
Internet Explorer users face drive-by attacks targeting new 0-day bug - dsr12
http://arstechnica.com/security/2013/11/internet-explorer-users-face-drive-by-attacks-targeting-new-0day-bug/
======
code_duck
> The attackers embedded the exploit code directly "into a strategically
> important website, known to draw visitors that are likely interested in
> national and international security policy," the researchers wrote.

Anyone know which site they're referring to?

~~~
TheSpiceIsLife
arstechnica?

------
eksith
The more I see stories like this, the more I'm convinced, truly security
conscious people should be browsing the web in Lynx.

~~~
handsomeransoms
telnet port 80 or bust

~~~
skue
The truly paranoid can go hard core: telnet 443

------
moocowduckquack
Don't worry, Inori Aizawa will stop them.

~~~
Danieru
We'll see what happens at the next comiket.

------
coopaq
Can anyone say (technically) what these attacks are so I can avoid reading
that fluffy article?

edit: I know it is a short article.

~~~
jonchang
It's the recent TIFF code execution bug found in Office 2010 and earlier. See
[https://news.ycombinator.com/item?id=6678957](https://news.ycombinator.com/item?id=6678957)
for discussion.

~~~
code_duck
That, plus a separate exploitable hole in IE/Windows.

> The vulnerabilities in various configurations of IE versions 7, 8, 9, and 10
> running on Windows XP and Windows 7 are separate from the Microsoft Windows
> and Office graphics flaw that's also under active exploit at the moment.

> One flaw allows attackers to access and control computer memory, and another
> leaks system information needed to capitalize on the first bug.

------
deanclatworthy
This is the first I've heard about EMET. Can any of our resident security
gurus comment on whether it's worth installing?

------
colinbartlett
The image on that article really confused me.

~~~
ssully
Same. I was waiting for the article to mention how an IE bug led to a drive by
shooting.

