More Fun With IE

Paul AsadoorianMarch 22, 2006

Here we go again:

“There is a new exploit for Internet Explorer that was released by Secunia today. The exploit allows for arbitrary code execution.”

And as Lorna puts it, “its a heap overflow just waiting to happen”. It most certainly is. And what does that mean? It means that bad people have probably known about this exploit for quite some time and have already developed an exploit. They are using this exploit to compromise unsuspecting people who are using IE, most likely in large organizations who refuse to support anything other than Internet Exposure, er, Explorer. And compromise they will, installing the latest round of Spyware, Adware, and bots that will launch the next DDoS and make some hacker a hefty sum of money per month for his or her troubles.
We still don’t have a patch, and we don’t have a workaround, other than to use Firefox.

“Friends Don’t Let Friends Use Internet Explorer”

Full Article

.com

Paul Asadoorian

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

A young woman with a smartphone walks past a billboard advertisement for YouTube.

Threat intelligence

Majority of YouTube accounts Google terminated in Q3 linked to China

Steve ZurierAugust 29, 2022

While some of the 1,546 YouTube channels terminated by Google emanated from Russia, the vast majority blocked were linked to China.

Content

DevSecOps Scanning Challenges & Tips

Bill BrennerOctober 26, 2021

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

Content

It Should Be ‘Cybersecurity Culture Month’

Bill BrennerOctober 19, 2021

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

More Fun With IE

Related

Majority of YouTube accounts Google terminated in Q3 linked to China

DevSecOps Scanning Challenges & Tips

It Should Be ‘Cybersecurity Culture Month’

Get daily email updates