Internet Explorer Insecure Again!

If you have the new Secunia PSI 2.0 and turn on the Secure Browsing option settings, you probably see something like the picture below.

Most of the time, Chrome and Firefox quickly fix security problems, so they are safe. Most of the time Microsoft doesn't so it isn't. This is a constant and has been for many years. One of the first things a security conscious person should do is stop using Internet Explorer. It is true that it isn't as bad as it used to be, but it is nearly always unsafe.

A good example is the following story:

In July of 2010 Michal Zalewski sent Microsoft code that demonstrated a vulnerability in Internet Explorer which could allow hackers to take over the user's PC. He showed them the problem and gave them code demonstrating it as well as how it would be exploited. He also gave them 6 months to fix it before he would make it public.

Zalewski is not to be ignored. Google hired him for their security team after he demonstrated a huge number of security flaws in IE, Firefox and other products. Eweek ranks him as the 5th most influential security person in the world.

Microsoft ignored the problem for 6 months and now he's made the code public. Microsoft is upset and calls foul. USA Today quotes them: "Jerry Bryant, manager of response communications for Microsoft's Trustworthy Computing group, says Zalewski increased the risk that cyber criminals will find a way to take advantage of the browser flaw before a patch can be refined, tested and widely distributed."

So after being given the problem code and a demonstration of the problem and exploit by one of the leading security experts in the world, Microsoft did nothing for 6 months.

Zalewski says he has evidence that Chinese hackers found the flaw themselves and so he had to force Microsoft to do something. Had this been presented to either Mozilla or Google their respective browsers would have been fixed quickly.

USA Today Story