Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Hackers targeting newly discovered flaw in Microsoft Internet Explorer
washingtonpost ^ | April 28 | Gail Sullivan

Posted on 04/28/2014 7:13:12 AM PDT by JoeProBono

Hackers are already at work exploiting a newly discovered flaw in Microsoft’s Internet Explorer that has left more than half of the world’s Web browsers vulnerable to attack, including those on many federal government computers. Microsoft said it was aware of “limited target attacks” in a security advisory posted on Saturday. The flaw affects Internet Explorer versions 6 through 11. However, hackers are mostly targeting versions 9 through 11, according to the security firm FireEye, which discovered the flaw.........

(Excerpt) Read more at washingtonpost.com ...


TOPICS: Chit/Chat; Computers/Internet
KEYWORDS: internetexplorer
Navigation: use the links below to view more comments.
first 1-5051-56 next last


1 posted on 04/28/2014 7:13:12 AM PDT by JoeProBono
[ Post Reply | Private Reply | View Replies]

To: JoeProBono

Apple’s decision to not support Adobe Flash in iOS looks better all of the time.


2 posted on 04/28/2014 7:18:28 AM PDT by Dr. Sivana ("I'm a Contra" -- President Ronald Reagan)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JoeProBono

It’s not that simple.

Even if you are using some other browser, you are still using IE.


3 posted on 04/28/2014 7:21:49 AM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UCANSEE2

Hunh? I don’t use IE, so how can I be using IE?


4 posted on 04/28/2014 7:26:07 AM PDT by hoagy62 ("Tyranny, like hell, is not easily conquered..."-Thomas Paine. 1776)
[ Post Reply | Private Reply | To 3 | View Replies]

To: UCANSEE2


5 posted on 04/28/2014 7:32:18 AM PDT by JoeProBono (SOME IMAGES MAY BE DISTURBING VIEWER DISCRETION IS ADVISED;-{)
[ Post Reply | Private Reply | To 3 | View Replies]

To: UCANSEE2
Even if you are using some other browser, you are still using IE.

On my MAC? Drop that many years ago.

6 posted on 04/28/2014 7:33:00 AM PDT by Logical me
[ Post Reply | Private Reply | To 3 | View Replies]

To: hoagy62; JoeProBono

I know, you both think I’m crazy.

When you use Firefox, or Chrome, etc. you are simply using a ‘mask’ that is put over the face of Internet Explorer.

If you doubt me, try to remove IE from your computer.
If you are successful, you will no longer be posting anything anywhere.


7 posted on 04/28/2014 7:36:40 AM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: UCANSEE2

Nope.

Firefox runs on Linux; I’m using it now.

It doesn’t use IE because IE does not exist on my Linux machine.

The Windows port of firefox would not be completely rewritten to somehow sit on top of IE.

Anyone can download the source code (program in its orginal human-readable form as written by the developers) to the windows version of firefox just to verify this.


8 posted on 04/28/2014 7:46:14 AM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 3 | View Replies]

To: JoeProBono

And no fix...yet.


9 posted on 04/28/2014 7:50:49 AM PDT by hsmomx3
[ Post Reply | Private Reply | To 1 | View Replies]

To: UCANSEE2

http://forums.mozillazine.org/viewtopic.php?t=178597


10 posted on 04/28/2014 7:52:52 AM PDT by JoeProBono (SOME IMAGES MAY BE DISTURBING VIEWER DISCRETION IS ADVISED;-{)
[ Post Reply | Private Reply | To 7 | View Replies]

To: hsmomx3

FireEye also said running IE in enhanced protection mode, which is only available for IE versions 10 and 11, will protect users from attacks.


11 posted on 04/28/2014 7:55:26 AM PDT by JoeProBono (SOME IMAGES MAY BE DISTURBING VIEWER DISCRETION IS ADVISED;-{)
[ Post Reply | Private Reply | To 9 | View Replies]

To: rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...

12 posted on 04/28/2014 7:56:26 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UCANSEE2

I never installed IE. I don’t have anything resembling IE on my computer.


13 posted on 04/28/2014 7:57:26 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 7 | View Replies]

To: JoeProBono
Thanks for posting this Joe

"FireEye suggests disabling the Adobe Flash plugin because the attacks won’t work without it. FireEye also said running IE in enhanced protection mode, which is only available for IE versions 10 and 11, will protect users from attacks...."

14 posted on 04/28/2014 8:03:00 AM PDT by virgil283 ('No king .... but King Jesus')
[ Post Reply | Private Reply | To 1 | View Replies]

To: virgil283

http://www.thewindowsclub.com/enhanced-protected-mode-internet-explorer-10


15 posted on 04/28/2014 8:07:40 AM PDT by JoeProBono (SOME IMAGES MAY BE DISTURBING VIEWER DISCRETION IS ADVISED;-{)
[ Post Reply | Private Reply | To 14 | View Replies]

To: UCANSEE2

Oh, I don’t think you’re crazy, FRiend. I just wasn’t sure what you meant. Now I do.

Since that’s the case, I don’t know what to do. Suggestions?


16 posted on 04/28/2014 8:35:24 AM PDT by hoagy62 ("Tyranny, like hell, is not easily conquered..."-Thomas Paine. 1776)
[ Post Reply | Private Reply | To 7 | View Replies]

To: JoeProBono

The internet is running very slow in IL today. I use FireFox. Some sites load just fine while others don’t load at all. My internet is connected properly and I don’t have malware or viruses. I have heard others say they have experienced problems as well.


17 posted on 04/28/2014 8:45:32 AM PDT by hsmomx3
[ Post Reply | Private Reply | To 11 | View Replies]

To: JoeProBono

When you enable protected mode, does it alter the way you view/do things on IE?


18 posted on 04/28/2014 8:56:12 AM PDT by hsmomx3
[ Post Reply | Private Reply | To 15 | View Replies]

To: JoeProBono

That link is to an article that is almost ten years old when IE was an integral part of the MS operating system. MS was told by the courts to separate out IE from its operating systems so I’m not sure the article still applies.


19 posted on 04/28/2014 9:03:45 AM PDT by CedarDave (CNN: The "Crisis News Channel" - all Flight 370 hysteria and global warming blather, all the time.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: hsmomx3

Not that I’ve noticed but I very rarely use IE.


20 posted on 04/28/2014 9:11:11 AM PDT by JoeProBono (SOME IMAGES MAY BE DISTURBING VIEWER DISCRETION IS ADVISED;-{)
[ Post Reply | Private Reply | To 18 | View Replies]

To: CedarDave

The flaw affects Internet Explorer versions 6 through 11.


21 posted on 04/28/2014 9:12:08 AM PDT by JoeProBono (SOME IMAGES MAY BE DISTURBING VIEWER DISCRETION IS ADVISED;-{)
[ Post Reply | Private Reply | To 19 | View Replies]

To: JoeProBono

I’m not talking about the flaw; the article is about removing IE so the flaw won’t affect it. Unfortunately, at least one part of the article still applies:
MS uses IE to update operating systems.


22 posted on 04/28/2014 9:25:07 AM PDT by CedarDave (CNN: The "Crisis News Channel" - all Flight 370 hysteria and global warming blather, all the time.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: JoeProBono

Thank you!!!!!!


23 posted on 04/28/2014 9:32:03 AM PDT by boxlunch (Psalm 2)
[ Post Reply | Private Reply | To 15 | View Replies]

To: JoeProBono

I don’t use it either except when something cannot be seen in FireFox from a company I used to work for.


24 posted on 04/28/2014 10:46:14 AM PDT by hsmomx3
[ Post Reply | Private Reply | To 20 | View Replies]

To: hoagy62

Well, I would suggest-

Don’t Use IE as your browser.

Use something like Firefox and at least it will provide some protection, even though it uses IE as it’s base. Various addons for Firefox like NOSCRIPT help provide another layer of protection.

There is only so much you can do. Even if we had a cure (a fix), there is always a new disease.


25 posted on 04/28/2014 2:17:20 PM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: PieterCasparzen
Firefox runs on Linux; I’m using it now. It doesn’t use IE because IE does not exist on my Linux machine.

Yes, FF operates differently when you use a different operating system.

Just like the earlier poster who said he had a MAC (where we assume he meant an APPLE computer), your environments are different, ergo you get different results.

Let me ask you this, when you downloaded Firefox, did you download the version for Windows or the one for Linux ?

26 posted on 04/28/2014 2:27:38 PM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: UCANSEE2
When you use Firefox, or Chrome, etc. you are simply using a ‘mask’ that is put over the face of Internet Explorer.

Yes, there are browsers that use the IE rendering engine rather than roll their own. Firefox actually has a plugin you can to allow this as well (though I don't really know why you would.) Other browsers, like Opera and Firefox are completely separate programs that do not use the IE engine at all by default.

Personally, I think we'd all be better off if everyone just completely abandoned all microsoft products entirely, but what you said is untrue. Yes, it's difficult, if not impossible to actually remove IE from a windows system. That is by design, as microsoft makes extensive use of proprietary crap to destroy its competition by leveraging vendor lock-in as much as they can get away with. However, what you stated is simply not true.

27 posted on 04/28/2014 5:00:04 PM PDT by zeugma (Don't cry because it's over, smile because it happened - Dr. Seuss (I'll see you again someday Hope))
[ Post Reply | Private Reply | To 7 | View Replies]

To: hsmomx3
According to Microsoft:

Enhanced Protected Mode is a security feature that was introduced in Windows 8. By default, this feature is turned off in Internet Explorer on the Windows 8.1 desktop.
When this feature is enabled, add-ons such as toolbars, browser helper objects (BHOs), and extensions are loaded only if they are compatible with Enhanced Protected Mode. If you have to load an incompatible add-on, you can disable Enhanced Protected Mode for the desktop browser. This action lets incompatible add-ons load, but it may increase the risk of having malware or other potentially harmful software installed on your computer.
So I would say depending on the add-on or extension you are using, it might. :-(
28 posted on 04/28/2014 5:05:17 PM PDT by Alas Babylon!
[ Post Reply | Private Reply | To 18 | View Replies]

To: UCANSEE2

Of course the windows version.

It’s simply a port to that platform. Do you understand what progammers mean when they say “port” to a platform ?

You can download the source code for the Windows version and the source code for the Linux version and compare them.

I downloaded the Linux source; it’s tons of C++; I highly doubt, from just a quick glance, that it makes use of much besides display primitives, network and file i/o, user interaction, other OS primitives like threads, etc.

The latest “esr” (extended support) release is here:

ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.5.0esr/

You will notice a directory for each platform:

linux686 (32bit)
linux86_64 (64bit)
mac
win32

and you’ll notice a directory

source

under which there is a unified source archive; there’s just one set of programs. This leads me to guess that they’ve used the standard approach of not relying too heavily on platform specifics of any one platform that are high-level and would entail a lot of work to recreate on the other platforms.

IMHO, again, I haven’t looked at it, but if you’d like to prove that they “use” Internet Explorer, you certainly could look in the source code and find where they do.


29 posted on 04/28/2014 5:15:33 PM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 26 | View Replies]

To: zeugma

Hmm, I didn’t know that.

IMHO, sw today is junky by design; too complex, too wide open in terms of security. Insecure by design. Even networking - what a bad joke of security.

The 400 showed that things can be secure and solid.

But now we see that security seems to be the last thing those “in charge” want.

When they started putting web stuff in the newly renamed “iSeries”, oh boy, what a joke.

Like building a model t on top of a maybach.


30 posted on 04/28/2014 5:25:26 PM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 27 | View Replies]

To: PieterCasparzen

Security could be designed into the internet to be its default state, but our political masters enjoy being able to read your email too much. Why it that no major email client uses PGP by default to encrypt your email? Drives be crazy, as a long term paranoid old-timer who used to use PGP a lot from a DOS command line.


31 posted on 04/28/2014 6:15:04 PM PDT by zeugma (Don't cry because it's over, smile because it happened - Dr. Seuss (I'll see you again someday Hope))
[ Post Reply | Private Reply | To 30 | View Replies]

To: PieterCasparzen
IMHO, again, I haven’t looked at it, but if you’d like to prove that they “use” Internet Explorer, you certainly could look in the source code and find where they do.

Yes, you'd be able to see the calls.

IE and Firefox use completely different rendering engines, among other things. You can easily demonstrate that by going to the Acid Test website in IE and Firefox, Opera and Chrome. You'll notice you get completely different results each time.

32 posted on 04/28/2014 6:19:15 PM PDT by zeugma (Don't cry because it's over, smile because it happened - Dr. Seuss (I'll see you again someday Hope))
[ Post Reply | Private Reply | To 29 | View Replies]

To: PieterCasparzen

Thanks for the response. I respect your apparent knowledge of this issue, but still disagree with you. I understand your arguments, but am still unconvinced. If I am wrong, good. Then I’ll learn something new. I want to find out if my assertion is true or not. It may be that we are saying the same thing, but don’t realize it yet.

What browser did you use to download Firefox ?

I.E. What browser does Linux come equipped with ?


33 posted on 04/29/2014 8:20:29 AM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: Logical me
On my MAC?

If you are using an APPLE computer, one would logically conclude that this 'problem' doesn't pertain to you.

34 posted on 04/29/2014 8:22:17 AM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: JoeProBono; PieterCasparzen

Thanks, JoeProBono.

PieterCasparzen, read the info at the link in post #10, and see if it isn’t saying exactly what I said.

P.S. Get on a Windows based PC, start up FIREFOX, then to to the TASK MANAGER. Tell me then that Internet Explorer (iexplore.exe) is not running.

Linux surely has it’s own version of iexplore.exe that is running as well. I just don’t know the name of it.


35 posted on 04/29/2014 8:29:32 AM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: ShadowAce
I never installed IE. I don’t have anything resembling IE on my computer.

OK, what kind of 'computer' do you have and what operating system ?

36 posted on 04/29/2014 8:32:27 AM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: CedarDave
MS was told by the courts to separate out IE from its operating systems so I’m not sure the article still applies.

So... it might depend on which 'version' of WINDOWS you are using, correct ?

What version are you using ?

37 posted on 04/29/2014 8:35:54 AM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: UCANSEE2
I have a MSI GT680R laptop.

I run Linux on it. Windows has been completely removed from the system. I booted it up once to Windows to be sure the hardware was working, then re-partitioned the entire disk(s).

I've run Fedora on it ever since.

38 posted on 04/29/2014 8:36:30 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 36 | View Replies]

To: UCANSEE2

Did as you said.
iexplore.exe is NOT RUNNING.


39 posted on 04/29/2014 9:10:20 AM PDT by JoeProBono (SOME IMAGES MAY BE DISTURBING VIEWER DISCRETION IS ADVISED;-{)
[ Post Reply | Private Reply | To 35 | View Replies]

To: UCANSEE2

I’m running CentOS, (Community Enterprise OS).

It is a community version of Red Hat Linux. The Red Hat distribution is aimed at a corporate customer user base. Red Hat customers pay Red Hat for support of Linux.

The CentOS team is an organization unto itself, though it has ties with Red Hat (recent changes brought them closer). They call Red Hat the “upstream vendor”. CentOS basically takes Red Hat’s distribution, source code and all, and removes the Ret Hat branding and substitute CentOS branding, and builds their distribution from that. The CentOS distribution is available free of charge - but the caveat is there’s no support available to purchase. The CentOS customer must get by on their own.

Red Hat/CentOS comes with Mozilla Firefox as its default browser.


40 posted on 04/29/2014 9:26:09 AM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 33 | View Replies]

To: UCANSEE2

You could try killing that iexplore.exe process and see if firefox still works.

You may have Firefox set up to use the IE rendering engine.

Executable (.exe) files are linked with libraries, which are collections of executable routines/procedures/functions.

If they are linked statically, at link time (when the programmer is generating the .exe), the libraries are searched for called routines, which then are copied out of the library by the linker and inserted into the .exe as it is being created. One winds up with a self-standing .exe that can run on it’s own.

If they are linked dynamically, on windoes the libraries have that .DLL file extension, i.e., the dynamic link library. The routines are not copied into the .exe as it is built by the linker, just references are inserted. The resulting .EXE, when a user installs it, must at run time be able to find a DLL on the user’s machine in order to resolve the references and call the routines in the DLL.

It would be possible for firefox.exe to cause iexplore.exe to start when it starts (through a system call to “exec” another program), that would not be the normal way to invoke shared functionality.

The normal way to share functionality would be to put the shared routines into DLLs, thus, there would be no need to start up iexplore.exe in that case.


41 posted on 04/29/2014 9:37:06 AM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 35 | View Replies]

To: UCANSEE2

Oh, a more specific answer to your question:

I’ve used Firefox on Windows PCs and never seen it cause iexplore.exe to start up.

That being said, it’s been a few years since I’ve done so, and I’ve never gotten into Firefox addons/plugins much, other than basics like flash player. Addons can do all sorts of things.

You may have something “going on there”, may have something to do with what’s installed on your pc, how it’s configured. Of course, can’t rule out malware either, without knowing.


42 posted on 04/29/2014 9:45:52 AM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 35 | View Replies]

To: JoeProBono; PieterCasparzen

OOPS.

I meant explorer.exe

BTW, MS has decided to release a FIX for this bug for WINDOWS XP users.


43 posted on 05/01/2014 11:18:44 AM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 39 | View Replies]

To: hoagy62
You would be interested in this.

Microsoft rescues XP users with emergency browser fix

44 posted on 05/01/2014 11:20:13 AM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...

45 posted on 05/01/2014 11:20:16 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UCANSEE2; JoeProBono

http://www.paretologic.com/resources/paretolabs/exe/explorer_exe.aspx

You’ve got windows explorer open.

That’s the thingie that one uses to browse the files on one’s PC.


46 posted on 05/01/2014 11:59:25 AM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 43 | View Replies]

To: UCANSEE2

explorer.exe is not Internet Explorer...it’s the service that drives the Windows user interface of your computer (the start menu and such). You disable that and you don’t have many options for doing much of anything whether it’s using a web browser or any other application.


47 posted on 05/01/2014 12:01:18 PM PDT by Mygirlsmom (No Mo (zilla). I'm going to the Opera instead.)
[ Post Reply | Private Reply | To 43 | View Replies]

To: UCANSEE2

Apparently explorer.exe is associated with various vulnerabilities.

just google

explorer.exe vulnerability


48 posted on 05/01/2014 12:22:05 PM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 44 | View Replies]

To: PieterCasparzen; Mygirlsmom
That’s the thingie that one uses to browse the files on one’s PC.

it’s the service that drives the Windows user interface of your computer (the start menu and such). You disable that and you don’t have many options for doing much of anything whether it’s using a web browser or any other application.

Thanks to both of you for your responses.

I agree with your information, but...

It is , then, Windows Explorer that has the 'bug', and it is common to all Windows XP users. MS is even releasing a 'fix' to Windows XP for the problem.

My description of Firefox sitting on top of or being a mask for IE may be a clumsy way to describe it, but it would still seem that Windows itself is the problem.

I don't understand how the base engines of IE and FIREFOX can be any different, as they both must use the same commands to access the internet.

49 posted on 05/01/2014 12:32:02 PM PDT by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 46 | View Replies]

To: PieterCasparzen
CentOS is rock solid. I use it at work as my central system administration workstation, and on a ton of servers. Love it.

It's not the bleeding edge, by any means, but it's stable and reliable. The less blood, the better.

50 posted on 05/01/2014 1:08:58 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 40 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-56 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson