Steve’s Stuff

Faults in the clouds of delusion

The IE flaw saga continues

with one comment

Brian Krebs notes on Washingtonpost.com that there are 200 sites exploiting the createTextRange IE flaw. Microsoft recommends avoiding untrusted sites, but Krebs says you can’t trust that advice. Crackers have broken into normally trusted sites and installed traps that, through the flaw, install spyware and bots.

Essentially, you cannot trust ANY site when using Internet Explorer.

Krebs goes on to say

“Rather than download a “beta” (read: potentially unstable) version of IE or wait around for Microsoft to issue a fix, a far better idea would be to ditch IE altogether (or only use it only when absolutely necessary). I use Mozilla’s Firefox for everyday browsing, but your mileage may vary. There are other options, of course, such as Opera and Netscape, to name a couple.

What amazes me is how many Windows users seem to blindly equate Internet Explorer with access to the Internet — in much the same way that many America Online users are unsure whether they can use someone else’s browser once they’ve signed on to their account. Even after you tell people that they may have just been whacked with a virus due to a flaw in IE, they still use it.”

The Internet Storm Center is, again, on top of the situation.

Listen to this post Listen to this post

Technorati Tags

Written by Steve

March 27th, 2006 at 4:17 pm

Posted in Microsoft, Security, malware

« Ajax Office
Thick as a brick »

One Response to 'The IE flaw saga continues'

Subscribe to comments with RSS or TrackBack to 'The IE flaw saga continues'.

  1. Attacks on Unpatched IE Flaw Escalate

    More than 200 Web sites — many of them belonging to legitimate businesses — have been hacked and seeded with code that tries to take advantage of a unpatched security hole in Microsoft’s Internet Explorer Web browser to install hostile code on Windo…

    The Agonist

    27 Mar 06 at 11:20 pm

Leave a Reply