New internet security threat - stop using Internet Explorer NOW, says CERT.

[Ambient Sheep]

Yup, this is genuine.  Surprised nobody's mentioned it on here yet.

An extract from a BBC News article[/url]"]Web browser flaw prompts warning

Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it.

The loophole is being exploited to open a backdoor on a PC that could let criminals take control of a machine.

The threat of infection is so high because the code created to exploit the loophole has somehow been placed on many popular websites.

Experts say the list of compromised sites involves banks, auction and price comparison firms and is growing fast.

Serious problem

The net watchdog, the US Computer Emergency Reponse Center, and the net security monitor, the Internet Storm Center, have both issued warnings about the combined threat of compromised websites and browser loophole.

Cert said: "Users should be aware that any website, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code."

In its round-up of the threat the Internet Storm Center bluntly stated that users should if possible "use a browser other then MS Internet Explorer until the current vulnerabilities in MSIE are patched."

Time to reinstall Opera then (did have it on this machine ages ago, but didn't get round to reinstalling it after a reformat).

The Register also has something on it here.

[Pinball]

AH! (imagine this being long)

Seriously though, isn't this what the NSA have been doing for years? The problem is merely that non-governmental groups (i.e. other criminals that are not taxpayer-funded) have acquired the code.  Being a paranoid soul, I regularly check MS Update for, um, updates, and this hasn't appeared yet. The question is - why not?

Poor old NSA, how are they going to monitor us when this "flaw" is patched?

[Timmay]

Haven't fired up IE for months... Firebird is the way forward. You heard it here first. Well, just after first.

[Ambient Sheep]

AHHHHHHHHHHHHH...HHHHHH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Nice conspiracy theory, old chap, but do you think you could cut your exclamation down a bit please, as it's causing substantial horizontal scrolling even on 1024x768.  I hate to think what the 800x600 people are going through.  Ta.

EDIT: Thanks.

[Ambient Sheep]

According to the Slashdot story that I'm just starting to read, the Microsoft Advisory page is here.  They have no fix yet, except - as the other articles say - unpleasant workarounds.

[Regular John]

I've been using Opera for a while and I only go back to IE to test web pages I make. I foresee the next iteration of IE borrowing a lot of features from it (and Firefox)

[Margaret Thatcher]

I think were safe.  Most people use IE, so the chances of many people being affected are fairly slim.

[MojoJojo]

I've been using Opera for a while and I only go back to IE to test web pages I make. I foresee the next iteration of IE borrowing a lot of features from it (and Firefox)

*pfffppp* Yeah, like Microsoft are interested in adding new features to IE. They haven't added a significant feature in 3-4 years, and their browser is basic to say the least. It doesn't even have tabbed browsing for crying out loud!

[glitch]

I've been using Opera for a while and I only go back to IE to test web pages I make. I foresee the next iteration of IE borrowing a lot of features from it (and Firefox)

*pfffppp* Yeah, like Microsoft are interested in adding new features to IE. They haven't added a significant feature in 3-4 years, and their browser is basic to say the least. It doesn't even have tabbed browsing for crying out loud!

They haven't released a public version since XP/IE version 6 came out - the only updates have been patches for security holes.

There won't be a new version until the Longhorn OS is out... and that's still got a release date of "some time in the future"

[Crazy Penis]

http://isc.sans.org/diary.php?date=2004-06-25&isc=f1d0986c128fa2b5e046d8ef8fb666cd

But it really isn't anything to worry about.

[MojoJojo]

I've been using Opera for a while and I only go back to IE to test web pages I make. I foresee the next iteration of IE borrowing a lot of features from it (and Firefox)

*pfffppp* Yeah, like Microsoft are interested in adding new features to IE. They haven't added a significant feature in 3-4 years, and their browser is basic to say the least. It doesn't even have tabbed browsing for crying out loud!

They haven't released a public version since XP/IE version 6 came out - the only updates have been patches for security holes.

There won't be a new version until the Longhorn OS is out... and that's still got a release date of "some time in the future"

Yeah, I believe the the Longhorn version is supposed to have tabbed browsing. Although the only definate features in Longhorn are WinFS, which is just a new version of NTFS, and a new renderer, because monitor resolutions are getting so high now, that in a few years time none of us will be able to read any of the text.
And they could of released a new version of Internet Explorer anyway, like they did with Media Player 9. I think they are panicking over the huge number of security flaws they have introduced by integrating the browser with the OS, so have locked features until they have plugged all the holes.

I was going to post about this in Trojan Dialler thread, as it seems likely that this may be the reason people have been having troubles. They reckon these website hacks have been going on for awhile.