Results 1 to 15 of 15
  1. #1
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Northern, California, USA
    Posts
    1,886
    Thanks
    0
    Thanked 0 Times in 0 Posts

    I.E. Security Holes (ALL)

    Greetings Loungers,

    Just FYI, our anti Microsoft League (aka 'The Backend') has terminated our ability to use Internet Explorer due to a very prominent flaw that is yet to be patched:

    http://zdnet.com.com/2100-1105_2-5247187.html

    They have advised the download and use of an alternative, such as Mozilla 1.7, or Opera, neither of which are afflicted by this nasty hole.

    If anyone becomes aware of patch releases from Microsoft, I'm sure the lounging public would love to know!

    Warmest Regards,
    <IMG SRC=http://www.wopr.com/w3tuserpics/Kel_sig.gif>
    Moderator:<font color=448800> Pix Place, Internet Explorer</font color=448800>
    <small>www.kvisions.com

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: I.E. Security Holes (ALL)

    This is depressing. For those who want to lock down their "My Computer" security zone before, and unlock it after using IE, there is the text for some .REG files in How to strengthen the security settings for the Local Machine zone in Internet Explorer (MSKB 833633). I haven't tried it for myself, but if I get some free time later I might try to convert it into an easier-to-use script. (Oh wait, the unlock script will be blocked. Hmmm...)

    Added: There's more information about this problem in Vulnerability Note VU#713878: Microsoft Internet Explorer does not properly validate source of redirected frame.

  3. #3
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Northern, California, USA
    Posts
    1,886
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    More information on this:

    Pop-up program fetches banking data http://zdnet.com.com/2100-1105_2-5251981.html

    Security Alert: A Trojan horse that installs itself through a pop-up ad can read keystrokes and steal passwords when victims visit any of nearly 50 targeted banking sites--including Citibank, Barclays Bank and Deutsche Bank--security researchers warned yesterday. Microsoft said IE users should raise security settings to high until the company issues a patch. Two other IE flaws, which Microsoft has yet to fix, were used recently in two other hacking schemes, one last week that turned some Web sites into points of digital infection (http://zdnet.com.com/2100-1105_2-5248279.html?tag=nl), and another, earlier in the month, that installed a toolbar on victims' computers that triggered pop-ups. This latest program points to a trend in viruses and Trojan horses: Attackers are increasingly after money.

    READ FULL STORY

    See also: IE flaw may boost rival browsers

    I've begun to use Mozilla 1.7 religiously, it's actually proven to be quite the powerful little browser!

    Hope this helps!
    <IMG SRC=http://www.wopr.com/w3tuserpics/Kel_sig.gif>
    Moderator:<font color=448800> Pix Place, Internet Explorer</font color=448800>
    <small>www.kvisions.com

  4. #4
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    <hr>I've begun to use Mozilla 1.7 religiously<hr>
    Took ya long enough.... <img src=/S/poke.gif border=0 alt=poke width=60 height=17> <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15>
    -Mark

  5. #5
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Northern, California, USA
    Posts
    1,886
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    Yeah, you're telling me..

    The only problem I have found is when tuning into my favorite internet radio station, www.kexp.org. Whilst listening to streaming archives over any point during the past two weeks, the track and artist information does not update. I'm not sure if they're using active-x or what, but it's the only drawback i've seen thus far.

    Even IF they fix I.E., I may never go back , assuming I can work this problem out...
    <IMG SRC=http://www.wopr.com/w3tuserpics/Kel_sig.gif>
    Moderator:<font color=448800> Pix Place, Internet Explorer</font color=448800>
    <small>www.kvisions.com

  6. #6
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    I will never understand why IE is so full of holes, but I can assure you - as a previously dedicated IE user - that I will no longer use it unless absolutely necessary. For all its great strengths, the Mozilla folks have designed and produced a great alternative in Firefox, let alone Mozilla.
    -Mark

  7. #7
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: I.E. Security Holes (ALL)

    Mark,
    ------------------------------------------
    I will never understand why IE is so full of holes
    -------------------------------------------
    Don't you think that the reason "so many" holes are discovered in IE, might be because the vast majority of users DO use it instead of Mozilla or others. Attention is paid to it because it will affect MORE people than if a cracker were trying to break into MozillaFirefox. If it were the other way around, I suspect that there are just as many holes in Mozilla as there may be in IE.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  8. #8
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    ---------------------------------
    I suspect that there are just as many holes in Mozilla as there may be in IE.
    ---------------------------------

    Your suspicions are probably not based on fact.

    As you may have noticed, some of the more recent holes in IE - including one of the (still unpatched) most recent - were not in fact there in earlier versions of IE. Unlike IE, Mozilla/Firefox does not attempt to be a browser and part of the Operating System at the same time. That is why so many of the holes are just not there in the first place.
    Gre

  9. #9
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: I.E. Security Holes (ALL)

    MAYBE so, but I still think they ( crackers ) will aim at the places where there is the biggest impact on the largest number of users. IE, not Mozilla .
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  10. #10
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    There is truth in that statement - the cretins will always target the largest installed base. Even so, Microsoft has made incredibly stupid design decisions and has demonstrated in the past how little they cared about security. ActiveX controls are but one item that have the potential for abuse. Security comes at the price of lost convenience or ease of use, and the cost seems to have been too high.

    Most troubling to me is the fact that IE is a mature product, and there really is no reason that the code could not be tightened up. Mozilla, Opera, and other browser developers are more attentive to the problems in their products and do not exhibit the complacency that leads to so many of these problems. I don't claim any software to be bug free, but some is more prone to problems than others. IE has a long history of problems going back to the 3.x versions.
    -Mark

  11. #11
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Youngstown, Ohio, USA
    Posts
    705
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    Maybe it's wishful thinking on my part, but perhaps this could become the impetus for web page developers to stop using so much 'flashy' components to their pages, allowing them to be viewed properly under higher security settings, as well as putting more effort into making sure their pages work with other, more secure, browsers?

    <img src=/S/ranton.gif border=0 alt=ranton width=66 height=37> I just love going to pages that tell me 'You need Internet Explorer to view this page' -- and then when I do use IE to open the page my security settings prevent the pages from working properly. Am I going to put a page I've never been to before in my 'Trusted' list so I can open it properly? I don't think so!

    We certainly can't expect Micro$oft to fix all our problems, so I think it's high time web page developers took this into consideration and started publishing security-friendly pages. <img src=/S/rantoff.gif border=0 alt=rantoff width=66 height=37>

  12. #12
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    Part of the laziness in web design is understandable. If you know that only a small percentage of visitors may experience problems viewing the site, it can be more difficult to justify the extra testing.

    That said, I agree with you and wish that more cross-platform testing took place. This was a topic that was discussed a great deal when the browser wars were in full swing, and it has come to pass now.
    -Mark

  13. #13
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Northern, California, USA
    Posts
    1,886
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    As a web-designer, I understand how extremely difficult it is to appropriately code for the plethora of system configurations, browers, computer specs, visual settings, etc, etc, etc, etc,... Simply put, it's impossible to be universally compatible. Now, there are some methods that I use to maintain as wide a spectrum of compatibility as possible, but these methods are often blown away by the needs of a client, and their feeling that it should be flashy, catchy, and sell. The client only understands one thing, 3 seconds. You've got 3 seconds for your page to load up and catch the eye of the user. Flash is particularly helpful in this regard, because the files are relatively small and can present graphics in stunning vector quality.

    The lapse though lies more on the methods that browser manufacturers have interpreted the WC3 standards. Each of them has taken different approaches to resolve the translation of page code in their applications, and this is what causes the problem for users and coders alike. Some have done better jobs than others, but each has failings in one area or another. A prominent example of this is the text size attributes in HTML code. They do NOT look the same from browser to browser. That said, the designer has failed if you have to change any of your settings to view a page. I imagine their clients would be very interested to know that... Also realize though that the holy grail of web design, the 'Common Denominator' generally uses Internet Explorer with medium security, has their resolution set to 1024 x 768, uses 56k dialup (although this is changing) , and has a mediocre understanding of web-technology at best.

    As for me, I rather liked I.E. back when it was useable. I was required to have only ONE browser on my machine, not three. (Some sites work in Netscape, but not in Mozilla, some only in Opera..) I was sure that most of the sites I would visit would work, without displaying pesky errors or other virtually useless information. but alas, those days are gone. I've resigned myself though to the fact that because I.E. is the common denominator, that it'll probably never be as secure as we'd like it.... so all I can say at this moment is, "Go Mozilla Plugin Devlopers, Go!"
    <IMG SRC=http://www.wopr.com/w3tuserpics/Kel_sig.gif>
    Moderator:<font color=448800> Pix Place, Internet Explorer</font color=448800>
    <small>www.kvisions.com

  14. #14
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Northern, California, USA
    Posts
    1,886
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    An update is due out soon, which should help to alleviate a major part of the recent concern over the use of I.E.:

    Microsoft: Out-of-Cycle Security Patch Coming

    Keep checking there for updates! I've heard that WinXP's SP2 also alleviates some of the concern, however it is beta, and I wouldn't recommend it if it doesn't have attractive features you might use.

    Hope this helps!
    <IMG SRC=http://www.wopr.com/w3tuserpics/Kel_sig.gif>
    Moderator:<font color=448800> Pix Place, Internet Explorer</font color=448800>
    <small>www.kvisions.com

  15. #15
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Northern, California, USA
    Posts
    1,886
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: I.E. Security Holes (ALL)

    Greetings!

    This morning microsoft has released a set of patches for the most recent Internet Explorer flaws that have been actively exploited by the Ject worm. If you have not done so already, please review MS04-025, and apply these patches. I.E. still has a few known holes, however I will keep you informed of any patches that might be required, I hope this helps!

    Warmest Regards!
    <IMG SRC=http://www.wopr.com/w3tuserpics/Kel_sig.gif>
    Moderator:<font color=448800> Pix Place, Internet Explorer</font color=448800>
    <small>www.kvisions.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •