this post was submitted on 13 Jul 2024
39 points (95.3% liked)

Cybersecurity

5833 readers
91 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
 

Check Point Research (CPR) has identified a critical zero-day spoofing attack exploiting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser's retirement.

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 13 points 5 months ago

What's nasty is that ~32x32 preview image. That's the real travesty here.

[–] [email protected] 5 points 5 months ago* (last edited 5 months ago) (1 children)

Hmm windows 11 doesn't anymore contain IE? It is one of the challenges for some legacy "IE only" enterprise Web apps, and causing migration issues.

No one definaly should not be using those apps anymore, but world is full of crazy legacy code that orgs don't have will to fix them.

[–] Quexotic 4 points 5 months ago (1 children)

Will or funding. Replacement of a system that initially cost 5mil to install and configure in 2009 is gonna cost 2x that at least to replace.

[–] [email protected] 4 points 5 months ago* (last edited 5 months ago) (1 children)

I've seen corporate networking equipment (Cisco) released in the early 2010s whose admin console uses ActiveX controls and only runs on IE. I think by then it was pretty clear that this was not the technology of the future. But even a big company like Cisco was still doing this.

[–] best_username_ever 5 points 5 months ago

This is why the tech world infuriates me. Back in the 2000s I already knew that ActiveX was a proprietary piece of shit, yet companies still spent millions using it because, fuck it, the slaves will spend all their deadlines switching to a new technology, instead of using their brains and writing cross-platform applications in neutral languages. Sorry for the rant but I've seen this way too many times. They burn money because they can and they don't care.