Whenever a external input is processed there are possible unintended consequences.

      • (Score: 3, Informative) by forsythe on Monday April 28 2014, @01:31PM

        by forsythe (831) on Monday April 28 2014, @01:31PM (#37147)

        For reference, Javascript did have some thought in naming. It was named Javascript precisely so that it would be associated with Java. (For citation, see e.g. W3's [w3.org].

        • (Score: 2) by kaszz on Monday April 28 2014, @10:46PM

          by kaszz (4211) on Monday April 28 2014, @10:46PM (#37428) Journal

          But why is there a need for association with Java? for all I know it could been Javascript + flash instead. If W3 had decided so.

          A script language is sure useful but Javascript seems to loosely defined, incompatible between browsers and missing strict type control. Often scripts lack checks of environment capability and often get stuck with 99% CPU usage.. Let's hope this gets fixed.

    • (Score: 5, Interesting) by Common Joe on Monday April 28 2014, @11:46AM

      by Common Joe (33) <{common.joe.0101} {at} {gmail.com}> on Monday April 28 2014, @11:46AM (#37109) Journal

      I've said it before and I'll say it again, the whole "lets just run code from anywhere, rich apps in a browser" thing needs to go and we really need to start over, starting with tossing JavaScript.

      I wish the right people were saying that. I'm a desktop app developer and right now I'm learning web app development. I've been out of a job for a while and after months of no one giving me the time of day, I decided to look at web technologies because that's all anyone wants. Luckily, at the same time, a small firm has finally said they are thinking about hiring me because they don't want script kiddies and I have decent object oriented experience. Reasonably, they want to see what I can do and how fast I can learn web technologies before they hire me. They gave me the names of a couple of technologies that they use and said, "Good luck, we'll talk to you in a month." Thank goodness I already had some experience in web development from a decade ago. I'm looking at a dozen technologies piled on top of one another.

      That's twelve technologies just to produce something akin to Hello World for a modern web page. Symfony2, Twig, Twitter bootstrap, PostgreSQL, HTML5, CSS, JavaScript, jQuery, JSON, YAML, PHP, and Doctrine. Yes, some are easier than others, but I have literally read and studied hundreds of pages of documentation and skimmed thousands of pages in the past two weeks (and I'm not done learning). The cherry on top is the guy bragged they used over 120 different technologies at his tiny firm so I know he wants me to learn more. WTF? Is this what we call normal in the web world?

      There is something fundamentally wrong at every level of web development. Even the development environment sucks compared to the desktop environments. The desktop IDE kicks the web IDE's ass even if you're using the same IDE for the different languages. The web languages are structured so that there is little to no type checking and autocomplete is nowhere near the standards that I'm used to.

      No wonder why my potential employer can't find anyone who isn't a script kiddie. How does anyone become an expert at this stuff and still have a life?

      • (Score: 3, Informative) by tibman on Monday April 28 2014, @01:51PM

        by tibman (134) Subscriber Badge on Monday April 28 2014, @01:51PM (#37160)

        It probably doesn't help that its all new. DotNet web development is the same soup. C#, XML (configs), CSS, HTML with embedded C# (Razor), Javascript, and i'd like to put Linq/EntityFramework as separate from C#. JSON shouldn't count as it is just an associative array.

        HTML is your organization, CSS is your presentation, and Javascript is your business logic. When you look at it that way it's actually quite nice. If you are doing TestDriven development then type checking won't even matter. AutoComplete will probably always lag behind what you're used to though : / But i'll bet you come to rely on it a lot less. If your desktop IDE was visual studio (i'm guessing) then you can try a php extension. You'll be able to debug code and use IntelliSense exactly like you use to. http://www.devsense.com/products/php-tools [devsense.com]

        I have no doubt that your marketable value will go up if you learn all this stuff this guy is throwing at you. He's right though, it isn't always about what you already know. It's also about how quickly you can learn new things. You've got a great opportunity here to transition to web development. You'll have a huge amount of server-side knowledge that most web-devs lack. Good luck!

        --
        SN won't survive on lurkers alone. Write comments.

      • (Score: 0) by Anonymous Coward on Monday April 28 2014, @02:12PM

        by Anonymous Coward on Monday April 28 2014, @02:12PM (#37168)

        A hundred and twenty "technologies" sounds like one of those inflated numbers people come up with to be able to brag: my OS is a "technology," as is e-mail, as is g-mail, as is my word processor, as is my kid's favorite word-processors, etc., all the way to one hundred and twenty. If the guy counts HTML and CSS as "technologies" as opposed to de facto common knowledge in the tech world generally, he's definitely inflating numbers.

        On the other hand, if he's using a hundred frameworks for a project, he very likely has a shallow-to-none understanding of each. Deeply understanding JavaScript (including closures), a server-side language (PHP is, despite the common fastidium, a general default), and basic SQL (with the ability to specialize in MySQL or PostgreSQL) is what you need.

        Once you have those, the rest either follows naturally or becomes pointless. JSON is actually just a subset of JS. JQuery is nice to know and doesn't take long at all IF you have the deep understanding of JavaScript. Bootstrap is worthless once you know the basics.

    • (Score: 1) by O3K on Monday April 28 2014, @05:48PM

      by O3K (963) on Monday April 28 2014, @05:48PM (#37306)

      That's a badass rant right there, Man.

    • (Score: 1) by iWantToKeepAnon on Monday April 28 2014, @06:39PM

      by iWantToKeepAnon (686) on Monday April 28 2014, @06:39PM (#37331) Homepage Journal

      Very very very bad idea. Things You Should Never Do [joelonsoftware.com]

      They did it by making the single worst strategic mistake that any software company can make: They decided to rewrite the code from scratch.

      Netscape wasn't the first company to make this mistake. Borland made the same mistake when they bought Arago and tried to make it into dBase for Windows, a doomed project that took so long that Microsoft Access ate their lunch, then they made it again in rewriting Quattro Pro from scratch and astonishing people with how few features it had. Microsoft almost made the same mistake, trying to rewrite Word for Windows from scratch in a doomed project called Pyramid which was shut down, thrown away, and swept under the rug. Lucky for Microsoft, they had never stopped working on the old code base, so they had something to ship, making it merely a financial disaster, not a strategic one.

      We're programmers. Programmers are, in their hearts, architects, and the first thing they want to do when they get to a site is to bulldoze the place flat and build something grand. We're not excited by incremental renovation: tinkering, improving, planting flower beds.

      We don't need to loose that much time. Yes we can incrementally make things better. Tearing down the whole damn frickin internet and trying to build a better replacement is not the solution. Your "better" solution would be delivered late and over budget and would be totally ignored. And while you were off in your marbled halls creating a work of beauty, the real world would go on without you and fix the already working technologies and nobody would care when you tell them how much better your app is "under the hood" ... yet works just about the same as what we already have.

      --
      "Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy

    • (Score: 2) by lennier on Monday April 28 2014, @10:37PM

      by lennier (2199) on Monday April 28 2014, @10:37PM (#37424)

      I've said it before and I'll say it again, the whole "lets just run code from anywhere, rich apps in a browser" thing needs to go and we really need to start over, starting with tossing JavaScript... Its just bandaids on bulletwounds and does nothing to address that the web is currently working on a retarded model where a single page can have a dozen redirects on it to shit that the person that wrote the website has no clue about.

      You may be surprised (and pleased) to know that Alan Kay, the guy who invented object oriented programming and the GUI and possibly knows what he's talking about, heartily agrees with you. [drdobbs.com]

      Kay: ... Pop culture is all about identity and feeling like you're participating. It has nothing to do with cooperation, the past or the future - it's living in the present. I think the same is true of most people who write code for money. They have no idea where [their culture came from] - and the Internet was done so well that most people think of it as a natural resource like the Pacific Ocean, rather than something that was man-made. When was the last time a technology with a scale like that was so error-free? The Web, in comparison, is a joke. The Web was done by amateurs.

      Binstock: Still, you can't argue with the Web's success.

      Kay: I think you can. ...

      Binstock: How do you mean?

      Kay: Go to a blog, go to any Wiki, and find one that's WYSIWYG like Microsoft Word is. Word was done in 1984. HyperCard was 1989. Find me Web pages that are even as good as HyperCard. The Web was done after that, but it was done by people who had no imagination. They were just trying to satisfy an immediate need. There's nothing wrong with that, except that when you have something like the Industrial Revolution squared, you wind up setting de facto standards - in this case, really bad de facto standards. Because what you definitely don't want in a Web browser is any features.

      Binstock: "Any features?"

      Kay: Yeah. You want to get those from the objects. You want it to be a mini-operating system, and the people who did the browser mistook it as an application. They flunked Operating Systems 101.

      Binstock: How so?

      Kay: I mean, look at it: The job of an operating system is to run arbitrary code safely. It's not there to tell you what kind of code you can run. Most operating systems have way too many features.

      --
      Delenda est Beta