OT- beware of trouble in IE browser | Arthritis Information

Share
 

http://tech.yahoo.com/blogs/null/111811

 
 
The major press outlets are abuzz this morning with news of a major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8. The attack has serious and far-reaching ramifications -- and they're not just theoretical attacks. In fact, the flaw is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.

Virtually all security experts (as well as myself) are counseling users to switch to any other web browser -- none of the others are affected, including Firefox, Chrome, and Opera -- at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." Microsoft adds that it is working on a fix but has offered no ETA on when that might happen. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds. (Some reports state, however, that the fixes do not actually work.)

Expedient patching or switching are essential. Security pros fear that the attack will soon spread beyond the theft of gaming passwords and into more criminal arenas, as the malicious code can be placed on any website and can be adapted to steal any password stored or entered using the browser. It's now down to the issue of time: Will Microsoft repair the problem and distribute a patch quickly enough to head off the tsunami of fraud that's about to hit or will it come too late to do any good?

Meanwhile, I'll reiterate my recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated. (To clarify: You don't need to uninstall IE, just don't use it for the time being.)

(more at link)
is this any relation to the "360virus"? My son does not "allow" me to use IE he uninstalled it and put FireFox on my machine....Yes, I heard about that. I meant to post it yesterday.  It was on the morning news that the hackers can get into your computer and still your passwords.  The news said microsoft IE.  However, also read online other browsers were affected.
 
thanks for posting it.
This is what I read online at another web site I visit:
 
ZDNet Tech Update Today
chris | Tue., December 16, 2008
I subscribe to this newsletter. Very interesting some times.

Home | News & Blogs | Videos | White Papers | Downloads | Reviews | Photo Galleries | Podcasts | RSS Feeds

Top Editors Picks


Major Web browsers fail password protection tests

Ryan Naraine: The password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data, according to a study. All the major Web browsers -- IE, Firefox, Opera, Safari and Chrome -- are vulnerable.

READ FULL STORY Firefox tops list of 12 most vulnerable apps
IE zero-day attack surface expands
Four XSS flaws hit Facebook
Patch Tuesday whopper: 28 vulnerabilities fixed

that's all the main browsers, Shelly!!
 
wow....
 
what to use.............???
 
do you have a link to this??
Hi Babs10,
The poster at the web site I sometimes visit didn't leave a link, kind of scary though, thanks for suggestions, but I believe this is where she got her information:
 
http://blogs.zdnet.com/security/?p=2305
 
 
O MY..
 
READ THIS:
That nifty password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data.

That’s the biggest takeaway from the results of this test which shows that all the major Web browsers — including IE, Firefox, Opera, Safari and Chrome — are vulnerable to a total of 20 vulnerabilities that could expose password-related information.  Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user’s knowledge.  They are:

  1. The destination where passwords are sent is not checked.
  2. The location where passwords are requested is not checked.
  3. Invisible form elements can trigger password management.

Google’s shiny new Chrome browser was among the worst offenders.   According to the study,  Chrome’s password manager contains multiple unpatched issues that “form a toxic soup of potential vulnerabilities that can coalesce into broad insecurity.”

 
I'm glad I never used that!!!  *whew*
thanks shelly!!
Copyright ArthritisInsight.com