This was posted at MMO-champion yesterday night, i figured all you should know if you do use Internet Explorer. Good luck
"""
Serious security flaw found in IE
A vulnerability has been discovered and the 27% of users of this site using Internet Explorer should probably install this hotfix as soon as possible ('http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx').

From BBC.co.uk ('http://news.bbc.co.uk/2/hi/technology/7784908.stm')
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it. Internet Explorer is used by the vast majority of the world's computer users.

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser. Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."

I seriously hope that people are here understand that Firefox, NoScript, and AdBlock are the way to go. They're not perfect, but they're not attacked like IE is.

/facepalm


You mean to tell me IE is an insecure browser?



News @ 11.

You know, I'm not really seeing anything from all this but the usual "PANIC!" media stories. The fact there are glaring holes out there that people are just waiting for you to click the wrong thing so they can steal your account info is nothing new. I'm more interested in knowing the specifics of detection outside of "run your antivirus and hope you pick it up". Granted, I don't mind the thing is searching for over 9000 possible things I could be infected with, but I'd prefer to know what keyloggers have been distributed during this outbreak and how to quickly detect them without having to rely on a program that, for all I know, takes a half hour to animate a bar from 0 to 100% and tell me everything is fine.

Microsoft Security Bulletin ('http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx?pubDate=2008-12-17')
Search Security ('http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1342935,00.html?track=sy160')
Secunia ('http://secunia.com/advisories/33089/')

You gota realize most virus/trojan/hacker "alerts" come from (guess who) - people who sell anti-virus / anti-spyware programs.

Mcafee and Symantec are the biggest offenders I think, with Trend not far behind.While I am all about the corporate conspiracy's and the general media trying to fear us into trusting them, this particular statement is far from true.
Most virus/trojan/hacker "alerts" come from independent security researchers, collegiate researchers, and yes, believe it or not, software manufacturers in-house security research teams.
McAffe and Symantic do in fact have their own software security researchers, but most of the stuff they do come from outside sources.

Keep an eye on sites like the three I posted above, SANS ('http://isc.sans.org/'), US-CERT ('http://www.us-cert.gov/cas/techalerts/index.html'), and even DarkNet ('http://www.darknet.org.uk/') is a good source of independent research and security issues

My favorite part is:
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."
because stealing game accounts isn't criminal.

I ended up just buying the Blizzard Authenticator from their site the other day. Hell its $6.50 with FREE shipping. Why WOULDN'T a boxer buy it? We have 2-5 times as much to lose and it only costs $6.50 for an authenticator that will work for ALL accounts. Takes about 10 seconds to set up and then adds about 2 seconds to your login time when you multibox, but will prevent you from ever having your account hacked. Plus, most likely it will work with future blizzard things like the new battle.net that will work with Diablo 3, etc.

I ended up just buying the Blizzard Authenticator from their site the other day. Hell its $6.50 with FREE shipping. Why WOULDN'T a boxer buy it? We have 2-5 times as much to lose and it only costs $6.50 for an authenticator that will work for ALL accounts. Takes about 10 seconds to set up and then adds about 2 seconds to your login time when you multibox, but will prevent you from ever having your account hacked. Plus, most likely it will work with future blizzard things like the new battle.net that will work with Diablo 3, etc.Yeah and all accounts can be tied to one authenticator. It's a good second layer of security and a minor inconvenience when logging in.

Well it certainly pleases me to hear you guys taking your precautions, i was just looking out for you all :D

"INTERNET EXPLORER NO GOOD!"

Thanks Ollie

Agreed....Firefox with some addons is much better. Also authenticator FTW

Loving chrome.

I am glad I use Firefox been doing so for years now, and every time i hear about some security issue with another browser its IE that is the browser in question. Well d/l adblock and noscript one you all suggested did not have those before thanks for the suggestion.