A New Internet Explorer Problem

Just read this and thought I would share it.

http://tech.yahoo.com/news/pcworld/20090727/tc_pcworld/microsoftrushestofixiekillbitbypassattack_1

 

Thanks for sharing the link SourMilk.
The article doesn't identify which version of IE has the defect. I'm wondering about IE8.

 

Here's another article on the same critical hole and it lists the browsers affected. So much for IE8.

"The vulnerabilities affect Windows 2000, Windows XP, Vista, Windows Server 2003 and 2008, Internet Explorer 6, 7 and 8, Microsoft Visual Studio .NET 2003, Visual Studio 2005 and 2008 and Visual C++ 2005 and 2008, according to the security bulletin advance notification."

http://news.cnet.com/8301-27080_3-10295592-245.html

 

ActiveX was/is such a stupid idea. I know MS never originally envisaged way back when when they coded IE with AX actively running by default, that bad peeps would even want to do evil deeds.

But, they have had many years since then with Plenty of proof that AX is a major cause of infections getting in. For some reason they seem to have just bury their heads and hope it'll go away, because, hey it's their baby and we gonna keep it, can't admit defeat can we !

Sure after ALL these years of not listening, IE now comes with AX disabled by default. Huh, better late than never i suppose. What about all those peeps who've been blasted over the years in the meantime.

ActiveX has got to go, and whilst i'm at it, www's can be coded without Scripting or Java too.

 

Do you actually have an informed opinion you'd like to share with us, or are you just here to recite ignorant hype?

 

Umm, no. Exactly how do you plan on doing things on the net without Java, Flash, and yes, scripting? Whether you participate in it or not, people like Youtube, Hulu, online games, online streaming music and movies, and so forth. Take away all these "evil scripts" and coding, and say goodbye to a HUGE percentage of the net. Active X was NOT a bad idea, it was implemented badly, that is all. Javascript, Flash, Java, all of these technologies made the internet what it is today. There is NOTHING wrong with any of it, it is simply misused by the bad guys....but you tell me what technology isn't.

 

Err, well it's not just me that thinks this way.

http://www.broadbandreports.com/forum/r22774232-Internet-Explorer-Critical-Killbit-Bypass

http://www.broadbandreports.com/for...-10-Windows-users-vulnerable-to-the-Flash-bug

There are other ways of viewing videos without Flash. If the people who ran www's only allowed certain other formats that didn't rely on unsafer code, and exploits of it, so much the better.

Sure games etc might require that stuff, but maybe it's because the coders didn't think out of the box, and just relied on the same old at the time. I'm sure they wern't thinking ahead either of potential dire consequences when they originally coded either. But because someone set the ( standard ) then others blindly followed. Same with Flash, that's the way the others do it, so we will !

 

Those links prove nothing, they're just opinions. No one is arguing that these technologies have vulnerabilities, what do you expect? There are holes in EVERY piece of software, plain and simple fact. Why? They're created by human programmers, humans that get tired, get distracted, have brain farts, you get the point. Okay, so we should dump Flash, it's vulnerable and people only use it because "hey, everyone else is". What we'll do instead is have every website, every uploader of videos and music decide on a different codec.

So now we have an entire internet full of websites that use whatever codec they wish, and you better hope you have a player installed that can play it....uh oh, I smell trouble: Now we have different players capable of using certain codecs....all made by humans, all having a hole SOMEWHERE in them, including the players that use the codecs. Now you not only have the utter insanity of chasing down different codecs that may or may not play in your favorite app, but now you just added in a TON of possible vulnerabilities....and we're just talking media playing here.

No matter what code you replace all these "dangerous" technologies with, it's going to be flawed and the bad guys WILL find a way to abuse it. If you'd like to go back to DOS and orange or green monitors, be my guest. Otherwise, get used to the fact that the internet has changed, technologies have changed, but one thing hasn't and never will, anything made by human minds and hands will be imperfect, good intentions or otherwise.