OnePlus 5T review: Hands-on
A new as yet un-patched flaw has been discovered in Internet Explorer.
It concerns a vulnerability that is due to a flaw in the handling of Macromedia Flash .swf files in IE windows. This manifests itself as a false address in the browser address bar, when you can in fact be connected to elsewhere.
This is a SERIOUS Phishing issue.
Secunia has developed a test to see if you are vulnerable click here
I tried a newly patched version of XP Home and it failed miserably. Firefox by comparison, did not yield to the attack.
To me, the moral of the story is clear. If you're still persisting in using IE as your browser, it's only a matter of time before you get caught out.
I also am a dedicated Firefox user.
Firefox,Firefox........Changed a week ago ,tweaked it a little and now very happy.
No going back to IE for my main browser.
I think it's only fair to point out
that saying "If you're still persisting in using IE as your browser, it's only a matter of time before you get caught out." is a rather wild overstatement of the true situation.
It's highly unlikely that the majority of IE users would ever experience problems with this vulnerability, and it's not exactly helpful to come into the forum and suggest otherwise without first making sure of the facts.
As many of you will know, Microsoft has a policy of issuing monthly security updates, as feedback from the market tells them that customers prefer it that way. Anything that's critical will be patched outside of these regular updates, but otherwise all vulnerabilities wait for the next update. The last update was issued on 11th April, and any new vulnerabilities will therefore wait for the May update.
Those of you who may be unsettled by reports such as the one that sparked this thread should be aware that some security companies spend a lot of time searching for obscure vulnerabilities in Microsoft software. Unpatched flaws are almost always low risk items, although the companies involved might have a vested interest in persuading you to think otherwise. I should make it clear that I'm not referring to any specific company here. I'm simply pointing out a fact - that a whole raft of companies make some of their money by protecting people from risks that are very unlikely to become a reality.
Browser loyalties are powerful,I know, but let's keep our feet on the ground and be aware of the facts - the majority of the world's computers are running Internet Exporer as their default browser, and if any flaw really was a critical threat the news would be everywhere pretty quickly. Microsoft would patch it rapidly, and the patch would be available on the Windows update site.
I don't think it's a "wild overstatement" at all.
The fact that this flaw has been discovered (and proven) means you could think you are logged on to your bank, when in fact you are somewhere totally different.
Phishing is probably now the number one danger to Internet users; very likely a higher threat than viruses which seem to have abated somewhat recently.
The point is, this week was "patch Tuesday" and this flaw is still very much wide open. Internet Explorer has proven over time to have more holes than a watering can and as I've said many times before, is the browser most people use, because it's pre-loaded and they don't know any different. Suppose the default browser Microsoft supplied was Firefox, or Opera, or Safari, or Whatever, IT would be the most used browser. It's as simple as that.
I believe part of the value of these Forums, is to be able to offer information not only to fix computers, but to educate people of the alternatives there are. IE may be the world's most used browser, but personally, I think it falls very far short of being the best.
The more you delve into how browsers work, the more you realise that IE is a proprietary browser that Microsoft has written to be non W3C compliant, and therefore web designers have to (effectively) code for IE, thus risking breaking their sites for other browsers which comply with the standards. Non-compliant code ultimately can only be bad for the Internet as a whole, not only because it creates its own set of security issues, but also ties in designers to a specific way of coding: but that's a debate for another day.
and somewhat boring "My browser's better than yours" debate; that's been done ad nauseam. I didn't remotely infer that phishing isn't a serious problem, in fact I didn't mention it, and I certainly have no argument with anyone who wants to mention alternative browsers. We have a duty to all our forum members however, and the inescapable truth is that the majority use Internet Explorer - never mind why they do it, they just do.
My point, and I maintain it, is that the chances of the average Internet Explorer user being in any way put at risk by this flaw are tiny, and to say, in a computer help forum that "If you're still persisting in using IE as your browser, it's only a matter of time before you get caught out." is a gross overstatement of the severity of the risk - and extremely irresponsible. What qualifies you to to draw that conclusion, what is the basis for your comment?
Justify your assertion with your own reasoned explanation (not one you've culled from a security site) and I'll happily withdraw my "wild overstatement" remark.
Otherwise it stands.
The last sentence of my original post started "To me". Therefore, I would have thought it clear that it was my personal opinion and one that those who have already suffered as a result of phishing attacks could relate to.
Of course not everyone in the world is not going to suffer, but if you happen to be the unlucky one, maybe you would see it from a different perspective. Why put yourself at risk (however low) if it's not necessary?
Further, nowhere did I ask you to withdraw your "wild overstatement" remark. You have your opinion which I respect and I have mine. I thought that's what Speakers Corner was all about. Now members (and visitors) can read both views and decide for themselves.
I don't think Firefox is all that secure either.
You're right, we can all have an opinion, and there's nothing wrong with pointing things out - my only problem is when opinions are represented as facts, which is why "If you're still persisting in using IE as your browser, it's only a matter of time before you get caught out" grabbed my attention. It gives the impression that there's something wrong with using IE - which isn't the case at all.
As you say - now our forum users can decide for themselves, and thanks for the clarification.
This thread is now locked and can not be replied to.