Hi FwF,
Listened to this interesting podcast, well the first half of it (do not have a Win 2*** machine, so that is why).
A few notes on the side 'though. Well all this because the enormous complexity of the Internet as a super-machine is growing way over our security-heads, really.
In the Netherlands now a big bank does not accept users of Win 98SE or ME as customers to their internet banking, because of their obsolete OS and old browsers are unsafe(r). For this explot they are actually secure (IE before 5.0). Use something that is not used by the mainstream user, and you are reasonably "more secure" than Mr.Average or Mrs. Average are.
This is frightening news to realize, there is a dll functionality out there that cannot be patched for a month or more (hopefully an early patch is out, and the main stream user does not un-register the dll I am sure, so thanks to ultra-new technology the Internet community is set at risk on a grand scale.
Does in-browser security protect you in any sense here, so you are warned not to go to these 20 odd sites (or all that I-frame link to them) through SiteAdvisor, GeoTrust, DrWeb anti-virus link checker???
Can you search through
www.scandoo.com and still be infected with this graphical vector script independent malware infectors just to raise money for the malware artists and cybercriminals at an investment of a lousy 20 bucks.
Waiting for the patch from M$ to come, certainly is not the way to stop this. Better be if Microsoft could feel the liability for putting the users at risk through their software with buggy code where it hurts most in their big purses . There are a lot of people that say, if this was to happen, they would have a better urge to make their code safer (link on this standpoint here:
http://www.cio.com/blog_view.html?CID=24948 ).
Other info on this bug:
http://www.kb.cert.org/vuls/id/416092polonus