Get a Mac, get a Mac, awwwwk!
Posted on 03/11/2010 8:38:51 AM PST by Gomez
A public exploit for the new security hole in Internet Explorer 6 and 7 has now become available – as a module for the Metasploit exploit framework. Since it's likely that other websites will soon begin to actively exploit the hole, this will probably force Microsoft to promptly release a patch. Microsoft had previously only registered a few targeted attacks exploiting the hole in the iepeers.dll component to infect systems. Microsoft said therefore that it would continue to monitor the situation and recommended that users switch to Internet Explorer 8, which is not vulnerable. At the recent RSA conference, the creator of Metasploit, H.D. Moore, accused software vendors of only responding fast once an exploit is in circulation – it will be interesting to see if he's right again.
The Metasploit module is based on an analysis of the original exploit. It uses a flawed pointer dereferencing mechanism to execute injected code. This was discovered by Israeli developer Moshe Ben Abu after reading a post on McAfee's blog which mentioned the www.topix21century.com domain responsible for the original exploit.
The Metasploit module works with Microsoft Internet Explorer 7 under Windows Vista SP2, Internet Explorer 7 under Windows XP SP3 and Internet Explorer 6 under Windows XP SP3, but only if the data execution prevention (DEP) feature hasn't been enabled. Although the exploit isn't yet totally reliable.
ping
Begin countdown to Macintosh snob thread hijacking:
10...9...8...7...
Aren’t these guys a little like those who sell lockpicks and prybars to known housebreakers?
Get a Mac, get a Mac, awwwwk!
OK, I was gonna hijack in the name of Macintosh ;) but I’ll just put in the plug for Firefox instead!
OK, I was gonna hijack in the name of Macintosh ;) but I’ll just put in the plug for Firefox instead. Anything’s better than IE
Honesty I do run IE8 is this a problem with this release.
I also run Firefox on a Linux box, and have a Macbook.
OK rereading the article I can answer my own question. Duh
How about that? In the first 5 posts, there were already two posts bashing Mac users.
Don't see anyone calling windows users snobs or any other names.
> How about that? In the first 5 posts, there were already two posts bashing Mac users. Don't see anyone calling windows users snobs or any other names.
Of course Windows users expect to get chided about this stuff. We're hypersensitive and defensive, for good reason -- Windows has been on the defensive so long about security, it's hard to remember when it was not an issue.
I say "we" because I use Windows 10-12 hours a day in my professional work. I use Windows, OS X, Linux, and NetBSD more or less interchangeably, both at work and at home.
What I don't understand is why anyone sticks with IE6 or IE7, knowing its problems, and then complains. If you want to stick with an old version of software, okay, but shut the hell up about it, because it's like standing in a wet hole and complaining about being wet and short.
Although I prefer OS-X overall, I personally like Windows 7 a lot, and I'm getting to like it more than XP in some respects. I've converted most of my work and home Windows boxes to Win7 with good results.
OTOH, I can't stand IE, even though IE8 is a hell of a lot better than IE7 and we won't mention IE6. I use Firefox for everything except compatibility testing (gotta have IE around for that).
Back on topic, I really don't understand why somebody with an ounce of sense would not move to IE8 these days, if only to avoid these kinds of security issues.
Many people feel a computer should be like a car:no matter what brand or model of car they all use unleaded and drive on any road you want.
That's fine, but then they shouldn't be on the internet. They're welcome to use their computer in the safety of their own home, without making themselves a ready target. Connecting a Win98 computer to the internet without a good firewall is insane, and endangers everybody else too, indirectly.
> Many people feel a computer should be like a car:no matter what brand or model of car they all use unleaded and drive on any road you want.
Okay, but just as some people think it's a good idea to go swimming naked in ice water, it's gotta be moderated with some common sense. If you take your ancient Renault-8 with push-button dash transmission and try to weave through traffic on the interstate, you're going to get creamed, and the pileup endangers everybody.
I've got an aging notebook that won't run anything later than Win2000. I use it for some things -- but only behind a really good firewall. My computers with Win98SE and earlier do not go on the internet. There is simply no good reason to be using those operating systems for internet access, period. Single-person games, yes -- in fact, Win98 screams on modern hardware.
And they are using those no-longer supported Win98 on the internet while thinking their old Norton is still protecting them,not realizing it stopped updating a year or two ago!Nor do they know where and how to get even a free antivirus that will protect them for another year.
Their safety? lies in being such a small minority of users that XP specific malware won't notice their machines.
Really,for the simple banking and bill paying,email and even Facebook the old OS(be it 95,98,Me,etc) was enough for a lot of people;it is a shame the evildoers force constant changes.It is one thing for people to buy news cars,TVs,or computers from a desire to get more performance;it is quite another to be forced to buy new ones even though the old still function as it did when new.
It is as though one had to buy new locks and keys for one's house and car every year.Many people just haven't grasped the concept of needing to replace what appears to them to be perfectly functional appliances.Those same people did not demand new digital televisions and were happy to just get a good quality picture on their existing sets.They think I am advising them to spend money wastefully.
BTW,I tried and disliked Vista,and use XP Pro and NT at work and about a dozen differnt OSes as the mood strikes at home from DOS to Win7,linux , and Mac OS X depending on the task.I was sorry that IBM didn't go further with OS/2(I was given Warp 4 by the rep as a sort of reward for being one of the few who ran Os/2 and the Warp 3 for several years.)I expect to be using XP Pro until EOS in 2014..
Well said.
> And they are using those no-longer supported Win98 on the internet while thinking their old Norton is still protecting them,not realizing it stopped updating a year or two ago!Nor do they know where and how to get even a free antivirus that will protect them for another year. Their safety? lies in being such a small minority of users that XP specific malware won't notice their machines.
Hopefully.
> Really,for the simple banking and bill paying,email and even Facebook the old OS(be it 95,98,Me,etc) was enough for a lot of people;it is a shame the evildoers force constant changes.It is one thing for people to buy news cars,TVs,or computers from a desire to get more performance;it is quite another to be forced to buy new ones even though the old still function as it did when new. It is as though one had to buy new locks and keys for one's house and car every year.Many people just haven't grasped the concept of needing to replace what appears to them to be perfectly functional appliances.Those same people did not demand new digital televisions and were happy to just get a good quality picture on their existing sets.They think I am advising them to spend money wastefully.
I follow a mixture... I'm running Win7-64 on most of my Windows boxes now, but my favorite graphics editor is still PaintShopPro 4.1 from 1996. Runs great.
My vehicles are decades old ('82 Mazda RX-7, '95 Ford F-150), and my guitars are all from the 60's and 70's. They work fine. :)
> BTW,I tried and disliked Vista,and use XP Pro and NT at work and about a dozen differnt OSes as the mood strikes at home from DOS to Win7,linux , and Mac OS X depending on the task.I was sorry that IBM didn't go further with OS/2(I was given Warp 4 by the rep as a sort of reward for being one of the few who ran Os/2 and the Warp 3 for several years.)I expect to be using XP Pro until EOS in 2014..
Win2000 is still my favorite release of Windows. When I set up XP or Win7, first thing I do is brain-damage the GUI back into Win2K mode. I like OS-X more, Linux is good, and I live in BSD Unix most of the time on the servers... Didn't run into OS/2 much, heard it was pretty darn good.
Companies with miserable IT departments stick with IE6, because some web interfaces purchased for big $$$ *only* work with IE6.
> Companies with miserable IT departments stick with IE6, because some web interfaces purchased for big $$$ *only* work with IE6.
We had one of those where I work... as the Director of System Administration ("IT"). :)
I told the app vendor they had 3 months to make it IE7 compatible or we were switching to something else. They claimed it was impossible. So I put a copy of the app client up in a Win2K virtual machine, took it off all of our users' machines and upgraded them all to IE7, and made the users log into the VM to run the app on IE6.
Funny, within a few months, the head of that department realized that there were competing apps that didn't require IE6, and we switched over.
There is no good reason to continue using IE6. Any IT department that tells you otherwise should be taken out back and shot summarily. One of IT's basic functions is security, and to leave IE6 sitting on business computers, in 2010, should be grounds for firing on the basis of dereliction of duty.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.