shadow

Yet another Internet Explorer Bug

“What’s this Firefox?”, asks a friend as he clicks on the new icon I put on the desktop of his fresh install of Windows XP.  “It’s a web browser”, I say, intentionally not ending my sentence with ‘like Internet Explorer’.

“Oh”, he says as it launches and he immediately sees it’s a program he can use to surf the web with, “why do I need it?”.  I eyeball him for a moment, wondering if I should tell him about the scary reality of Internet Explorer, but opt to only say “it’s faster, you won’t get a virus from a website through it and it’s secure”.

He looks at me with suspicion and asks “do you work on commission or something?”.

Internet Explorer Is Not Secure

If you follow the link above you’ll find umpteen stories of Internet Explorer bugs.  It seems as if Microsoft has issued enough patches to build an entirely new browser already, but the latest bug is possibly the scariest of all.

The bug allows the dark underbelly of the Internet to access your stored passwords in Internet Explorer. You know, the ones where IE offers to remember your password and you say OK. Yeah, those ones.  According to the news reports there are over 10,000 websites out there that can exploit this bug and get to your passwords.

Thus far only gaming passwords have been exploited, but the news is out, so you can bet your other passwords that soon whatever you’ve saved will be access.  Think email, social networking, your company intranet, forums – whatever you use a saved password for could potentially be stolen.

I omit banking on purpose, because if you’re using Microsoft Windows and have saved your on-line banking username & password anywhere on your Windows computer, then you deserve to be robbed of every last penny as payment for the knowledge that you should never, ever, do that.

Does Microsoft Care?

Well, according to Yahoo! Tech, Microsoft is working on a patch, but haven’t said when it will be available.

It’s a pretty big hole and now the whole (bad) world knows about it – undoubtedly it will be a while before all good netizens will know about it, so it’s going to be a free-for-all for the quick and clever hackers until Microsoft plugs it.

Why are hackers so quick and Microsoft so slow?

Don’t just change your browser

So, what can you do right now to be safe online?  Simply change your browser. There’s Firefox, Opera, Safari and Chrome, take your pick.

And if you want safer computing in general, then you’ll have to change your operating system.  Of course, I recommend Ubuntu, but I think anything non-Microsoft is much, much safer.

Bottom line, be safe on-line, don’t use Internet Explorer.

Update 18 Dec 08: Microsoft came through in seemingly record time to release a patch for this bug.  You can get it via WIndows Update or the MS Download Centre (KB960714 for Security Bulletin MS08-078)

To be fair, Firefox recently released v.3.05, which also patches a few bugs, amongst them some security holes it deemed critical – the difference, it should be noted, is that Firefox released this patch before most people knew anything about it, unlike Microsoft that seems to have a reactionary way of doing things. In Firefox, check for updated by launching the browser, then on the menu go HELP -> CHECK FOR UPDATES…

Bottom line is unchanged.

No Comments

Post a Comment

%d bloggers like this: