What is Digg?Sponsored by Rockstar Games
Grand Theft Auto: Episodes from Liberty City view!
rockstargames.com - Out Now on Disc for Xbox 360. Includes The Lost and Damned plus the all-new The Ballad of Gay Tony.
180 Comments
- silenceHR, on 10/12/2007, -10/+84ohhh... i think i will go with memory leaks rather then collecting viruses, trojans, keyloggers, adware and have to think about phising on daily basis....
- geekThing, on 10/12/2007, -4/+54Heh, we should have weekly RSS feeds to keep track of new IE exploits.
- Matrixsjd, on 10/12/2007, -16/+60what's new? there's new exploits for IE coming out all the time, which makes me wonder why anyone even uses the damned thing anymore.
- klept, on 10/12/2007, -9/+50@ Chakz
"If you cant use IE without getting viruses, your're an idiot".
Who is this, Steve Ballmer? - silenceHR, on 10/12/2007, -2/+34I could use IE without problems, but why should i when there are better solutions.
OTOH, there are _MANY_ people who use IE with default settings and get these kind of problems. I am perfectlly aware that most people who visit Digg or some other tech site and use IE, do not have problems with it, but let's talk about "Joe Sixpack". What's safer for him, out of the box, IE or Firefox/Opera? What's safer for average user who doesnt know which options he has to change to make everything work and so on?
I installed pop-up blocker for IE after first few pop-ups i got.... that was years before i switched to Firefox (and i am using FF since 0.6).
You, my friend prolly have no problems, but how many people do? - aractor, on 10/12/2007, -2/+32@Chakz
I'm using IE, I did not experience this "exploit". Set popup-blocker to high if it's not already there. I'll choose IE over FireFox. In my experience (I've used both) IE is faster, and Firefox has memory leaks.
Congrats, all your little popup blocker did was stop the test from running. The "start test" link opens in a new window to run the test without disrupting your current browsing. Go ahead, let that single popup through, and then you'll notice the IE exploit.
As for the FireFox memory leak, well that has been explained so many times now I can't even keep count (So many digg stories about it that it isn't even funny anymore). The "memory leak" is a cache feature of FireFox and if you don't like it then it can be turned off in the config. Problem solved. - ddrirc, on 10/12/2007, -3/+32Opera 9 seems to not be vulnerable also -- looks like it's just IE.
- kazsymonds, on 10/12/2007, -5/+29Another Reason to use firefox. Oh and Chakz, pop up blockers dont stop this kind of exploit do they?
- Cerebral, on 10/12/2007, -2/+24All of you are missing the REAL point... the people who NEED this information: 1. don't know how to use a computer. 2. think digg is what you do to get them turnips. 3. Can't get rid of their AOL account because of fear of changing their email address. 4. Sign on to AOL first before surfing the internet even though they have DSL or Cable (I'm not counting those who have AOL for broadband who have to do this.) 5. Cannot even tell the difference between Broadband and Dial-up.
No matter how much you hate it IE will always be around, people will always use it and therefore it will always be attacked. So stop preaching Firefox/Opera to a group of people who are already well informed about how better it is... you're preaching to the choir. - hotspot, on 10/12/2007, -1/+19^^ No...It is a problem then. ^^
It is a problem WHEN >> the Address Bar displays "http://www.google.com/" after when you're proceeded to the next page. - Ericular, on 10/12/2007, -2/+19FF 1.5.0.1 on Windows XP SP2 was not vulnerable.
In addition, FF 1.5.0.1 + NoScript = No popup window at all. - chembro84, on 10/12/2007, -5/+21You have to look at the address bar, it doesn't work on ff
- TopBanana, on 10/12/2007, -0/+13Was about to post that my IE wasn't vulnerable... forgot I was using Firefox :) Duhh
- Sominex, on 10/12/2007, -2/+14Firefox 1.5.0.1 and Konqueror 3.4.2 on SUSE 10 aren't vulnerable either.
- stoops, on 10/12/2007, -4/+16FF 1.5.0.1 on OS X 10.4.6 was not vulnerable.
- linuxrebel, on 10/12/2007, -4/+16Ummm yes there are
http://secunia.com/advisories/15781/
Security alert for Opera 8.x There are others but one is sufficient to let you know that NOTHING is exploit free. - rajivm, on 10/12/2007, -1/+12Happens in latest release of IE 7 also.
I wish Secunia wouldn't publically release exploit code prior to a patch being released.
This just increases the number of people that will be fooled by phishing sites. Many people don't even check the address bar when clicking links, just assume based on the look of the site, but now even people aware enough to look at the address bar to make sure they are at the correct site will be fooled; they have a false sense of trust as they assume the address bar to be correct. - zoltan, on 10/12/2007, -4/+15ie6 got fooled while firefox 1.5 wasnt as gullible
- nmoog, on 10/12/2007, -0/+10Some more details at http://secunia.com/advisories/19521/ : The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (".swf") in browser windows. This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.
Solution: Disable Active Scripting support. - nmoog, on 10/12/2007, -0/+10Also, in the test page is this js that runs when you click the link:
function openWin(url){ window.open(url, 'window'); }
function StartTest(){
openWin('http://www.google.com/');
setTimeout("openWin('/19521_swf/?" + Math.random() + "');", 300);
setTimeout("openWin('/19521_swf_result/');", 2500);
} - ivank, on 10/12/2007, -3/+13It is for the countless users who use it and who are affected by it.
It's also big news for the IT team who was to now go and test the fix on a test machine, to make sure it doesn't break any of the corporate apps. - jaxxstorm, on 10/12/2007, -2/+11you've got to let the window open to know if your vulnerable or not. The exploit isn't if the window opens, it's if the url stays as google.com or the real secunia. Pretty useful for phishing because it can show your banks real url instead and dupe you into thinkin your entering your details for your bank.
scary - Indrek, on 10/12/2007, -0/+9It's not about whether you get a popup or not. It's a spoofing attack. If you see www.google.com in the address bar, but the page itself says Secunia in big letters, then you're vulnerable.
- inactive, on 10/12/2007, -9/+18Oh, I see, nevermind, FF is safe.
- echosierratwo, on 10/12/2007, -3/+12On the Mac as well.
- OpticalLiam, on 10/12/2007, -2/+11Yes it is, considering IE has the biggest market share, especially with this having nasty phising possibilitys.
- encytemedia, on 10/12/2007, -3/+11The Secunia page states that the browser isn't vulnerable unless it shows www.google.com in the address bar after the redirect. Camino shows the Secunia url, not Google. However, Camino will redirect to the Secunia page and Firefox doesn't.
- nexgenmatt, on 10/12/2007, -0/+8I just tested it on my IE7 preview (1st release) and suprise suprise it's vunerable :(
- Vogateer, on 10/12/2007, -0/+8I'm using Firefox,and it didn't fail the test. At first, the www.google.com appears in the address bar, but if you actually read the page:
"You are vulnerable, if a new window is opened and content from Secunia is displayed while the address bar still says 'http://www.google.com/'."
At first, www.google.com briefly appears, but when the secunia site comes up, the address bar no longer reads www.google.com. The exploit does not work in Firefox. - silenceHR, on 10/12/2007, -3/+11@ genius16
Tools>Options>Tabs ... and no more new windows, only tabs. i love that one. - ZOverLord, on 10/12/2007, -4/+12You can set IE to High in Tools - Security Options or do a custom setting and Disable "Navigate sub-frames across different domains" instead of disabling scripting, but run the test again if you failed it to make sure you are protected from this.
- WaterDragon, on 10/12/2007, -0/+8Or you could have transferred your money into some phisher's fake PayPal site, while giving them your password at the same time.
Or you could have been trying to pay a bill online, and sent the funds somewhwere else! - ownedbytheman, on 10/12/2007, -5/+12Not for me. FF opened a brand new window for google. The secunia info stayed in its own window with the secunia url.
- xodex, on 10/12/2007, -8/+15Love Opera :)
- Scik, on 10/12/2007, -17/+24Again with the ol' ... Opera has no security vulnerabilities to date... Gotta love Opera.
- Zukunft, on 10/12/2007, -0/+7My IE7 is passing it sometimes, and failing it sometimes. Weird.
- uymai, on 10/12/2007, -0/+6Firefox passed the test for me too..using firefox version 1.5.0.1
- flamingmb, on 10/12/2007, -4/+10and people wonder why I use Safari......
- Nodren, on 10/12/2007, -0/+6"I'm using IE, I did not experience this "exploit". Set popup-blocker to high if it's not already there. I'll choose IE over FireFox. In my experience (I've used both) IE is faster, and Firefox has memory leaks"
if given the choice between a 'slower' browser, and one with so many security holes, i simply cant visit certain sites on. i chose slow. there should be no reason a browser lets a website simply install software with out you ever knowing it. and even if i dont go to those kinds of sites, i'd like the peace of mind that if i do(or someone else does on my computer) then i wont have to worry about having porn toolbars installed into my browser. - VegaObscura3, on 10/12/2007, -4/+10I'm using IE on stock safety settings and it wasn't vulnerable. It displayed the real URL instead of google.com.
- xodex, on 10/12/2007, -1/+6Your browser is vulnerable if the Address Bar displays "http://www.google.com/".
Address Bar didn't display google, It displayed http://secunia.com/19521_swf/?0.03448074823245406 followed by http://secunia.com/19521_swf_result/
If you hit backspace or any other hotkey to "back" history on the page, you will visit google.com
Version 8.53
Build 7722
System Windows XP
Java Sun Java Runtime Environment version 1.5 - netman427, on 10/12/2007, -0/+5I don't agree with comments on stories like this to turn into a FF vs. IE war. There will always be people that prefer one to the other. OS/X vs. Windows vs. Linux, MAC vs. PC, Coke vs. Pepsi or whatever.
Bottom line is there are people that need to support both browsers. It's good to be armed with the information you need to keep each one as secure as you can. - piratearggghhh, on 10/12/2007, -3/+8Holy crap I could've accidentally searched something using another search engine that I thought was google!
- marnaq, on 10/12/2007, -2/+7"Active Scripting". Keyword.
- Indrek, on 10/12/2007, -4/+9Hulk no like ignorant fanboys. Make Hulk angry. Make Hulk want smash things. Grrrr...
You completely missed the point here. Security exploits exist for any browser, not just IE. There are people who use IE by choice, because they like it and are able to keep themselves secure with it. So who are you to come and say that they "deserve the punishment"? You, sir, should be ashamed for you ignorance and arrogance. - jer2eydevil88, on 10/12/2007, -2/+7More holes are found in Firefox but more patches are released hence why when properly update Firefox remains secure, Microsoft has only patched 66% of the exploits known for IE which leads to many exploitable holes in a fully patched IE 6.
- inactive, on 10/12/2007, -5/+10"If you get viruses, trojans, keyloggers, adware , and phishing while using IE it's your fault, just because you can't optimize something to fit your needs isn't MS's fault. If you can't use IE without getting viruses, you're an idiot."
'optimize something to fit your needs'? I think you mean 'fix'
As a side note, that was the first time I've been on digg in IE, it looks weird - thripper, on 10/12/2007, -1/+6FF bon echo 2.0a1 is safe.
- Steelfox, on 10/12/2007, -8/+12On mine it just said Secunia in big letters and just proceeded to the next page. No problems.
- RobotCitizen, on 10/12/2007, -3/+7Cure for memory leaks = Close FF, reopen FF.
Cure for malware infection = format/reinstall of Windows, or at least restore a disk image.
I know which one I'd rather choose. -
Show 51 - 100 of 180 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is