Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: chrisgixer on 28 April 2014, 19:29:33
-
http://www.reuters.com/article/2014/04/28/us-cybersecurity-microsoft-browser-idUSBREA3Q0PB20140428
-
Seeing as I have 2 brand spankers Optiplexes, I suppose bro will be on the blower to get them built and back over to him to replace his XP tills ;D
First job, open the boxes they came in :P
They didn't give the risk level so its not clear how bad it is, but that is what we expect from sensationalist journalism.
-
I guess the fact the recommendation comes from the US govt. implies its serious enough.
But then I know bog all about it. Reuters are fairly well respected I believe.
Anyway. Better to know than not. ;)
-
I guess the fact the recommendation comes from the US govt. implies its serious enough.
But then I know bog all about it. Reuters are fairly well respected I believe.
Anyway. Better to know than not. ;)
I agree with your sentiments :y
If it wasn't Reuters, I'd say it sound exactly like a hoax. Its worded 100% like a hoax (sensationalist, "Big Name" companies saying take extreme action, nasty people will have total control of your PC, world will end etc).
Oddly, I haven't had any alerts about it yet, and I'm subscribed to all the big CERT lists, but I did shut down my works laptop at 5pm ;D
-
Aye, genuine.
http://www.kb.cert.org/vuls/id/222929
TY for heads up :)
-
And yet another reason to run as a limited user (pre Vista Windows) or not to disable UAC (Vista onwards). If Internet Explorer (or any other piece of software) is running with limited rights, its far, far harder for malware to get on and cause problems.
-
From what I have read the exploit can only be carried out through a special / compromised website and relies on you running as an Administrator in Win Vista / 7 / 8. So the risk is low unless you are used to clicking on links in unsolicited emails and with Vista / 7 / 8 running as an Administrator and using IE.
http://www.bbc.co.uk/news/technology-27184188 (http://www.bbc.co.uk/news/technology-27184188)
-
From what I have read the exploit can only be carried out through a special / compromised website and relies on you running as an Administrator in Win Vista / 7 / 8. So the risk is low unless you are used to clicking on links in unsolicited emails and with Vista / 7 / 8 running as an Administrator and using IE.
http://www.bbc.co.uk/news/technology-27184188 (http://www.bbc.co.uk/news/technology-27184188)
That seems to be the case :y. I think I'd trust more what the vendor says than the UK (or US it seems!) media ;)
https://technet.microsoft.com/en-US/library/security/2963983
-
It doesn't come across well, as a layman, when its on the national news, sky in this case, before Microsoft have bothered their arse to inform their customers.
And no, this isn't an Apple v Microsoft thing. I have windows machines as well don't forget. (If only I could remember where I put mine ;D )
-
It doesn't come across well, as a layman, when its on the national news, sky in this case, before Microsoft have bothered their arse to inform their customers.
And no, this isn't an Apple v Microsoft thing. I have windows machines as well don't forget. (If only I could remember where I put mine ;D )
It depends how its reported. Most hackers will report privately to the vendor, not releasing exploit code until after the vendor has fixed and regression tested the issue. Others release exploit code for their 15 mins of fame. The worse of the lot are those that keep it very quiet, but use/sell it for their own means.
This appears to be the 2nd one.
MS will provide a fix for supported systems automatically as and when they can, based on seriousness. If not deemed critically serious, it will wait for patch Tuesday (2nd Tue of the month), else it will have an out of cycle update. That's really the only method they have available to inform users.
They are better than most. Oracle, for example, use a 3 month cycle for updates, which given the constant flaws in Java, is a bit of a pain. Apple are a law unto themselves, and never tell anyone anything. And the Linux mob just can't sort their arse from their elbows, as shown in the recent Heartbleed 'dangle berries' ;D
Given that this appears not to be that serious, despite the media BS, I'd guess it will be an in cycle fix, so probably fixed in 2 weeks.
The media I think are still creaming themselves over Heartbleed, which was very serious, so any flaw will be serious in their eyes for a few weeks... ...until another plane disappears, ferry sinks, or WW3 starts.