• Welcome to Valhalla Legends Archive.
 

Fully Patched IE Users At Risk

Started by hismajesty, June 13, 2004, 08:17 AM

Previous topic - Next topic

iago

Quote from: Stealth on June 28, 2004, 04:33 PM
There's a Gestures plugin for Mozilla/Firefox as well.

That would be handy, but I still like Opera.  *shrug*
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


j0k3r

Indeed, I've adjust to Opera, don't even notice the ad bar anymore it blends in with the top. There are some sites that don't support it though, so that sucks.
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

iago

Quote from: j0k3r on June 28, 2004, 06:19 PM
Indeed, I've adjust to Opera, don't even notice the ad bar anymore it blends in with the top. There are some sites that don't support it though, so that sucks.

But that's the site's fault :)

There was one site that said "Could not identify your browser blahblahblah", but I just told it to emulate MSIE 6, and it worked fine.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


j0k3r

My Opera is set to simulate IE, however on sites such as bots2.net and gmai.coml it doesn't work, it's not that big of a concern though.
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

iago

#34
More info on the recent attacks: http://tms.symantec.com/documents/040624-Alert-CompromisedIISServerReports.pdf

<edit>
Also http://www.securityfocus.com/news/9004
The comment "Gates lies" is the first thing I thought of when I read this:
QuoteGates Lies
by Daniel Convissor
Jun 29 2004 5:49AM

"the average time to fix on an operating system other than Windows is typically ninety to a hundred days,"

I'd love to know exactly what that absurd statistic means and where it came from. Did it come from the fake "think tanks" MS funds?

All of the major open source OS's I know are very prompt about issuing updates for security vulnerabilities.

"Today we have that down to less than forty-eight hours." Aw, cut it out. As has been mentioned here, there are tons of holes in MS software that haven't been patched. Let alone, the patches are issued once per month.

<edit2> Another reference: http://www.securityfocus.com/news/8983
Quote"Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the U.S. Computer Emergency Readiness Team warned in an Internet alert.
So even trusted sites may spread it to you -- that's scary.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


iago

http://www.securityfocus.com/news/9054

To summarize -- the patch they released did nothing, you should disable active scripting, or, better yet, get a real browser :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Grok

Quote from: iago on June 29, 2004, 12:40 PMSo even trusted sites may spread it to you -- that's scary.

You have it backwards.  Do you know what trusted means in this context?  Trusted in the IE context is merely adding a website to a security grouping, granting that grouping's permissions to the website content on your browser.

That a trusted website can spread something to you is not scary -- it is stipulated by your trusting it that it can run higher permissions on your browser.  What should be the scary is when untrusted websites can run higher security actions on your PC.  That's why they are called vulnerabilities and exploits.

iago

Quote from: Grok on July 06, 2004, 08:14 AM
Quote from: iago on June 29, 2004, 12:40 PMSo even trusted sites may spread it to you -- that's scary.

You have it backwards.  Do you know what trusted means in this context?  Trusted in the IE context is merely adding a website to a security grouping, granting that grouping's permissions to the website content on your browser.

That a trusted website can spread something to you is not scary -- it is stipulated by your trusting it that it can run higher permissions on your browser.  What should be the scary is when untrusted websites can run higher security actions on your PC.  That's why they are called vulnerabilities and exploits.

I didn't mean "trusted" as in the browser group, I mean a site that you wouldn't think twice about going to on an unsecured machine.  For example, www.valhallalegends.com, if it was running the insecure software, could have been infected, and I could have taken an unpatched browser there without thinking twice about it, gotten the virus, and had no idea.

That's what I meant was scary.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Banana fanna fo fanna


|