[LINK] Fwd: vip-l: FW: IE Exploit: Important Stop Using IE Until Security Flaw is Patched

[Stilgherrian]

On 29/3/06 7:58 AM, "Jan Whitaker" <jwhit at melbpc.org.au> quoted some
un-named person who screeched:
>> Bottom LIne:    YOU  SIMPLY   MUST-MUST-MUST   STOP USING INTERNET
>> EXPLORER

Yes, there's an actively-deployed exploit for a yet-to-be-patched
vulnerability in Internet Explorer, and that's a cause for concern. But this
tabloid-style shrillness continues to reinforce the myth that simply
replacing IE with another browser suddenly solves all your security
problems.

I'm preaching to the choir here on Link, of course, because every single one
of you has deep technical knowledge and a rational approach to information
security. ;) But...

ANY software may have vulnerabilities, and ANY vulnerability may be
exploited before anyone knows about it or patches against it. Yes, there are
"inherent difficulties" with IE, especially on Windows, which make it more
susceptible. But I think this simplistic "IE = bad" approach is the kind of
dumbing-down which prevents people taking information security seriously.


>The first wave of drive-by downloads was spotted on March 25, and
>security experts tracking the attack say the threat is growing at a rate
>of 10 new malicious URLs every hour.

When the number of websites is in the hundreds of millions, this doesn't
sound all that widespread.

Is this a case of a journalist seeing "Russian mafia" and the sexy jargon
word "zero-day exploit" and seeing a chance to screech a bit?

I haven't read anything about this in detail yet, but even before my second
cup of coffee I'd suspect that this isn't anything we haven't seen before.
Or am I just getting jaded? :)

Stil


-- 
Stilgherrian <stil at stilgherrian.com> http://www.stilgherrian.com/
Internet, IT and Media Consulting, Sydney, Australia. ABN 25 231 641 421
mobile 0407 623 600 (international +61 407 623 600)
fax 02 9516 5630 (international +61 2 9516 5630)