Major flaw revealed in Internet Explorer; users urged to switch

Tue Dec 16, 2008 11:49AM EST

See Comments (161)

The major press outlets are abuzz this morning with news of a major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8. The attack has serious and far-reaching ramifications -- and they're not just theoretical attacks. In fact, the flaw is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.

Virtually all security experts (as well as myself) are counseling users to switch to any other web browser -- none of the others are affected, including Firefox, Chrome, and Opera -- at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." Microsoft adds that it is working on a fix but has offered no ETA on when that might happen. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds. (Some reports state, however, that the fixes do not actually work.)

Expedient patching or switching are essential. Security pros fear that the attack will soon spread beyond the theft of gaming passwords and into more criminal arenas, as the malicious code can be placed on any website and can be adapted to steal any password stored or entered using the browser. It's now down to the issue of time: Will Microsoft repair the problem and distribute a patch quickly enough to head off the tsunami of fraud that's about to hit or will it come too late to do any good?

Meanwhile, I'll reiterate my recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated. (To clarify: You don't need to uninstall IE, just don't use it for the time being.)

Links for other browsers to try: Firefox Chrome Safari Opera

Comments on Major flaw revealed in Internet Explorer; users urged to switch

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 46 Posted by mhk_zerocool on Thu Sep 3, 2009 7:17PM EDT Report Abuse

    LOL try to post the truth about the lies contain in this blog and they block each attempt.

  • 47 Posted by mhk_zerocool on Thu Sep 3, 2009 7:17PM EDT Report Abuse

    ALL Lies IE is the best, find me one real person not some fictional one that has been hit by this "hole"

  • 48 Posted by irby2063 on Thu Sep 3, 2009 4:24PM EDT Report Abuse

    I do use Internet Explorer. Recently, say I haven't been on the Internet for a few minutes, it goes out to a screen asking for my password. Is this an example of a problem with Internet Explorer or someone perhaps trying to get my password?

  • 49 Posted by nln_kohli on Thu Sep 3, 2009 7:39PM EDT Report Abuse

    (SLEIPNIR) is now the best browser which is new, and gaining share in the market. Its very helpful for advanced users.

  • 50 Posted by golfball_boy on Thu Sep 3, 2009 4:11PM EDT Report Abuse

    Well, I've been programming on the web semi-professionally for some time now. I've used only IE since I was old enough to know what the internet was. I've never had a problem with it. Used Firefox once; I'd stick with IE, no question. If people are going to sites that download spyware and such they shouldn't even be on the internet at all. All you people who are slamming Microsoft, I just have one thing to say to you: If you can't make a better OS and internet browser that's more secure - blah blah blah - youself, then shut your mouths. I mean, come on, as long as programmers can tell the browser/server what to do and when to do it, problems like this are going to occur.

  • 51 Posted by buda_bless on Thu Sep 3, 2009 3:15PM EDT Report Abuse

    Just proves that IE has always sucked and always will suck. CHL

  • 52 Posted by fulcizombi on Thu Sep 3, 2009 4:04PM EDT Report Abuse

    I prefer FF but I've never had any problems with IE. The good thing about FF is that it is more customizable than IE. Ever since FF released FF I have had a few stability problems that never happened in version 2 but not enough problems to make me switch.

  • 53 Posted by froggyhopper_90 on Thu Sep 3, 2009 4:03PM EDT Report Abuse

    Seriously.. Anyone can hack into anthing.. Its not going to stop someone if they want you. now whether they get caught or not. Suck it up, I love my Internet Explorer and it works great for my games and for school. So yall can keep dissing on Microsoft but for real they are the one that got the most up to date stuff. Well good night because yeah i have a life better then debating which is better!

  • 54 Posted by rodangol on Thu Sep 3, 2009 8:47PM EDT Report Abuse

    i am more interested in how to block the attempts at stealing information until microsoft fixes it themself. and deleting my stored info is not an option. i do suggest anyone who uses a network, internet or otherwise, or puts any type of media onto a compyter to have antivirus, firewall, and spyware protection. personally, i use symantec endpoint, windows firewll, and spybot s&d.

  • 55 Posted by trendymoose on Thu Sep 3, 2009 10:19PM EDT Report Abuse

    Sleipnir is based on Mozilla code an is still in alpha testing i highly discourage using this browser.

  • 56 Posted by myirishfather on Thu Sep 3, 2009 7:31PM EDT Report Abuse

    I'm using explorer right now. Meh. Honestly I have nothing of real value on here. I play a few games and stuff, but I could care less if I lost those. Don't have a credit card or anything. *shrug* Don't see the reason why.

  • 57 Posted by persianlady3 on Thu Sep 3, 2009 8:07PM EDT Report Abuse

    H E L P!!! PLEASE RESPOND...... H E L P !!! I had a blog on here earlier stating my problem. I learned of the IE problem late Tuesday... and immediately began using my Firefox. Upon going to my Facebook page, Mozilla came on and said I needed to update.... so I did. After updating Mozilla, my Mozilla Firefox stopped working and I have been unable to either remove or download it. What is happening? I've now downloaded Opera and Chrome and both are working fine, but I'm wondering if there's something else going on here. Will someone please respond?

  • 58 Posted by gabrielstanton on Thu Sep 3, 2009 4:05PM EDT Report Abuse

    Did anyone notice that Yahoo has been pushing firefox for the last long time. Has anyone else noticed how many pro-firefox posts there are on here. Who the heck is this Christopher Null and why should we listen to him? I think this is just more bullsh** from people trying to manipulate as many people as they can with fear tactics and misinformation misrepresented as news. (Just like any media or so-called "news") F' em all. JUST DON'T LOOK!

  • 59 Posted by montegofreak on Thu Sep 3, 2009 7:25PM EDT Report Abuse

    There is one true solution: it is spelled L-I-N-U-X! SuSE, Ubuntu, Red Hat/Fedora Core, Debian, Mint, DSL, generally easier to install, virus problems are virtually nonexistent, have more features, and best of all, usually only cost the time of downloading!

  • 60 Posted by alluring_jan on Thu Sep 3, 2009 2:51PM EDT Report Abuse

    darn, kindly post any possible solutions for this or any hope coming from the IE people. I have been a victim, I couldn't sign in in my yahoo account anymore after using IE browser last Monday eve, Dec 16, 2008. This has brought terrifying effects not only to the small individuals but as well as to the huge companies that were victimized. bring back my passssssssswwwwwwwwwwwwwwwwwoooorrrrrd PLS!!!!!!!!!!!!!!!

  • 61 Posted by ctippetts on Thu Sep 3, 2009 3:32PM EDT Report Abuse

    It's not a "flaw" in the true sense, since "flaw" infers "failure", and something put in the code as a "back door" that actually works, is hardly a failure, thus not a flaw.

  • 62 Posted by bigbassdrummer2 on Thu Sep 3, 2009 3:06PM EDT Report Abuse

    Items to note regarding changeover- Safari or Mozilla will work equally well as your default browser in the place of IE7. You can leave IE7 in control panel, you do not have to uninstall. If you choose to be sure you already have a backup copy of your pc data in case you might need it. Doubtful but always helpful. Connectivity and response time seem to have improved with the changeover from IE7. Good luck-

  • 63 Posted by kwetcipenes on Thu Sep 3, 2009 4:54PM EDT Report Abuse

    I've thought this for the last 19 years....virus, worms, etc. were probably developed by Microsoft et. el. for the sole purpose of making billions in security programs!

  • 64 Posted by sunpost on Thu Sep 3, 2009 9:48PM EDT Report Abuse

    If I use a different browser do I have to wear a foil hat.

  • 65 Posted by thisjukeboxplays33rpm on Thu Sep 3, 2009 10:07PM EDT Report Abuse

    You can have all my crap. I don't honestly care. I still remember the AJAX exploit that nearly killed my Yahoogroups over two years ago. Held up the new Mail program until now. AS IF I used money on the Internet in the first place...computers haven't been secure since the beginning and then old pals would see what bothered a PDP-8. I'm never going to bother with ALT browsers because they all reek of MOTHER...AOL NETSCAPE/MOZILLA. NETSCAPE was fine until V.6 and then I left for IE 5.5... If this is so bad then why have I used it for 10 years? WELL! Isn't THAT special.

More Posts: First Prev 2 3 4 5 6 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.