OT: IE flawed? NO!, you don't say, important security info Options

[tat2dphreak]

http://www.internetnews.com/security/artic...cle.php/3374931

I switched over to firefox and changed all my passwords... damn M$ !!!

[ArtechnikA]

i switched all the computers behind my firewall to Mozilla 1,7 last Friday...
ArtechnikA.com is NOT running on an IIS server.

[WoMBaT]

Just switched to FireFox 0.9.1..already like it better than IE! Fun themes and tabbed browsing are worth the switch alone...never mind it isn't succeptable to the security breaches like the vole's IE.


-Dan

[dinomium]

Too bad this latest hack is a JAVA flaw. sooooo it is really an infrastructure of the web issue, not just Microsoft...

[Gint]

Too bad this latest hack is a JAVA flaw. sooooo it is really an infrastructure of the web issue, not just Microsoft...

Did I miss something? I don't see any mention of this being a Java flaw.

[Part Pricer]

You didn't miss anything. It's not a Java flaw, it is a security hole in IE. The confusion is that some unscrupulous individual(s) used JavaScript (not Java) as part of their exploit to compromise IE.

[Gint]

And apparently, it's JavaScript running on an IIS server that exploits and infects users visiting the site with IE. So while it may be JavaScript code, it specifically exploits IIS (MS product) and IE (MS product).

Did I get all of this straight? Lotta techie reading for Friday evening.

[SirAndy]

Did I get all of this straight? Lotta techie reading for Friday eveining.

no.

it's not JavaScript running on a IIS server, that would be server side javascript, which is different (IMG:style_emoticons/default/wink.gif)

this needs to hack into a server first, then alter your web-pages to include a additional JavaScript footer that automatically downloads a executeable from a server in russia which in turn is executed (and installed) by your local IE ...

this program then scans your machine and every time you type in a username and password on a webpage (think online-banking) it'll record your login and send it back to the server in russia ...

all of that without you even knowing.
pretty clever, eh?
(IMG:style_emoticons/default/wink.gif) Andy

[Gint]

This is what I read (seems to support what you're saying Andy):

http://www.internetnews.com/security/artic...cle.php/3373581

"The attacker uploaded a small file with JavaScript to infected Web sites, and altered the web server configuration to append the script to all files served by the web server," the center alert warned.

If a user visited an infected site, the JavaScript delivered by the site would instruct the user's browser to download an executable from a Russian Web site and install it, the alert added.  

"These Trojan horse programs include keystroke loggers, proxy servers and other back doors providing full access to the infected system."

The center believes the attack is the work of a sophisticated international spam ring.

[morgan]

I run a Mac dont know these things!!!! (IMG:style_emoticons/default/confused24.gif)

[SirAndy]

I run a Mac dont know these things!!!! (IMG:style_emoticons/default/confused24.gif)

owning a MAC does not automatically protect you from viruses etc. in general.
in fact, one of the first computer viruses ever was for the AppleII !!!

the kids focus more on the PC simply because it's the much more common platform which means more exposure for their creative ventures into exploitive computer programming ...

(IMG:style_emoticons/default/wink.gif) Andy

[Andyrew]

the kids focus more on the PC simply because it's the much more common platform which means more exposure for their creative ventures into exploitive computer programming ...

You know what, they should all focus on macs, because then we could get rid of all those worthless pieces of junk...

Hmm I think I'll write a virous! It will require you to save everything on floppy or cd, and then it will erase your hard drive and magnetically swipe the pc's motherboard! MUAHAHAHAHAHAHAHAHHAHAHAHHAHAH

wait, why are there red lights outside?

(IMG:style_emoticons/default/wink.gif) (jk of course..)

[skline]

Why do you think Macs are a POS? I have one I use in the house for graphics and video, the thing is awesome. Its a no worry machine, it always runs. If I had to rely on Macs to make my living, I would be broke. I would never get service calls. The PC's however, make me some pretty good money. Pays for my car.

[Andyrew]

Well, Macs take the fun out of a pc.. A pc you can get inside of.. Macs.. well. Lets just put it this way.. I had to take a test to show that I was efficient in computers so I wouldnt have to take a class. They had macs, and.. I had no stinkin clue. I Tried to look in the hard drive.. couldnt find the darn thing.. I had no clue how to select something with one stinkin mouse button.. I just hated it.

I hate the layout.. just how they run basically.

Andrew

[SirAndy]

A pc you can get inside of..

that much i agree with. i actually did some machine language programming on the mac way back when, hacking my way through the OS (without ANY documentation) ...
the PC is a much better platform for developers and geeks like me because it is much more *transparent* ...

having said that, i have worked with macs for years in the graphics industry (started with photoshop 1.0 on a MAC II) did a lot of pre-press work. the mac was the shit for that kind of stuff back then.

then, i got into game development. PC's rule. i can still whip out a little assembly exe with the command line assembler (called DEBUG, still comes with each windows) in a few minutes. nothing like talking the CPU's language!

oh, i also used to program device drivers in machine language for unix systems.
and did i mention i redid the complete OS for the C64, shrunk it into half and used the free space for a ROM based compiler/decompiler? burned the thing on a ROM and used it to hack games.

fun times. bottomline, i like working with computers. ANY computer.
they all have their place and use ...
(IMG:style_emoticons/default/smile.gif) Andy

[morgan]

I have both, just like the Mac because there is no MS
John

[Rusty]

Geez... I had no idea that Mozilla was Netscrape in disguise. Get this piece of crap off my system!!! ARRGGGGGGH!! (IMG:style_emoticons/default/mad.gif)

-Rusty (IMG:style_emoticons/default/smoke.gif)

[Part Pricer]

I know that I recommended that you look at using a different browser than IE. Now, to show you that you are never safe and must always be vigilant.

A popular browser for Windows is subject to a security hole that creates a means for hackers to run malicious code on vulnerable machines. But this time, the vulnerability involves Mozilla and Firefox browsers - not Internet Explorer.

Security researchers have discovered that users could be attacked by hackers using a bug in how Mozilla and Firefox handle the "shell:" function in windows. The function enables websites to invoke various programs associated with specific extensions. But flaws in Mozilla's implementation create a way for a skilled hacker to execute arbitrary code on vulnerable Windows machines. Information on the bug was posted onto a full disclosure security mailing list earlier this week.

The flaw affects Mozilla and Firefox on Windows XP or Windows 2000 only.

The Mozilla Foundation yesterday issued a patch that resolves the flaw by disabling the use of the shell: external protocol handler. Alternatively users are advised are advised to update their systems to the latest version of Mozilla (1.7.1), Firefox (0.9.2). Users of Thunderbird, Mozilla's next generation e-mail client, also need to upgrade to version 0.7.2 of the software. Firefox is a preview of Mozilla's next generation browser. Thunderbird is Mozilla's email client.

Security firm Secunia rates the problem as "moderately critical". So it’s less serious than still unresolved issues bedevilling IE but still unwelcome to Windows users defecting from IE for security reasons. Secunia notes that multiple exploits in Internet Explorer also utilise "shell:" functionality. "The shell: URI handler is inherently insecure and should only be accessed from a few trusted sites - or not from a browser at all," it says.

Here is the link to the update instructions and the downloads:
http://mozilla.org/security/shell.html

[cnavarro]

My Macintosh 128k (circa 1985) got a trojan horse that wiped out the motherboard on early models and the only resolution was to buy a new motherboard. If i'm not mistaken, that was one of the first viruses, eons before the thought had even occurred to have a virus scanner.

Charles Navarro
LN Engineering
http://www.LNengineering.com
Aircooled Precision Performance

[newdeal2]

If I have anti virus how important is adding a firewall?

Peter