Ars Technica: Ex-YouTube engineer reveals how video site worked to kill off Internet Explorer 6

Ars Technica: Ex-YouTube engineer reveals how video site worked to kill off Internet Explorer 6. “Though YouTube had been under Google’s ownership for about three years, YouTube’s engineers were suspicious and wary of being integrated into Google’s corporate machine. They had their own special set of permissions named ‘OldTuber,’ and anyone with OldTuber permissions could freely modify the YouTube site without going through Google’s usual change management process of code reviews, testing, adherence to coding standards, and so on. It was cowboy territory, where developers could do as they liked. Only the risk of breaking things—and hence losing OldTuber permissions, if not their job—kept them on the straight and narrow. The OldTubers decided that they’d show a banner to Internet Explorer 6 users.”

BetaNews: Micropatch now available for Internet Explorer security hole

BetaNews: Micropatch now available for Internet Explorer security hole. “Through its 0patch platform, ACROS Security is making the micropatch available to Windows users who are concerned about the security of Internet Explorer. While there are likely to be concerns voiced about installing a security patch from a third party, there are two things to consider here.”

Digital Trends: Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Digital Trends: Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs. “There were already a number of reasons to not use Internet Explorer. But if you needed another one, here it is. According to ZDNet, a security researcher named John Page has published evidence of an Internet Explorer zero-day exploit that renders Windows PCs vulnerable to having their files stolen by hackers.”

Ars Technica: Microsoft patches zero-day vulnerabilities in IE and Exchange

Ars Technica: Microsoft patches zero-day vulnerabilities in IE and Exchange. “Microsoft’s Patch Tuesday this month had higher-than-usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploit and an Exchange Server flaw that was disclosed last month with proof-of-concept code.”

ZDNet: Microsoft releases security update for new IE zero-day

ZDNet: Microsoft releases security update for new IE zero-day. “Microsoft has released an out-of-band security update today, December 19, for an Internet Explorer vulnerability that is currently being abused in the wild. The OS maker credited Clement Lecigne of Google’s Threat Analysis Group with discovering and reporting the IE zero-day.”

Ars Technica: Internet Explorer bug leaks whatever you type in the address bar

Ars Technica: Internet Explorer bug leaks whatever you type in the address bar. “There’s a bug in the latest version of Internet Explorer that leaks the addresses, search terms, or any other text typed into the address bar. The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn’t intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services.”

Google Releases Information About Another Microsoft Security Vulnerability

Google has let the cat out of the bag about another Windows vulnerability.. “Google’s Project Zero research team has actively been detecting vulnerabilities in Microsoft’s software products for quite some time…. Just a few days ago, it disclosed yet another vulnerability in Windows, however, this time after its standard 90-day deadline had passed. Now, the company has revealed yet another weakness in Microsoft’s software products, and this time, the flaw pertains to Edge and Internet Explorer, which means that it does not only impact Windows 10 but other iterations of the operating system as well.”