I don't use Internet Explorer but I'll post this for others that may use it because it's very important.

link

Thanks Cam

yah.. I read that the yesterday and downloaded Mozilla firefox.

There's a patch coming out today for this, from what I've heard.

Thanks Cam,

Looks like the patch is out as there was a security update released today but as is typical with Microsoft the details aren’t that good but it sounds like the right one.

I don't know if you guys have tried Mozilla Firefox or not, but I didn't think I would ever switch from Internet Explorer, but I'm glad that I did. I've been using Mozilla Firefox for probably around a year now, and it's super easy to use, much faster (uses less resources) and is also supposed to be much more secure.

Just a side note.

As a developer, please note that everybody but Microsoft develops their pages FIRST for mozilla firefox, and then for IE. It is only out of obligation that coders modify and hack their code so it functions in IE.

At my work there are several pages (internal) that people have coded to not work just because they don't want to support IE because it is painful. We had to go and recode all pages that had essential javascript so that it would actually work in IE7.

So, for your sake, and for everyone else's sake, use Firefox :-)

I haven’t looked for the article but I believe that Symantec reported that last year Mozilla Firefox had over 120 security holes found to IE’s 50 some. However, not sure of the relative severity of them. It’s increasing popularity will by default make it more targeted. A quick search brings up millions hits many like this one.

http://arstechnica.com/journals/linux.ars/2008/12/17/firefox-security-updates-ready-for-download

Also many people think that they are safe just by running Linux but don’t have a clue how to set it up and secure it properly leaving them even more potentially vulnerable than people running windows. Home users just aren’t as targeted yet because the install base is so small compared to other OSs so most of the people cracking systems running Linux are targeting bigger fish like university departments where they can gain access to higher bandwidths and faster computers.

I’m not trying to be a Microsoft fanboy just trying to point out that just because it’s not Microsoft doesn’t mean it’s always safer.

Yep, good point.

However, Mozilla is updated by volunteers, Microsoft is not. This means it *can* be more agile.

And with linux...I remember when I was working at a computer "assembly" company that was kind of small, and we had assembled a cluster node of servers on a rack. My noob boss put linux on it, spent all day configuring the cluster node so that it would actually work, and overnight it was hacked and the whole system was hosed. They ended up bringing in a contractor to set up linux the right way.

Don’t get me wrong I love the idea of free (and open source) volunteer supported software, both philosophically and as you point out for reasons of agility. debian is my Linux distro of choice. And I prefer not buying/using Microshaft as much as I like avoiding Monster Cable. Unfortunately some of my PC use must interface with DOD computers and programs and guess what they use?

When I was attending UW Madison my roommate was always having to run in to his department to repair the damage done by hackers to their Linux network and try to find and patch the hole that they got in through and this guy even knew what he was doing, but I imagine home users are still pretty safe for the most part though China may be changing that.

One of my roles is managing our Internet Abuse Team. Waves of issues seem to change by area and come and go like the tide.

Although not really OS or application dependent, currently, the biggest issue we are tracking on our networks is phishing emails originating from a couple of countries in South America.

They start by sending out emails that look like they came from your Internet provider with some excuse as to why you should send them your user name and password. If you are silly enough to do so, they take over your mailbox and use it to send further phishing messages pretending to be financial institutions.

It's not a new thing at all, just happens to be the current hot problem of the day for the last month or so.

*In best Ren Voice*
"You IDDDIIIOOT"


Thats what you should tell people hwo fall for that scam...

I just checked my updates on vista and it has not installed the internet explorer security update yet nor can I find it to install it.

I went to microsofts website as well but in the end it brings me to my update manager but it is not there?

Where can I find this patch? Thanks!

I don't think a patch is out yet.


DL mozilla firefox

Dr. House, try this link. Scroll down the page and there are various links for the security patches.

You have to have the SP2 beta version installed

Me, I wouldn't be downloading my MS patches from anyone but Microsoft. No offense, Cam, but that's exactly how some viruses spread.

According to this and other articles the patch was released yesturday.

http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9123758



When I went to the MS Update site both XP and Vista patches were available for download/installation. Did you check your update history to see if it had already installed automatically?

For XP it looked like this. I believe it was also numbered 960714 for vista.

Here is a link to the fix. http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Be sure to use the correct fix for your operating system and version of IE.

I updated yesterday through Windows update.