MacDailyNews - Where Mac news comes first

that's some mighty powerful stuff... glad i banshed IE from my computer years ago... Mac or no Mac.

Amazing. But where are all the class action lawsuits?

MW: no WAY

Hrmmm... tested it on Safari and it was a bit annoying. When you get that huge Javascript dialog it's way larger than the screen with no Close box or any menu. Just press Escape if it pops up a few times and try to close the little Safari popup that allows it. Eventually it'll go away.

Yep, that's Microsoft.

A whole new category of SUCK, just for them.

seriously is there something in the licenceagreement that prevents users from suing?

Be proud, Patchers® everywhere.

Be oh soooooo proud.

Like the guy says don´t use IE.
Use Firefox.

Or go the Mac route.


Steve Ballmer - you gotta admire the guy.

Sputnik, oh Sputnik . . .

Where are you and the "real IT world" on THIS one?

(The silence is DEAFENING out there!)

what's so new about that?

Just because someone can break into windows doesnt mean that the way they break into it is a FLAW in Windows. If your house gets broken into through one of the windows because someone used a hammer, it doesnt mean that your house has a security flaw, your house was never designed to prevent that type of forced entry. All of these people are being over critical on Microsoft. They need to phrase these "security problems" differently.

i love gates and his wanky banky, it pays the bills, whaddya say?

But I thought OS X was the only OS that was insecure.

No exploits, just insecure.

There were no exploits for this unpatched hole in IE either.

What's the difference?

emax,

What if the contractor who built your house neglected to put locks on any of your doors?

What if he left a gaping hole in the back wall of your bedroom?

What if your roof was made of tissue paper?

Who would you blame THEN?

THAT's the analogy you should be looking at.

I work at a financial services agency that uses only IE on our desktops (yes, poor me). Our internet access has been shut down all week because of this.

I hear other high security companies have done the same. I'm surprised this isn't getting bigger headlines - this is a BIG problem.

I think its time to put MS on "double secret probation"


Hey Steve Ballmer - fat, stupid and drunk is no way to go through life, son.

MDN word: thinking

If you're still using IE, I'm thinking that you are going to get what you deserve.

that is a real shame Windows users have to suffer so much, I dont think many using OSX bother with Explorer, if there was a way to shed light on PC (pronounced pissy) users ghastly experience... perhaps Safari could be advertised... the catch being you have to buy a Mac

"Microsoft Windows Internet Explorer flaw 'extremely critical, worse than expected'"

Should be followed by "Microsoft Windows Internet Explorer has flatlined, not expected to recover without massive brain damage"

(source code will be accepted in lieu of flowers)

MDN still likes to make Mac users sound like infants instead of rational people who chose the better OS.

Not sure why they do that.

Cracking on the "other guy"--that's hilarious! Keep up the commentary. Making fun of MS is fair game.

But "M$ sux" and talking about other CEOs being overweight and the like just sound petty. Not MDN's best work. It alienates people without being funny.

"MacDailyNews Take: In related non-news, Microsoft still sucks."

MDN continuing to enhance it's cache with 14yr old fan-boys... That's the way to attract a readership and expand revenue!

Oops, the quote was supposed to be:

"Fat, drunk, and stupid is no way to go through life, son." - Dean Wormer

http://en.wikiquote.org/wiki/Animal_House

emax said: "All of these people are being over critical on Microsoft. They need to phrase these "security problems" differently."

How about theft of $$$, personal identities, intelectual property, etc.? Nasty hole easily exploited. Seriously, what kind of crap code uses hardcoded windows that allow arbitrary code to be executed if you have the right size? Sounds like somebody was extremely lazy - or nepharious.

Is there an exploit in the wild which takes advantage of this vulnerability? I have not heard of any.

Should Microsoft have fixed this long ago? Yes.

However...

There are security vulnerabilities in every OS, Mac OS X and Windows in all its variations. Apple sends out security updates semi-regularly to fix them as they find them and devise solutions. So far no one has unleashed an exploit of any of those Mac OS X vulnerabilities IN THE WILD.

Microsoft sends out security updates too, however many exploits happen before Microsoft gets the fixes out (if they ever get them out). There are thousands of exploits in the wild on Windows and Windows unique software (e.g., IE 6.x). Those are truly critical and crucial security issues.

This is a significant vulnerability. Nothing more. IF someone comes up with an exploit before MS fixes it (if MS ever fixes it) THEN we can all sit back and point fingers at Microsoft for not dealing with it sooner. Until that happens this vulnerability is only marginally different than the vulnerabilities in Mac OS X.

We all start looking like the crazed cult many claim we are when we point to a Windows vulnerability with no exploits and denigrate Microsoft then turn around and whine about "cluless" reporters who do the same with Mac OS X.

There are more than enough exploits for Windows to point to and laugh at. This isn't one of them -- YET.

In related news: Normally I would agree with you.

However, and I have posted this before, indeed, years before: It never ceases to amaze me that MS has not been held responsible, either civilly or criminally) for its repeated failure to fix its product. MS is a global corporation, and as such, is presumbed to be competent in its duty to provide a product that is at least a merchantable, despite what their EOLA states. MS's inability to do so, is either evidence of complete and total incompetence (nonfeasance) or intentional malfeasance.

I don't say this lightly: MS is evil and the heads of MS are evil. I firmly believe that MS is not totally incompetent, but is instead, intentionally perpetuating these problems. (No, I don't wear a tinfoil hat) The question is why?

maczac

Love the MDN Take

"IF someone comes up with an exploit before MS fixes it"

How about WHEN (if not already because we haven't heard about it yet)?

How about tjc's response where the financial services company that s/he works at considers it dire enough to shut down Internet access?

Well that's me convinced. Internet Explorer will soon be removed from my PC. Firefox all the way, wahoo!! Of course, that's only if Windoze lets me remove it...

MW = beyond: this is getting beyond a joke

Isn´t the reason that no one can sue Microsoft because of the flaws in its OS is because when you use it the licensing agreement says basically you can´t sue them.

Have you ever read the licensing agreement that comes with OSX? Read the fine print....

The "EULA" for the Sony Rootkit (DRM) also says that you can't sue them, but it didn't stop Texas, the EFF and others from trying

zupchuck,

It's been six months since the vulnerability has been known. So far there are no exploits. Maybe there will be none. Until one is verified as being in the wild I will put an *possible* exploit into the same category as all exploits I hear about the Mac being spouted by the anti-Mac crowd.

I am completely discounting tjc's statements at this point. A single source claiming drastic and catastrophic effects has very little credibility until there are many others claiming at least some ill effect. Remember, you can draw any trend line you want through a single data point.

emax wrote:

"If your house gets broken into through one of the windows because someone used a hammer, it doesnt mean that your house has a security flaw, your house was never designed to prevent that type of forced entry."

Windows (what an apt name) are security risks. But being able to get out fast in an emergency is a worthwhile compromise (that's why we have egress windows). Besides, if you knowingly live in a neighborhood where such an attack is likely, you need more than open windows at ground level.

The Internet is one of the worst possible neighborhoods, and there's no reason for household niceties like easy-access points. Any software that's exposed to the Net needs to be heavily fortified, and any security issues need to be effectively resolved. If anything MS software is getting worse; IMO all of their products remain unsuitable for Internet use.

I thought Explorer itself was a flaw, for your computer.

Windows Users!!

Your platform s*ucks!! Your mother smells and you are a weak pussy!

Come visit my site to leave feadback

http://www.computerterrorism.com/demoXPSP2.htm

Extremely critical, huh? It would seem that due to the current trend of spreading FUD about "critical" OS X security issues they needed to add a big ol' adjective to this one.

I can't wait until Windoze Vista comes out: "Exceedingly ultra critical security flaw found in Internet Explorer!"

It's been six months since the vulnerability has been known....

And Microsoft must've been hard at work plugging this extremely dangerous vulnerability. So far though, they haven't. And the Top Ten Reasons why Microsoft hasn't fixed it are:

(10) The fix breaks Windoze.

(9) The fix doesn't break Windoze ... only all your apps.

(8) Microsoft can't find the code that needs fixing.

(7) Microsoft can find the errant code but doesn't understand what it does.

(6) Let them buy Defender!

(5) It's a feature.

(4) Just in time for Longh ... er, Vista. Upgrade!

(3) Microsoft hopes the issue will go away. Somehow. Please?

(2) Microsofties are too busy playing with their iPods.

And the No. 1 reason why Microsoft hasn't fixed this vulnerability in six months:

(1) They can't find a PC that'll work long enough to fix it.

I'm with maczac on this. Particularly in the litigious US where tobacco companies can be sued for selling a dangerous product, it never ceases to amaze me that nobody has taken on Microsoft. I'm no lawyer but I would have thought that the EULA constituted an 'onerous contract' - one in which all the benefits were one way and which removed all the user's rights.

Not only that in view of MS monopoly it is effectively a forced contract, in which case the vendor - MS - should have to supply a product that is fit for purpose or face consequential liability.

To all saying "Look, no exploit reported in the wild yet, no difference with OS X patches"

There is actually a difference and a big one too. With Apple you come to know about security flaws in that they release the patch. There has been no OS X weakness know to the public that remained unfixed for more than few days.

Do you honestly believe crackers only activity is to release viruses and hit big titles on the news? Think again. The lucrative activity is in the creation of clusters of PC zombies without the user/owner having any idea his/her PC has been compromised. In order to do this you need known security flaws that go without a fix long enough for crackers to own your PC silently: kind of stealth cracking operations.

Microsoft letting known security flaws going unfixed for months put at serious risk the integrity of its customers valuable data.

The fact that nothing is on the wild, that is no BIG NEWS TITLES, does not mean that an exploit is not in place and it is happily collecting PC zombies around the world. This might or might not apply to this very IE problem, but it is a cracker panacea to have open security holes and work in the background without being noticed: CRACKER HEAVEN.

Think again!

Round of applause for iPodder. Certainly the case, well put. I have an email account which has had 15,000 plus emails sent to it in one week by a mailing from a zombie computer (the UK apparently leads on these).

The reality is that once publicised with a wild exploit it gets sorted. Quietly causing mayhem in the background is the worst scenario of all.

And why have some firms closed down internet access because of this? Someone knows just how bad this one actually is.

I doubt we have heard the last of this...

Shadowself

You mean like this
http://www.theregister.co.uk/2005/12/01/ie_exploit_trojan/

Less is More:

That was good!

Funny way to break into many houses with aluminum sidding.
1. Cut the siding with an exacto knife.
2. Remover gyproc, insultation vapour barrier and walk into house.

You can even "repair" the damage enough so that it looks like no one has broken into the house.

Of course Macs are made of bricks. Tough on the wolves out there.