Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

New zero day vulnerability identified in all versions of IE
Cnet ^ | Apr 27, 2014 | Steven Musil

Posted on 04/27/2014 4:26:55 PM PDT by dayglored

A new zero day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday.

The vulnerability, which could allow remote code execution, is being used in "limited, targeted attacks," according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm Fire Eye, which first reported the flaw Friday.

The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory has been released -- and bypasses both Windows DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) protections, according to Fire Eye.

An attack could be triggered by luring visitors to a specially crafted web page, Microsoft explained.

...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: aiee; gatesfoundation; ie; internetexplorer; microsoft; remotecodeexecution; stevenmusil; vulnerability; windowsxp; zeroday
Navigation: use the links below to view more comments.
first 1-5051-96 next last
This appears to be the first major flaw that WILL NOT GET FIXED FOR WINDOWS XP. And it is being actively exploited ALREADY.

Okay, XP die-hards, you were warned. Here it comes.

1 posted on 04/27/2014 4:26:55 PM PDT by dayglored
[ Post Reply | Private Reply | View Replies]

To: dayglored; ShadowAce
Excerpt link (sorry, forgot it above)

http://www.cnet.com/news/new-zero-day-vulnerability-identified-in-all-versions-of-ie/

Tech ping?

2 posted on 04/27/2014 4:27:56 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored
Further article text:
"The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft said. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

Microsoft said it is investigating the vulnerability and may issue an out-of-cycle security update to address the issue.

Fire Eye said the flaw was significant because it affects more than a quarter of the total browser market.

"Collectively, in 2013, the vulnerable versions of IE accounted for 26.25% of the browser market," Fire Eye said in its advisory.


3 posted on 04/27/2014 4:29:14 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

If its an IE problem what does XP have to do with it?


4 posted on 04/27/2014 4:35:24 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: driftdiver

M$.


5 posted on 04/27/2014 4:37:07 PM PDT by Paladin2
[ Post Reply | Private Reply | To 4 | View Replies]

To: Paladin2

In other words, nothing?


6 posted on 04/27/2014 4:37:34 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: driftdiver

Good question.

Does XP still receive IE updates however?

I wonder if it’s just static at this point?


7 posted on 04/27/2014 4:37:35 PM PDT by Cringing Negativism Network (http://www.census.gov/foreign-trade/balance/c5700.html#2013)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Cringing Negativism Network

The article says MS is looking to do an out of cycle update.

So yes, IE updates are separate from the OS. Remember when they were forced to unbundle them?


8 posted on 04/27/2014 4:38:45 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: driftdiver
The way their code is tied together and uses all sorts of propriety hooks who knows?

The only time I used IE was to get XP updates.

9 posted on 04/27/2014 4:39:35 PM PDT by Paladin2
[ Post Reply | Private Reply | To 6 | View Replies]

To: driftdiver
It's not an XP flaw, it's an IE flaw.

HOWEVER:

As far as I know, Microsoft discontinued support of old IE versions that run on XP, and does not back-port newer supported versions to XP. Therefore AFAIK there won't be any patches for the IE flaw, for any version that runs on XP.

If somebody can show that Microsoft will produce a patch for a version of IE that runs supported on XP, let me know please.

10 posted on 04/27/2014 4:40:30 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: driftdiver

I’m currently on Ubuntu (I have a copy of 8.1 but am currently still using Ubuntu IRL)

So this is not an actual XP issue then, it is an independent issue with the browser.


11 posted on 04/27/2014 4:41:49 PM PDT by Cringing Negativism Network (http://www.census.gov/foreign-trade/balance/c5700.html#2013)
[ Post Reply | Private Reply | To 8 | View Replies]

To: dayglored

This sounds like one more reason to never run your machine as an administrator useless you have a need. Most viruses can’t install with out admin rights.


12 posted on 04/27/2014 4:42:24 PM PDT by ThomasThomas (Some learn from others... The rest of them have to pee on the electric fence for themselves.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Paladin2
Ask any 100 XP users how to get IE updates WITHOUT using Windows Update service.

Best of luck with that. I'll bet you 99 of the 100 say, "WHUT?"

The 1 out of 100 is a corporate SysAdmin who has a Windows Update server.

13 posted on 04/27/2014 4:43:43 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: driftdiver

IE and the OS are in an incestuous relationship. The fix may require both the be patched.


14 posted on 04/27/2014 4:44:42 PM PDT by ImJustAnotherOkie (zerogottago)
[ Post Reply | Private Reply | To 4 | View Replies]

To: driftdiver
> In other words, nothing?

What this IE flaw has to do with XP is: the flaw will get a patch, for the newer, supported versions of IE. It WILL NOT get a patch for the older unsupported versions that run on XP.

AFAIK. If you know different, post a link to the Microsoft article that says it. Please!

15 posted on 04/27/2014 4:45:52 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: AdmSmith; AnonymousConservative; Berosus; bigheadfred; Bockscar; cardinal4; ColdOne; ...

Weird that this wasn’t discovered until such time as MS wants to panic its herd into W8.


16 posted on 04/27/2014 4:47:08 PM PDT by SunkenCiv (https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | View Replies]

To: ImJustAnotherOkie
"The fix may require both the be patched."

Which software is more likely to have sloppy memory management?

17 posted on 04/27/2014 4:47:26 PM PDT by Paladin2
[ Post Reply | Private Reply | To 14 | View Replies]

To: driftdiver
Here's an article that says XP users will not get the update:

http://www.ibtimes.com/microsoft-hurries-fix-browser-after-hacker-attacks-no-fix-xp-users-1576931

"...PCs running Windows XP will not receive any updates fixing that bug when they are released..."

18 posted on 04/27/2014 4:50:49 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: dayglored
Microsoft has discontinued support for XP, Internet Explorer on XP, and Microsoft Defender.

If you're a Microsoft XP User, stop using Internet Explorer and switch to Google Chrome, FireFox, Safari or something other than IE.

As this is an EXPLOIT and not a Virus/Malware, the critical point is that the exploit is tied to IE.

For those of you with System Restore turned on make sure you have a System Restore point set, and a good backup of XP including the OS and your data files.

Stopping usage of IE will provide some protection for now but ultimately, XP is going to be breached world-wide and those of you running it will regret not upgrading.

19 posted on 04/27/2014 4:54:17 PM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 10 | View Replies]

To: driftdiver
> So yes, IE updates are separate from the OS.

Okay, you're on an XP system, and XP updates are unavailable. Please tell me how you get an update for your unsupported version of IE?

AFAIK, and this is the key: THE FACT THAT YOU'RE RUNNING XP MAKES YOU INELIGIBLE FOR ANY UPDATES, including IE updates.

If you know different, please post a link to the Microsoft page that says so. I'd sure like to have that link to give to my family and friends who are still running XP and will be calling me for help.

20 posted on 04/27/2014 4:55:30 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: dayglored
Okay, XP die-hards, you were warned. Here it comes.

Who in his right mind is using the IE that came with XP? It was garbage then, and it isn't much better now. Download a real browser, one that is currently supported. Chrome, Opera, or any Gecko or Webkit-based browser (Safari, PaleMoon, etc.) It's hardly a challenge.

Besides, most of the XP holdouts are in the embedded world. XP runs their CNCs and their chromatographs and their oscilloscopes. Those devices do not browse the Web; many are not even accessible from the Internet. Most laptops and desktops with XP are already in the trash. I have a few, but I maintain them for a very specific technical reason; mechanically and electrically they are junk, and new laptops are cheap.

21 posted on 04/27/2014 4:55:45 PM PDT by Greysard
[ Post Reply | Private Reply | To 1 | View Replies]

To: SunkenCiv
Weird that this wasn’t discovered until such time as MS wants to panic its herd into W8.

No, it's not weird at all if you'd remember that Microsoft has been issuing security updates for Windows XP for 12 years .......

Windows XP "security" has been so bad that the first Tuesday of every month became known as "PATCH TUESDAY" on a world-wide basis.

That's been going on for 12 years. The fact that Microsoft HAD TO issue updates over the course of 12 years to fix known and newly found vulnerabilities should be telling those of you who insist on running it and refusing to upgrade that any decision to continue running the most security hole laden OS in history is really a dumb decision on your parts.

22 posted on 04/27/2014 4:58:12 PM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 16 | View Replies]

To: SunkenCiv
> Weird that this wasn’t discovered until such time as MS wants to panic its herd into W8.

Microsoft released a statement saying that the only way to protect against this, if you're running XP, is to upgrade to Win7 or Win8.

I'm shocked. Shocked!

Of course, they -are- correct, that's a true statement.

Unless you're a big corporation paying extortion money to Microsoft for continued XP update support (yes, it exists if you have enough money).

23 posted on 04/27/2014 4:59:33 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: dayglored
I'd sure like to have that link to give to my family and friends who are still running XP and will be calling me for help.

Good luck with that. I'd disconnect my phone and disown any family members still running XP. They've known end of support was coming, and refused to change.

Prepare to suffer the consequences of stupid decisions.

24 posted on 04/27/2014 5:00:25 PM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 20 | View Replies]

To: Paladin2

Why did you need IE to get updates and not some other browser like Firefox? Never used IE of anything for years now.


25 posted on 04/27/2014 5:01:41 PM PDT by doorgunner69
[ Post Reply | Private Reply | To 9 | View Replies]

To: doorgunner69
> Why did you need IE to get updates and not some other browser like Firefox? Never used IE of anything for years now.

Huh, last I knew, Windows Updates only ran with IE, because it required ActiveX, which is only available in IE.

When did that change???

26 posted on 04/27/2014 5:18:08 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: dayglored

If you are using IE for anything but Windows updates, why? There are plenty of other browsers out there that are much more secure than IE. Safari, Chrome (Google product, be careful), Opera, Firefox, lots of others.


27 posted on 04/27/2014 5:18:40 PM PDT by upchuck (Support ABLE, the Anybody But Lindsey Effort. Yes, we are the ABLE!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: usconservative
> The fact that Microsoft HAD TO issue updates over the course of 12 years to fix known and newly found vulnerabilities should be telling those of you who insist on running it...

C'mon, let's be fair, ALL OSes issue security patches. That includes Mac OS X, Linux, BSD Unix, etc. etc. not just Windows.

Nobody in their right mind expects software, especially huge, complex software, to not have flaws.

28 posted on 04/27/2014 5:21:33 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: dayglored
This appears to be the first major flaw that WILL NOT GET FIXED FOR WINDOWS XP.

Why would you write that? Reading the article, this vulnerability is very specific to Internet Explorer and has nothing to do with any MSFT operating system, including XP.

29 posted on 04/27/2014 5:21:36 PM PDT by upchuck (Support ABLE, the Anybody But Lindsey Effort. Yes, we are the ABLE!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: upchuck
> If you are using IE for anything but Windows updates, why? There are plenty of other browsers out there that are much more secure than IE. Safari, Chrome (Google product, be careful), Opera, Firefox, lots of others.

There are tons of users, especially business users, who HAVE to use IE because their business applications only run on it.

Same for Win XP.

For two decades, Microsoft strongly encouraged developers to tie applications to their specific OS and browser, and now the folks who did so are paying the price.

30 posted on 04/27/2014 5:23:49 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: dayglored

Anyone who uses Windows and/or IE in this day and age needs to have their mental state seriously questioned.


31 posted on 04/27/2014 5:23:53 PM PDT by sagar
[ Post Reply | Private Reply | To 1 | View Replies]

To: upchuck
> Why would you write that?

Because it's true. Read further before you write back, please.

XP users can't get IE updates.

32 posted on 04/27/2014 5:25:12 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: usconservative
Stopping usage of IE will provide some protection for now but ultimately, XP is going to be breached world-wide and those of you running it will regret not upgrading.

There is no upgrade path from XP. Those boxes were built to run with as little as 512 MB of RAM, if not even less. They have slow processors that won't run Win7 or later. I know because I dealt with this before, and I have a few of those boxes now. The only upgrade path that they have, in theory, is Linux; but in practice they have only the path into dumpster because it costs you too much to upgrade them and to use them, compared to buying a new system.

The real problem is with XP that operates equipment. Here is an example:

This particular, now obsolete, oscilloscope was sold for about $25K then, and it still is a perfectly good instrument today. It is selling right now from $5K to $10K. But it is controlled by WinXP. If you have ten of those oscilloscopes in your business, would you be in any hurry to scrap a quarter million dollars in working hardware just because of a very remote threat? Those scopes have never seen a Windows Update in their life, by the way - you cannot risk that on a soft real time equipment. If you have to protect them, you do that with firewalls; but most scopes are not even connected to the network. Maybe GPIB; but Ethernet at that time was not very useful.

This is not the highest price for a unit of equipment either. Take this signal source analyzer, for example - its price can be above $60K:

There are CNC machining centers and robots, however, that cost far more than that. The fact is that XP/XPe was a de-facto standard for all such equipment for ten years. All high-end, smart equipment made in the last decade runs XP. There is no way to upgrade it. Discarding it would cause terrible financial losses, and it would be also not very wise because the hardware still works fine. So XP will soldier on.

33 posted on 04/27/2014 5:25:59 PM PDT by Greysard
[ Post Reply | Private Reply | To 19 | View Replies]

To: dayglored
Huh, last I knew, Windows Updates only ran with IE, because it required ActiveX, which is only available in IE. When did that change???

Dear Mr Rip Van Winkle. I used to run Win updates on the old Netscape browser back in the nineties.

34 posted on 04/27/2014 5:32:54 PM PDT by Focault's Pendulum (I live in NJ....' Nuff said!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Greysard

And let’s not forget the 100,000’s of ATM machines across the country that are still running WinXP and -are- connected to the network, whether directly or indirectly.


35 posted on 04/27/2014 5:34:09 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 33 | View Replies]

To: dayglored
Been getting the updates (always by notification and manual download) for many years through Firefox. That included bumping XP up through SP3 AFAIK.

Quit IE once I discovered the bliss of AD Block etc.

36 posted on 04/27/2014 5:37:36 PM PDT by doorgunner69
[ Post Reply | Private Reply | To 26 | View Replies]

To: Focault's Pendulum
> Dear Mr Rip Van Winkle. I used to run Win updates on the old Netscape browser back in the nineties.

So did I, before the updates started requiring IE. That was somewhere in the early 2000's, I think.

Windows Updates on Win7 and later is integrated into the OS as part of Control Panel.

Please tell me how you run Windows Updates on XP without IE. What's the procedure, suitable for an average user? If there's an easy way to do it, I'd love to know.

Of course, updates are disabled for XP now, so I don't expect it to work. I just want to know how you USED to do it on XP without IE.

37 posted on 04/27/2014 5:46:25 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: doorgunner69
> ...manual download...

Well, sure, you can get the update files as a download and install them manually, if you know how and are willing to go through that extra hassle and understand what to get.

I've tried explaining that to normal Windows users, without success. They want to get Windows Updates by clicking "Windows Updates". That's not an unreasonable expectation.

I could never find a way to have the "Windows Update" service run with any other browser as a tool. If you know a way, by all means spill the beans, please.

38 posted on 04/27/2014 5:50:29 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: dayglored
Just about any of the browsers today can be used for an update.I went from Win 95 to 98 to Vista and now 7. I have never used IE at all except for the first time I plugged my first computer in.

If (and you should) download another browser such as Chrome or Palemoon make sure you make it your default browser, Other wise you'll be stuck having to use IE.

You can always change the setting.

39 posted on 04/27/2014 5:54:36 PM PDT by Focault's Pendulum (I live in NJ....' Nuff said!)
[ Post Reply | Private Reply | To 37 | View Replies]

To: Greysard
There is no upgrade path from XP.

Sure there are, they're called Windows 7 and Windows 8. Pick one.

I'm not going to debate "upgrade" vs. "upgrade path."

I'm also not going to debate hardware requirements. People running Windows XP on an older machine will obviously have to upgrade some hardware, whether that's memory, disk, etc..

Fact is, Windows 8 uses LESS resources than Windows 7 did, so most computers capable of having 4gb of memory installed (and that's alot of old computers) will run Windows 8 reasonably well.

My comments were addressed to the "FMCDH" crowd who says they'll never give up Windows XP (and the handful who wanted by force of Government *make* Microsoft support it going forward.)

40 posted on 04/27/2014 5:57:18 PM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 33 | View Replies]

To: dayglored
C'mon, let's be fair, ALL OSes issue security patches.

True, but only ONE O/S has the bragging rights for "Patch Tuesday" for the last 12 years and that's Windows XP.

Thank God Microsoft finally dropped XP. Now we get our First Tuesday's of the month back.

41 posted on 04/27/2014 5:58:53 PM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 28 | View Replies]

To: All


Help FR Continue the Conservative Fight!
Your Monthly and Quarterly Donations
Help Keep FR In the Battle!

Sponsoring FReepers are contributing
$10 Each time a New Monthly Donor signs up!
Get more bang for your FR buck!
Click Here To Sign Up Now!


42 posted on 04/27/2014 6:00:09 PM PDT by musicman (Until I see the REAL Long Form Vault BC, he's just "PRES__ENT" Obama = Without "ID")
[ Post Reply | Private Reply | To 39 | View Replies]

To: usconservative
> Thank God Microsoft finally dropped XP. Now we get our First Tuesday's of the month back.

Ummm, no, Patch Tuesday will still be there for Vista, Win7, and Win8.

And it's the SECOND Tuesday of the month. :)

43 posted on 04/27/2014 6:06:37 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 41 | View Replies]

To: dayglored

Why use XP now anyway? Firefox is far superior to all others for power users.


44 posted on 04/27/2014 6:10:32 PM PDT by daniel1212 (Come to the Lord Jesus as a contrite damned+destitute sinner, trust Him to save you, then live 4 Him)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Focault's Pendulum
I've had either Netscape Navigator or Firefox as my default browser as long as they've been around. One of the first things I do on a new system is download Firefox and make it the default browser.

That never changed how Windows Update worked on XP, it always uses IE.

And if you copy/pasted the URL for Windows Updates into Firefox, there was an error saying you had to use IE.

I'm not sure what you're referring to. If you mean manually finding and identifying and downloading and manually installing updates, yes of course that can be done with a non-IE browser. Hell, I've done that with Firefox on Linux.

I'm talking about the normal Windows Update service that normal users use, to get Windows Updates.

How were you able to run the Windows Update service with (say) Firefox?

45 posted on 04/27/2014 6:12:30 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 39 | View Replies]

To: dayglored
And let’s not forget the 100,000’s of ATM machines across the country that are still running WinXP and -are- connected to the network, whether directly or indirectly.

The good part about ATMs is that they are wearing out much faster than a lightly used indoor equipment for scientists. There are those buttons, screens, slots, rollers, sensors... lots of stuff that deals with moving objects. Those things wear out first. ATMs can have short amortization period because they are very profitable, so their useful life can be set to just a few years.

I am not sure, though, that many ATMs are connected to the Internet. Not every "network" is the Internet. Here is what howstuffworks.com has to say:

Most host processors can support either leased-line or dial-up machines. Leased-line machines connect directly to the host processor through a four-wire, point-to-point, dedicated telephone line. Dial-up ATMs connect to the host processor through a normal phone line using a modem and a toll-free number, or through an Internet service provider using a local access number dialed by modem.

Dial-up was extremely common for several decades, and I guess it is still used today. It is pretty secure - you have to have physical access to the cable or to the switch, and still the connection is encrypted. In such configuration WinXP's vulnerabilities are not a concern because there is no data ports that one could tweak to exploit security holes. An ATM may not even have a network card, for example, just the modem. The buttons are connected to a custom peripheral controller, so no three finger salute for you. Such systems are only vulnerable to their own security holes - and with a very limited set of inputs you can mathematically prove that the software is correct.

The quoted text does mention that some ATMs may dial the ISP and be connected to the Internet. But those that do that most likely will not be using IE for encryption. It's more complicated than whipping up one's own https client, even if you call DLLs that came with Windows. As these connections are point to point, originated by the ATM to a fixed IP address of the bank, it is not practically possible to "trick" an ATM to connect to some other site and become hacked. Besides, what is the risk? That the machine dispenses all its cash to a hacker? Thieves are known to steal the whole ATM; a patch won't be effective against a steel cable and a powerful truck.

46 posted on 04/27/2014 6:13:46 PM PDT by Greysard
[ Post Reply | Private Reply | To 35 | View Replies]

To: dayglored

Yes, XP users were warned. The practice of abandoning support for older versions of MS software is something that happens across all Microsoft platforms, not just the OS business. It is the Microsoft business model and every user of XP knew this when they first started using XP.

In time, the platform will become unusable. If you are still on XP, get off of it. Otherwise do not complain when a third party provider who promises to keep XP running, so hoses it up that you lose all of your data, or worse.


47 posted on 04/27/2014 6:20:10 PM PDT by Delta Dawn (Fluent in two languages: English and cursive.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...

48 posted on 04/27/2014 6:21:08 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: usconservative

You have a poor grasp of irony.


49 posted on 04/27/2014 6:23:53 PM PDT by SunkenCiv (https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | To 22 | View Replies]

To: dayglored

I think I read that Embedded XP support will continue for a while yet.


50 posted on 04/27/2014 6:24:00 PM PDT by SunkenCiv (https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | To 23 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-96 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson