Home  |  Forums  |  914 Info  |  Blogs
 
914World.com - The fastest growing online 914 community!
 
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG. This site is not affiliated with Porsche in any way.
Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners.
 

Welcome Guest ( Log In | Register )

> OT: IE flawed? NO!, you don't say, important security info
tat2dphreak
post Jul 2 2004, 09:49 AM
Post #1


stoya, stoya, stoya
*****

Group: Benefactors
Posts: 8,797
Joined: 6-June 03
From: Wylie, TX
Member No.: 792
Region Association: Southwest Region



http://www.internetnews.com/security/artic...cle.php/3374931

I switched over to firefox and changed all my passwords... damn M$ !!!
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
2 Pages V  1 2 >  
Reply to this topicStart new topic
Replies(1 - 19)
ArtechnikA
post Jul 2 2004, 09:55 AM
Post #2


rich herzog
*****

Group: Members
Posts: 7,390
Joined: 4-April 03
From: Salted Roads, PA
Member No.: 513
Region Association: None



i switched all the computers behind my firewall to Mozilla 1,7 last Friday...
ArtechnikA.com is NOT running on an IIS server.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
WoMBaT
post Jul 2 2004, 12:51 PM
Post #3


Member
**

Group: Members
Posts: 69
Joined: 29-June 04
From: Fort Riley, Kansas
Member No.: 2,272



Just switched to FireFox 0.9.1..already like it better than IE! Fun themes and tabbed browsing are worth the switch alone...never mind it isn't succeptable to the security breaches like the vole's IE.


-Dan
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
dinomium
post Jul 2 2004, 12:56 PM
Post #4


Git on a chair son, all the good stuff is goin over yer head!
****

Group: Benefactors
Posts: 2,777
Joined: 2-January 03
From: Bremerton, WA
Member No.: 74
Region Association: Pacific Northwest



Too bad this latest hack is a JAVA flaw. sooooo it is really an infrastructure of the web issue, not just Microsoft...
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Gint
post Jul 2 2004, 04:36 PM
Post #5


Mike Ginter
***************

Group: Admin
Posts: 16,095
Joined: 26-December 02
From: Denver CO.
Member No.: 20
Region Association: Rocky Mountains



QUOTE
Too bad this latest hack is a JAVA flaw. sooooo it is really an infrastructure of the web issue, not just Microsoft...


Did I miss something? I don't see any mention of this being a Java flaw.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Part Pricer
post Jul 2 2004, 04:53 PM
Post #6


Believe everything I post
***

Group: Benefactors
Posts: 1,825
Joined: 28-December 02
From: Danbury, CT
Member No.: 35



You didn't miss anything. It's not a Java flaw, it is a security hole in IE. The confusion is that some unscrupulous individual(s) used JavaScript (not Java) as part of their exploit to compromise IE.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Gint
post Jul 2 2004, 04:58 PM
Post #7


Mike Ginter
***************

Group: Admin
Posts: 16,095
Joined: 26-December 02
From: Denver CO.
Member No.: 20
Region Association: Rocky Mountains



And apparently, it's JavaScript running on an IIS server that exploits and infects users visiting the site with IE. So while it may be JavaScript code, it specifically exploits IIS (MS product) and IE (MS product).

Did I get all of this straight? Lotta techie reading for Friday evening.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
SirAndy
post Jul 2 2004, 05:04 PM
Post #8


Resident German
*************************

Group: Admin
Posts: 41,945
Joined: 21-January 03
From: Oakland, Kalifornia
Member No.: 179
Region Association: Northern California



QUOTE(Gint @ Jul 2 2004, 03:58 PM)
Did I get all of this straight? Lotta techie reading for Friday eveining.

no.

it's not JavaScript running on a IIS server, that would be server side javascript, which is different (IMG:style_emoticons/default/wink.gif)

this needs to hack into a server first, then alter your web-pages to include a additional JavaScript footer that automatically downloads a executeable from a server in russia which in turn is executed (and installed) by your local IE ...

this program then scans your machine and every time you type in a username and password on a webpage (think online-banking) it'll record your login and send it back to the server in russia ...

all of that without you even knowing.
pretty clever, eh?
(IMG:style_emoticons/default/wink.gif) Andy
User is online!Profile CardPM
Go to the top of the page
+Quote Post
Gint
post Jul 2 2004, 06:00 PM
Post #9


Mike Ginter
***************

Group: Admin
Posts: 16,095
Joined: 26-December 02
From: Denver CO.
Member No.: 20
Region Association: Rocky Mountains



This is what I read (seems to support what you're saying Andy):

QUOTE

http://www.internetnews.com/security/artic...cle.php/3373581

"The attacker uploaded a small file with JavaScript to infected Web sites, and altered the web server configuration to append the script to all files served by the web server," the center alert warned.

If a user visited an infected site, the JavaScript delivered by the site would instruct the user's browser to download an executable from a Russian Web site and install it, the alert added.  

"These Trojan horse programs include keystroke loggers, proxy servers and other back doors providing full access to the infected system."

The center believes the attack is the work of a sophisticated international spam ring.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
morgan
post Jul 2 2004, 07:20 PM
Post #10


Member
**

Group: Members
Posts: 310
Joined: 28-March 03
From: milwaukee WI
Member No.: 488



I run a Mac dont know these things!!!! (IMG:style_emoticons/default/confused24.gif)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
SirAndy
post Jul 2 2004, 08:12 PM
Post #11


Resident German
*************************

Group: Admin
Posts: 41,945
Joined: 21-January 03
From: Oakland, Kalifornia
Member No.: 179
Region Association: Northern California



QUOTE(morgan @ Jul 2 2004, 06:20 PM)
I run a Mac dont know these things!!!! (IMG:style_emoticons/default/confused24.gif)

owning a MAC does not automatically protect you from viruses etc. in general.
in fact, one of the first computer viruses ever was for the AppleII !!!

the kids focus more on the PC simply because it's the much more common platform which means more exposure for their creative ventures into exploitive computer programming ...

(IMG:style_emoticons/default/wink.gif) Andy
User is online!Profile CardPM
Go to the top of the page
+Quote Post
Andyrew
post Jul 2 2004, 10:45 PM
Post #12


Spooling.... Please wait
**********

Group: Members
Posts: 13,377
Joined: 20-January 03
From: Riverbank, Ca
Member No.: 172
Region Association: Northern California



QUOTE
the kids focus more on the PC simply because it's the much more common platform which means more exposure for their creative ventures into exploitive computer programming ...


You know what, they should all focus on macs, because then we could get rid of all those worthless pieces of junk...

Hmm I think I'll write a virous! It will require you to save everything on floppy or cd, and then it will erase your hard drive and magnetically swipe the pc's motherboard! MUAHAHAHAHAHAHAHAHHAHAHAHHAHAH

wait, why are there red lights outside?

(IMG:style_emoticons/default/wink.gif) (jk of course..)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
skline
post Jul 2 2004, 10:53 PM
Post #13


Born to Drive
*****

Group: Members
Posts: 7,910
Joined: 26-December 02
From: Costa Mesa, CA
Member No.: 17
Region Association: Southern California



Why do you think Macs are a POS? I have one I use in the house for graphics and video, the thing is awesome. Its a no worry machine, it always runs. If I had to rely on Macs to make my living, I would be broke. I would never get service calls. The PC's however, make me some pretty good money. Pays for my car.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Andyrew
post Jul 2 2004, 10:58 PM
Post #14


Spooling.... Please wait
**********

Group: Members
Posts: 13,377
Joined: 20-January 03
From: Riverbank, Ca
Member No.: 172
Region Association: Northern California



Well, Macs take the fun out of a pc.. A pc you can get inside of.. Macs.. well. Lets just put it this way.. I had to take a test to show that I was efficient in computers so I wouldnt have to take a class. They had macs, and.. I had no stinkin clue. I Tried to look in the hard drive.. couldnt find the darn thing.. I had no clue how to select something with one stinkin mouse button.. I just hated it.

I hate the layout.. just how they run basically.

Andrew
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
SirAndy
post Jul 2 2004, 11:25 PM
Post #15


Resident German
*************************

Group: Admin
Posts: 41,945
Joined: 21-January 03
From: Oakland, Kalifornia
Member No.: 179
Region Association: Northern California



QUOTE(Andyrew @ Jul 2 2004, 09:58 PM)
A pc you can get inside of..

that much i agree with. i actually did some machine language programming on the mac way back when, hacking my way through the OS (without ANY documentation) ...
the PC is a much better platform for developers and geeks like me because it is much more *transparent* ...

having said that, i have worked with macs for years in the graphics industry (started with photoshop 1.0 on a MAC II) did a lot of pre-press work. the mac was the shit for that kind of stuff back then.

then, i got into game development. PC's rule. i can still whip out a little assembly exe with the command line assembler (called DEBUG, still comes with each windows) in a few minutes. nothing like talking the CPU's language!

oh, i also used to program device drivers in machine language for unix systems.
and did i mention i redid the complete OS for the C64, shrunk it into half and used the free space for a ROM based compiler/decompiler? burned the thing on a ROM and used it to hack games.

fun times. bottomline, i like working with computers. ANY computer.
they all have their place and use ...
(IMG:style_emoticons/default/smile.gif) Andy
User is online!Profile CardPM
Go to the top of the page
+Quote Post
morgan
post Jul 3 2004, 09:17 AM
Post #16


Member
**

Group: Members
Posts: 310
Joined: 28-March 03
From: milwaukee WI
Member No.: 488



I have both, just like the Mac because there is no MS
John
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Rusty
post Jul 4 2004, 04:21 AM
Post #17


Wanted: Engine case GA003709
*****

Group: Admin
Posts: 7,952
Joined: 24-December 02
From: North Alabama
Member No.: 6
Region Association: Galt's Gulch



Geez... I had no idea that Mozilla was Netscrape in disguise. Get this piece of crap off my system!!! ARRGGGGGGH!! (IMG:style_emoticons/default/mad.gif)

-Rusty (IMG:style_emoticons/default/smoke.gif)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Part Pricer
post Jul 9 2004, 06:28 AM
Post #18


Believe everything I post
***

Group: Benefactors
Posts: 1,825
Joined: 28-December 02
From: Danbury, CT
Member No.: 35



I know that I recommended that you look at using a different browser than IE. Now, to show you that you are never safe and must always be vigilant.
QUOTE
A popular browser for Windows is subject to a security hole that creates a means for hackers to run malicious code on vulnerable machines. But this time, the vulnerability involves Mozilla and Firefox browsers - not Internet Explorer.

Security researchers have discovered that users could be attacked by hackers using a bug in how Mozilla and Firefox handle the "shell:" function in windows. The function enables websites to invoke various programs associated with specific extensions. But flaws in Mozilla's implementation create a way for a skilled hacker to execute arbitrary code on vulnerable Windows machines. Information on the bug was posted onto a full disclosure security mailing list earlier this week.

The flaw affects Mozilla and Firefox on Windows XP or Windows 2000 only.

The Mozilla Foundation yesterday issued a patch that resolves the flaw by disabling the use of the shell: external protocol handler. Alternatively users are advised are advised to update their systems to the latest version of Mozilla (1.7.1), Firefox (0.9.2). Users of Thunderbird, Mozilla's next generation e-mail client, also need to upgrade to version 0.7.2 of the software. Firefox is a preview of Mozilla's next generation browser. Thunderbird is Mozilla's email client.

Security firm Secunia rates the problem as "moderately critical". So it’s less serious than still unresolved issues bedevilling IE but still unwelcome to Windows users defecting from IE for security reasons. Secunia notes that multiple exploits in Internet Explorer also utilise "shell:" functionality. "The shell: URI handler is inherently insecure and should only be accessed from a few trusted sites - or not from a browser at all," it says.

Here is the link to the update instructions and the downloads:
http://mozilla.org/security/shell.html
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
cnavarro
post Jul 9 2004, 07:14 AM
Post #19


Cylinder Guru
**

Group: Members
Posts: 472
Joined: 30-December 02
From: Chicagoland!
Member No.: 49
Region Association: None



My Macintosh 128k (circa 1985) got a trojan horse that wiped out the motherboard on early models and the only resolution was to buy a new motherboard. If i'm not mistaken, that was one of the first viruses, eons before the thought had even occurred to have a virus scanner.

Charles Navarro
LN Engineering
http://www.LNengineering.com
Aircooled Precision Performance
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
newdeal2
post Jul 9 2004, 07:20 AM
Post #20


Unregistered









If I have anti virus how important is adding a firewall?

Peter
Go to the top of the page
+Quote Post

2 Pages V  1 2 >
Reply to this topicStart new topic
5 User(s) are reading this topic (5 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 26th December 2024 - 09:47 PM