There has been a recent flaw in IE, that I stumbled across via a DevShed newsletter. Yes, another one, this time from hackers in Russia. A google search turns up this page with a few up-to-date articles about it. Of course, the most prominent is displayed at the top: US Government Slams Microsoft Explorer.

Yes, you read that right. The US Govt, or more specifically CERT ( Computer Emergency Readiness Team ) is cautioning users to use a different browser, ANYTHING at all as long as it isn't IE. Apparently, this latest hole allows hackers to upload a small Javascript file onto an IIS webserver ( again, Microsoft software ) and change the server config to append this Javascript to the end of every page served. This Javascript, in turn, downloads a trojan from a repository off of a Russian site that can log keystrokes, steal identification, etc. Here are some sites for your reading pleasure:

http://www.ecommercetimes.com/story/34868.html
http://www.macworld.co.uk/news/index.cfm?N...age=1&pagePos=5
http://www.nbc11.com/technology/3468874/detail.html
http://www.chron.com/cs/CDA/ssistory.mpl/business/2648149
http://sarc.com/avcenter/venc/data/js.scob.trojan.html <- A Symantec evaluation of the Trojan
http://www.eweek.com/article2/0,1759,1617551,00.asp
http://www.abc.net.au/news/newsitems/200406/s1141082.htm

The last link here is an appeal from a writer at eweek to switch browsers: http://www.eweek.com/article2/0,1759,1617927,00.asp

Thanks again for the heads up, Spear! It just makes me double happy that I've switched away from IE to Firefox (and recently from OE to Thunderbird). After hearing all this about IIS lately I'm going to uninstall it from my machine. I guess that will force me to learn php instead of asp.

Eh, no problem. Just helping get out the word to people who might otherwise never hear of it.

As for PHP, you'll find it rather easy to learn, and the documentation on PHP.net is excellent.

This is just another reason to hate Java Script aswell. My firewall has been catching a few Trojans lately.

If this is a reason to hate Javascript, then the last flaw I pointed out is a GREAT reason to hate XHTML. Heck, while we're at it, why not hate the entire internet. Hate assembly, boot sectors, C++, Visual Basic, Perl, heck, why don't we just kill all computers??? Why not? Oh yeah, because all of the above are just a tool. Just like a knife is a tool, just like a gun is a tool. Do you blame a knife because it cuts off a chef's finger? No, you call 911 and call it an accident. The tool can only do what it is told to do, and is it anyone's fault except for the person who did it? No, I think not. So why not just drop the case of Javascript PW, especially with such a poorly thought-out comment as that.

Sorry, to explode like that PW, but that happens to be one of my pet peeves.

I didn't realize that I was bugging you that much. So from now on I'll post a good reason on why I hate Java Script when I talk about hating Java Script.

Heh, don't worry about it. I should be good for another couple months of "Javascript hating w/o explanations"

I'm going to hold you to that, because a couple means more than two.

Does it really? Alright then, I'll give you four months clearance.