Last week we learned of an exploit in IE6 that allows the attacker to take control of your computer simply by having you browse to a web page and get IE to execute a bit of Javascript. Microsoft urged people to upgraded to IE8 ASAP. Well it looks like IE8 is vulnerable as well. Here are the gritty details.
Microsoft won’t have a patch ready until next week at the earliest. So for at least a few days your computer is seriously vulnerable if you’re browsing the internet with IE.
But there are temporary solutions. One is to enable Data Execution Prevent (DEP) in Vista/Windows 7 for IE. You need to do this manually, but it might save you. Except it might not, as some French researches (see first article I link to) claim to have a workaround to make the exploit work while DEP is enabled.
The only other solution? Disable Javascript in IE.
And the threat is serious enough that people (read IT admins on behalf of those under their care) may resort to this very solution.
Which means any and ever web site that employs Javascript as a key means to access content and navigate the web site will become empty pits of nothing. The sites won’t work, the users won’t be able to access them, and business it lost on both sides of the equation.
However, had one designed their web site in such a way as to NOT rely on Javascript for presenting/serving content to the user, one would not be in the business of losing business every time a new Javascript exploit comes out.
So use Flash, you say.
Well, Adobe has scripting problems of its own. In fact Adobe is recommending people disable Javascript in Acrobat Reader, just like Microsoft.
Certainly seems like we’re staring at a future where Javascript can not, and should not be relied upon to deliver your web site content.
But if you take me for a cynic, that’s okay, I’ve got some cool news for you. A programmer is implementing Flash using Javascript and SVG. This could mean your future web pages could create their own animations without the need of any third-party plugin like Flash. This is kinda cool!