bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 18th Sep 2013, 11:10   #1
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,258
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Microsoft releases out-of-cycle patch for IE flaw

Critical vulnerability being actively exploited.
http://www.bit-tech.net/news/bits/20.../ms-ie-patch/1
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 18th Sep 2013, 11:24   #2
Snips
I can do dat, giz a job
 
Snips's Avatar
 
Join Date: Sep 2010
Location: wiv me kids
Posts: 1,895
Snips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming Saiyan
I don't get it, they've found vulnerabilities, provided solutions and this is somehow a bad thing?

Slow news day?
Snips is offline   Reply With Quote
Old 18th Sep 2013, 11:30   #3
Corky42
I Mod, Therefore I Own
 
Join Date: Oct 2012
Posts: 3,093
Corky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming Saiyan
I would argue this doesn't damage there public image, its good to know they are releasing security related patches as they become aware of them. Although they then go onto to shoot them selves in the foot by not making it available via WU, a system designed to make sure peoples systems are kept up to date.
Corky42 is offline   Reply With Quote
Old 18th Sep 2013, 11:30   #4
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,258
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by Snips View Post
I don't get it, they've found vulnerabilities, provided solutions and this is somehow a bad thing? Slow news day?
I'd beseech you to read the article before making comments like that. If that's too much to ask, allow me to summarise:
  • Microsoft did not discover the flaw; an independent researcher published it to the CVE.
  • Microsoft is not releasing the patch through Windows Update, leaving those who are not alerted to it through articles like this unprotected until at least next Patch Tuesday in October.
  • Further to the above: the flaw is being actively exploited in the wild.
  • The 'solution' is a workaround, and simply disables the flawed MSHTML shim - which means anything relying on said shim will break.
  • Which is exactly what Microsoft did back in January, when yet another remote code execution vulnerability was found in the MSHTML shim.
  • The targeted attacks in-the-wild so far only look for IE8 and IE9, but the flaw exists from IE6-11 - a massive swathe of vulnerable users.

So, no, not a slow news day - but a very important story.
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!

Last edited by Gareth Halfacree; 18th Sep 2013 at 11:36. Reason: Added link to January's MSHTML shim vulnerability.
Gareth Halfacree is online now   Reply With Quote
Old 18th Sep 2013, 12:41   #5
liratheal
Sharing is caring
 
liratheal's Avatar
 
Join Date: Nov 2005
Location: Lichfield, UK
Posts: 7,716
liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.liratheal is the Cheesecake. Relix smiles down upon them.
I don't really use IE, but installed anyway.
__________________
Shadow Moses: Windows 7, Asus Sabertooth X58, 12gb Corsair XMS3, i7 950, 2x XFX 280DD 3gb's, Corsair 1kw
Groznyjgrad: Storage Server 2012, Gigabyte Z77-D3h, i3 2100, 16gb DDR3, 5xWD 1tb, 5x Seagate 1tb
2008 Mondeo estate
Focus RS Mk1; Build number 1506
liratheal is offline   Reply With Quote
Old 18th Sep 2013, 13:10   #6
Snips
I can do dat, giz a job
 
Snips's Avatar
 
Join Date: Sep 2010
Location: wiv me kids
Posts: 1,895
Snips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming Saiyan
Gareth, read my comments before making comments like that.
Snips is offline   Reply With Quote
Old 18th Sep 2013, 13:14   #7
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,258
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by Snips View Post
Gareth, read my comments before making comments like that.
Oh, but I do. Every time. Even though I can predict their content with 99% accuracy simply from knowing what I wrote in the article...
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 18th Sep 2013, 13:58   #8
Snips
I can do dat, giz a job
 
Snips's Avatar
 
Join Date: Sep 2010
Location: wiv me kids
Posts: 1,895
Snips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming Saiyan
Is that right? Well try the balanced approach next time and not the "usual" anti-Microsoft reporting you somehow always seem to portray.

Maybe then, you may get comments about the article and not your bias.
Snips is offline   Reply With Quote
Old 18th Sep 2013, 14:02   #9
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,258
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by Snips View Post
Is that right? Well try the balanced approach next time and not the "usual" anti-Microsoft reporting you somehow always seem to portray. Maybe then, you may get comments about the article and not your bias.
My bias? Wow. Perhaps if you weren't so blind to Microsoft's various failings, everyone who doesn't act like it's the second coming wouldn't appear biased to your eyes.

I'd dig out all the stories I've written about the good things Microsoft has done, but let's face it: you're just trolling to waste my time. Get a new schtick, dude - your pro-Microsoft fanboyism got old a long time ago.
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 18th Sep 2013, 15:01   #10
SuicideNeil
I'm insane, not stupid.
 
SuicideNeil's Avatar
 
Join Date: Aug 2009
Location: Devon, England
Posts: 5,428
SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.SuicideNeil is definitely a rep cheat.
__________________
ASUS P8Z77-M PRO | INTEL CORE i5 2500K @ 4.3GHZ | EVGA GEFORCE GTX 670FTW | CORSAIR VENGENCE DDR3 1600MHZ 2x 4GB | SAMSUNG SPINPOINT F3 1TB | TITAN FENRIR | ACER PREDATOR | WIN 7PRO x64
SuicideNeil is offline   Reply With Quote
Old 18th Sep 2013, 16:06   #11
forum_user
forum_title
 
Join Date: Jan 2012
Posts: 240
forum_user has yet to learn the way of the Dremel
Quote:
Originally Posted by Gareth Halfacree View Post
Critical vulnerability being actively exploited.
http://www.bit-tech.net/news/bits/20.../ms-ie-patch/1
Being actively exploited ... but MS is not releasing the patch to everyone. Just tech geeks who read up on tech news ...

Smells fishy to me.
forum_user is offline   Reply With Quote
Old 18th Sep 2013, 18:29   #12
Snips
I can do dat, giz a job
 
Snips's Avatar
 
Join Date: Sep 2010
Location: wiv me kids
Posts: 1,895
Snips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming SaiyanSnips is a Super Spamming Saiyan
Not at all, we all expect more from Bit-tech and it's unbias reporting. Something clearly forgotten by some.
Snips is offline   Reply With Quote
Old 18th Sep 2013, 18:32   #13
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,258
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by Snips View Post
Not at all, we all expect more from Bit-tech and it's unbias reporting. Something clearly forgotten by some.
Yes. By you, it would seem. Mote, eye, beam, thine own, yadda yadda.

Interesting that you should pop up in Microsoft's defence in *this* thread, too, while being completely absent in the thread about the ten patches it had to withdraw and reissue this month. Or the month before that. Or the month before that. Or the month before that.
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 18th Sep 2013, 18:39   #14
SchizoFrog
Ultramodder
 
SchizoFrog's Avatar
 
Join Date: May 2009
Location: East London
Posts: 1,066
SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.
OK, here are my opinions on this article and the comments above:

Critical articles and opinions are to be expected from anything as big as Microsoft, the larger you get the bigger the target you become. Often negative articles and comments about such 'big' things are not always a bad thing though as they can highlight often glossed over failings and help identify issues to be rectified. I have no problem with this, I have major problems with articles and comments that say nothing more than 'MS is ****, use something else'.

I am a bit confused by this article though. Not this article itself but why it was even written and deemed worthy as a news point. So I am not a serious OS or Network Admin geek so I may not understand it's importance, but then that should have been explained in the article if it was such, but to my understanding there are nearly always flaws, back doors and 'in-the-wild' vulnerabilities with products such as Windows. It has always been the case and most likely always will be. So why was this particular flaw deemed to be different and important enough to warrant it's own individual story?

As for comments responses... I think Gareth has had a bad day, he doesn't normally bicker like a little girl. However, it is highly annoying and frustrating when news stories and articles only seemed to be followed by the relevant admins for a couple of days or even only a few hours leaving questions to go unanswered from readers in the comments sections. The MOST important thing about a website is the interaction between forum members and the site's admins, I think that is often forgotten in these articles. and too much time is spent elsewhere.

As for a 'slow news day' comment, I have to agree some what. I mean really, how many of this site's readers do you really think will bother with this story? I only came here because I thought it was a continuation of the 'patch Tuesday' article a few days ago and then I read the comments.
I have to be honest as I have often felt like commenting about the articles that appear on Bit-Tech these days but usually end up deleting said comment rather than posting. There is not enough of the old school articles that made Custom PC and Bit-Tech (once it changed names) great. There are far too many of the same articles and reviews, how many reviews do you want to do of very similar cases, fan controllers and almost identical SSD's? Not to mention the so called 'game reviews'. I loved this site and the mag when it was about hardware and what you can do with it. Not how to waste time being anything but constructive. There are dedicated game review websites and magazines for that, it gets worse when most of the games reviewed are sub-par, budget releases or mobile app games. This is not what I come here for and I think the stats prove that others feel the same. Just look at the comment numbers on articles and count how many comments there are these days. The large amount fail to even get double figures and I remember when articles used to hit hundreds of comments.

Anyway, I've had my rant and said my piece. Take it as you will but it was meant as polite and constructive criticism.
__________________
Fractal Design Arc Midi Rev II - ASUS P5K Premium WiFi
Q6600 - SilverStone Argon AR01 - 6GB Corsair PC2-6400 DHX
ASUS nVidia 750 Ti OC - Samsung 840 EVO 250GB
Windows 7 Ultimate (64bit)
SchizoFrog is offline   Reply With Quote
Old 18th Sep 2013, 18:46   #15
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,258
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by SchizoFrog View Post
I am a bit confused by this article though. Not this article itself but why it was even written and deemed worthy as a news point. So I am not a serious OS or Network Admin geek so I may not understand it's importance, but then that should have been explained in the article if it was such, but to my understanding there are nearly always flaws, back doors and 'in-the-wild' vulnerabilities with products such as Windows. It has always been the case and most likely always will be. So why was this particular flaw deemed to be different and important enough to warrant it's own individual story?
Two reasons: one, that the flaw is being actively exploited in targeted attacks, something Microsoft has admitted while downplaying the number as being 'limited;' two, that the patch is not being pushed out automatically, meaning that those with IE installed will be vulnerable to said attacks until the proper update is released unless they read an article like mine and run Microsoft's Fix It as liratheal did in the comments upthread.

The flaw, for clarity, is what's known as a zero-day vulnerability. This means the bad guys know about it - as evidenced by the ongoing attacks targeting the flaw - but there is no patch yet released. The workaround is a 'fix' for now, but needs manually installing - something Microsoft isn't going out of its way to inform its customers about. Hence the need for news articles like the above: they get the word out. Don't use IE? You may still need the patch, as it's embedded in the OS pretty deeply - and even if you don't use IE, the chances are good you know someone who does and can pass the message on.

Quote:
Originally Posted by SchizoFrog View Post
As for comments responses... I think Gareth has had a bad day, he doesn't normally bicker like a little girl.
No, but I do have a very limited capacity for dealing with fanboys who accuse me of bias with absolutely no justification.
Quote:
Originally Posted by SchizoFrog View Post
Anyway, I've had my rant and said my piece. Take it as you will but it was meant as polite and constructive criticism.
And it was, indeed taken as such - and I thank you for taking the time to make the post.
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 19th Sep 2013, 08:35   #16
Fracture
Minimodder
 
Join Date: Jun 2013
Posts: 30
Fracture has yet to learn the way of the Dremel
Quote:
Originally Posted by SchizoFrog View Post
I am a bit confused by this article though. Not this article itself but why it was even written and deemed worthy as a news point. So I am not a serious OS or Network Admin geek so I may not understand it's importance...
I think your logic is a little flawed here... Just because you read an article that you found didn't really relate or interest you doesn't automatically deem it irrelevant to every single other user on these forums. This is a website for both PC enthusiasts and professionals alike. Its PC related news... How is it irrelevant?

Quote:
Originally Posted by SchizoFrog View Post
As for comments responses... I think Gareth has had a bad day, he doesn't normally bicker like a little girl.
I think the comments were handled pretty well by Gareth. Its rare to find such a level-headed, fact filled and accurate response to a forum user who is clearly trolling and didn't even bother to read the article.
Fracture is offline   Reply With Quote
Old 19th Sep 2013, 08:52   #17
Nexxo
Whatever's Geek.
 
Nexxo's Avatar
 
Join Date: Oct 2001
Location: Birmingham, UK
Posts: 26,378
Nexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming Saiyan
I agree. Being accused of bias every time you publish some useful information just because it does not paint some company in a glorious light gets tiring pretty soon.

I mean, FFS. These are just brands. I'll stick up for Windows 8 and even own a Windows Phone, but it's not like Microsoft is my mother or something. It's not as if Microsoft, Apple or Google care about us beyond making us buy their stuff. Fanboiism is the most asinine behaviour ever. It's the forum equivalent of people having punch-ups on the football pitch over which club they support.

If you don't think that the article is relevant to you, them don't read it and move on. Other people may find it very important. Another reminder that you are not the centre of the universe.
__________________
In memory of Kidmod-Southpaw (1997 - 2014)
a fellow geek, modder, dreamer of dreams
https://www.justgiving.com/kidmod
Nexxo is offline   Reply With Quote
Old 20th Sep 2013, 03:10   #18
SchizoFrog
Ultramodder
 
SchizoFrog's Avatar
 
Join Date: May 2009
Location: East London
Posts: 1,066
SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.SchizoFrog is the Cheesecake. Relix smiles down upon them.
I just want to defend my comment and opinion about the importance of the original article in response to the latest comments about being 'the centre of the Universe'.

I never suggested that articles should be tailored for my own personal tastes and even mentioned that I may not understand the importance of the subject matter. However, I haven't seen widespread news articles or alerts about this particular threat and wondered why it merited an article of it's own. Just because it is a zero-day threat, out-in-the-wild and being exploited I still don't see it to be a big enough issue of importance. Some people and systems may and will fall victim to this I agree but why is it so different from so many other vulnerabilities? Many of which are also zero-day, out-in-the-wild and being continuously exploited but they don't all get reported in articles like this one. So once again I was wondering why this one stood out and to me, it still doesn't stand out, not warrant a news article of this manner. You only have to look at the comments above, or the lack of to get some idea of how interested people were in reading and discussing this subject. I happen to think that maybe time and effort could have been better spent elsewhere.
I also happen to think that those people who run this website and the magazine may just be interested in other people's opinions about what they do and do not find interesting reading from time to time, as if they didn't they would soon find themselves writing articles that no one read and thus they would soon be out of a job.
It's only my opinion and you are welcome to agree or not as you will. However, should my comments further annoy you then might I suggest you take your own advice and 'move on'? Other people may well be agreeing with my comments too you know.
__________________
Fractal Design Arc Midi Rev II - ASUS P5K Premium WiFi
Q6600 - SilverStone Argon AR01 - 6GB Corsair PC2-6400 DHX
ASUS nVidia 750 Ti OC - Samsung 840 EVO 250GB
Windows 7 Ultimate (64bit)
SchizoFrog is offline   Reply With Quote
Old 20th Sep 2013, 09:15   #19
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,258
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by SchizoFrog View Post
However, I haven't seen widespread news articles or alerts about this particular threat and wondered why it merited an article of it's own. Just because it is a zero-day threat, out-in-the-wild and being exploited I still don't see it to be a big enough issue of importance. Some people and systems may and will fall victim to this I agree but why is it so different from so many other vulnerabilities? Many of which are also zero-day, out-in-the-wild and being continuously exploited but they don't all get reported in articles like this one.
This appears to be the root of your confusion: there aren't "many [vulnerabilities] which are also zero-day, out-in-the-wild and being continuously exploited." If there were, nobody would be using Windows for very long.

There are, realistically, three classes of dangerous vulnerabilities: the ones we don't know about, the ones we do know about, and the ones we've fixed. The former is the most dangerous, yet the least widespread: a small portion of ne'er-do-wells know about it and actively exploit it, but they need to keep that knowledge private lest the software company get wind of it and fix the bug. The middle category, into which this flaw fits, is arguably less dangerous but more widespread: the software company knows about it and is working on a fix, but for now the majority of users are vulnerable and, unlike the former category, it's guaranteed that all ne'er-do-wells know at least of its existence and will be actively attempting to use it to exploit targets. The latter, meanwhile, becomes a race against time: if a patch is released, the pool of exploitable targets becomes ever-smaller - although never totally disappears, thanks to users doing inadvisable things like ignoring Windows Update or using outdated versions of the software for which no patch was ever released.

You can't easily write about the vulnerabilities that we don't know about, which means you're left writing about the vulnerabilities we do know about. The biggest issue, then, is the ones that are not yet patched - as with this vulnerability. It leaves customers at-risk, and in the case of this particular vulnerability it's a serious risk: simply visiting a website in any version of IE, or loading an HTML page in various other applications which use the IE engine to render said content, is enough for an attacker to exploit the vulnerability and take total control of your computer. You can protect against this by applying the Fix It patch - but only if you know it exists, which, as I've said upthread, is where the import of this story comes into play.

As far as I'm aware - and please, do feel free to correct me on this if there's something I've missed - there are no other known but unpatched vulnerabilities in any version of Windows or IE that are as serious as this one; if there were, I would have written about those, too.

Does that help to explain things at all?
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 20th Sep 2013, 09:21   #20
Nexxo
Whatever's Geek.
 
Nexxo's Avatar
 
Join Date: Oct 2001
Location: Birmingham, UK
Posts: 26,378
Nexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming Saiyan
Quote:
Originally Posted by SchizoFrog View Post
I just want to defend my comment and opinion about the importance of the original article in response to the latest comments about being 'the centre of the Universe'.

I never suggested that articles should be tailored for my own personal tastes and even mentioned that I may not understand the importance of the subject matter. However, I haven't seen widespread news articles or alerts about this particular threat and wondered why it merited an article of it's own. Just because it is a zero-day threat, out-in-the-wild and being exploited I still don't see it to be a big enough issue of importance. Some people and systems may and will fall victim to this I agree but why is it so different from so many other vulnerabilities? Many of which are also zero-day, out-in-the-wild and being continuously exploited but they don't all get reported in articles like this one. So once again I was wondering why this one stood out and to me, it still doesn't stand out, not warrant a news article of this manner. You only have to look at the comments above, or the lack of to get some idea of how interested people were in reading and discussing this subject. I happen to think that maybe time and effort could have been better spent elsewhere.
I also happen to think that those people who run this website and the magazine may just be interested in other people's opinions about what they do and do not find interesting reading from time to time, as if they didn't they would soon find themselves writing articles that no one read and thus they would soon be out of a job.
It's only my opinion and you are welcome to agree or not as you will. However, should my comments further annoy you then might I suggest you take your own advice and 'move on'? Other people may well be agreeing with my comments too you know.
Reader feedback is important, but only useful if it is constructive. Saying: "Why are you even publishing this? I don't see how this is important" does not tell the Bit-Tech editor anything of what you do find important and would like to read more of. Telling people what not to do does not tell them what to do instead.

Meanwhile this thread has had 485 views, so apparently someone is taking an interest.

As an aside, you have no problem telling Gareth that he bickers like a little girl, but obviously you do not take comments about your post in the same casual spirit. If you dish it out, you have to be able to take it too.
__________________
In memory of Kidmod-Southpaw (1997 - 2014)
a fellow geek, modder, dreamer of dreams
https://www.justgiving.com/kidmod
Nexxo is offline   Reply With Quote
Reply

Tags
insecurity, internet explorer, microsoft, msie, patch tuesday, security, software, vulnerability, web, web browser

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 18:28.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.