IE flaw can turn your PC into a public file server

[ToyotaNSaturn]

http://ow.ly/14qOR
Researcher reveals how IE flaw can turn your PC into a public file server


In a live demonstration Wednesday at the Black Hat DC conference, a security consultant showed how it's possible to exploit a flaw in the Microsoft Internet Explorer browser to remotely read files on the victim's local drive, prompting a security advisory from Microsoft.

The flaw, said to extend across all versions of Internet Explorer, is not subject to a patching fix, according to Jorge Luis Alvarez Medina, the Argentina-based security consultant with Core Security Technologies who elaborated on the attack technique during his demo. Indeed, Microsoft advised anyone concerned about the potential for this type of attack to run IE in "protected mode," a workaround that Medina also advised.

I feel that with the pressure now on Microsoft to fix this, it will be fixed in the short term.

 

[ekpolk]

Yet another reason why I use Firefox (almost) exclusively. I ONLY open IE if, and only if, a site contains content that, for whatever reason, can not properly display on FF. As the programs advance, instances of this are becoming fewer and farther between.

 

[CharlieJ]

Originally Posted By: ekpolk
Yet another reason why I use Firefox (almost) exclusively. I ONLY open IE if, and only if, a site contains content that, for whatever reason, can not properly display on FF. As the programs advance, instances of this are becoming fewer and farther between.


Same here. However, I also use IE when my laptop is running off the battery. IE takes up less memory when running compared to Firefox.

 

[ToyotaNSaturn]

Many, repeat MANY businesses have developed sites on IE 5.5sp2/IE6 eons ago. Much of their business runs on it and w/o it, the business closes down as so much of the late 90's development was done on IE-based technologies as IE was the only real browser choice.

Then along came Spyware.

That changed the public-sector at-home field of web browsers, but not at many many businesses.

Only when the businesses change to using true standards-based web sites will we be able to ditch IE inside all these companies.

Until then, IE is it. IE8 to me isn't all bad, but I can't stand the limited bookmarking capabilities, thus I use FF mostly, except for those darned corporate apps of course.

 

[Cutehumor]

my company computer is still using Windows XP and IE 6. In fact, sites like youtube keep saying to upgrade to a modern browser.

 

[ToyotaNSaturn]

You shouldn't upgrade your browser, you should upgrade your job!

BTW, your last job, you know...THAT place....the most visible support group insists on XP with IE6. They just recently "approved" SP3--SP2 was MANDATORY for the longest time, no SP3.

Nothing like living in the past!

 

[Cutehumor]

just now got SP3? We upgraded to SP 3 last October. I finally could use WPA2 on my home wifi network. I don't miss my old job though, they were a bunch of tightwads. You should have seen the response I got when I asked if they were going to upgrade us to Vista anytime soon since Windows 7 was about to come out.

 

[ToyotaNSaturn]

LOL! I called a vendor that supplies the client software for the "new" detailed imaging (staying vague purposely) system, they NEVER tested on Vista and the tech guys have "never seen" Windows 7. November 2009--they NEVER touched anything newer than XP.

Now THAT'S reassuring. Let's just stay with 2001 technology and never move forward. Uggh.