Help - Search - Members - Calendar
Full Version: OT: IE flawed? NO!, you don't say
914World.com > The 914 Forums > 914World Garage
tat2dphreak
http://www.internetnews.com/security/artic...cle.php/3374931

I switched over to firefox and changed all my passwords... damn M$ !!!
ArtechnikA
i switched all the computers behind my firewall to Mozilla 1,7 last Friday...
ArtechnikA.com is NOT running on an IIS server.
WoMBaT
Just switched to FireFox 0.9.1..already like it better than IE! Fun themes and tabbed browsing are worth the switch alone...never mind it isn't succeptable to the security breaches like the vole's IE.


-Dan
dinomium
Too bad this latest hack is a JAVA flaw. sooooo it is really an infrastructure of the web issue, not just Microsoft...
Gint
QUOTE
Too bad this latest hack is a JAVA flaw. sooooo it is really an infrastructure of the web issue, not just Microsoft...


Did I miss something? I don't see any mention of this being a Java flaw.
Part Pricer
You didn't miss anything. It's not a Java flaw, it is a security hole in IE. The confusion is that some unscrupulous individual(s) used JavaScript (not Java) as part of their exploit to compromise IE.
Gint
And apparently, it's JavaScript running on an IIS server that exploits and infects users visiting the site with IE. So while it may be JavaScript code, it specifically exploits IIS (MS product) and IE (MS product).

Did I get all of this straight? Lotta techie reading for Friday evening.
SirAndy
QUOTE(Gint @ Jul 2 2004, 03:58 PM)
Did I get all of this straight? Lotta techie reading for Friday eveining.

no.

it's not JavaScript running on a IIS server, that would be server side javascript, which is different wink.gif

this needs to hack into a server first, then alter your web-pages to include a additional JavaScript footer that automatically downloads a executeable from a server in russia which in turn is executed (and installed) by your local IE ...

this program then scans your machine and every time you type in a username and password on a webpage (think online-banking) it'll record your login and send it back to the server in russia ...

all of that without you even knowing.
pretty clever, eh?
wink.gif Andy
Gint
This is what I read (seems to support what you're saying Andy):

QUOTE

http://www.internetnews.com/security/artic...cle.php/3373581

"The attacker uploaded a small file with JavaScript to infected Web sites, and altered the web server configuration to append the script to all files served by the web server," the center alert warned.

If a user visited an infected site, the JavaScript delivered by the site would instruct the user's browser to download an executable from a Russian Web site and install it, the alert added.  

"These Trojan horse programs include keystroke loggers, proxy servers and other back doors providing full access to the infected system."

The center believes the attack is the work of a sophisticated international spam ring.
morgan
I run a Mac dont know these things!!!! confused24.gif
SirAndy
QUOTE(morgan @ Jul 2 2004, 06:20 PM)
I run a Mac dont know these things!!!! confused24.gif

owning a MAC does not automatically protect you from viruses etc. in general.
in fact, one of the first computer viruses ever was for the AppleII !!!

the kids focus more on the PC simply because it's the much more common platform which means more exposure for their creative ventures into exploitive computer programming ...

wink.gif Andy
Andyrew
QUOTE
the kids focus more on the PC simply because it's the much more common platform which means more exposure for their creative ventures into exploitive computer programming ...


You know what, they should all focus on macs, because then we could get rid of all those worthless pieces of junk...

Hmm I think I'll write a virous! It will require you to save everything on floppy or cd, and then it will erase your hard drive and magnetically swipe the pc's motherboard! MUAHAHAHAHAHAHAHAHHAHAHAHHAHAH

wait, why are there red lights outside?

wink.gif (jk of course..)
skline
Why do you think Macs are a POS? I have one I use in the house for graphics and video, the thing is awesome. Its a no worry machine, it always runs. If I had to rely on Macs to make my living, I would be broke. I would never get service calls. The PC's however, make me some pretty good money. Pays for my car.
Andyrew
Well, Macs take the fun out of a pc.. A pc you can get inside of.. Macs.. well. Lets just put it this way.. I had to take a test to show that I was efficient in computers so I wouldnt have to take a class. They had macs, and.. I had no stinkin clue. I Tried to look in the hard drive.. couldnt find the darn thing.. I had no clue how to select something with one stinkin mouse button.. I just hated it.

I hate the layout.. just how they run basically.

Andrew
SirAndy
QUOTE(Andyrew @ Jul 2 2004, 09:58 PM)
A pc you can get inside of..

that much i agree with. i actually did some machine language programming on the mac way back when, hacking my way through the OS (without ANY documentation) ...
the PC is a much better platform for developers and geeks like me because it is much more *transparent* ...

having said that, i have worked with macs for years in the graphics industry (started with photoshop 1.0 on a MAC II) did a lot of pre-press work. the mac was the shit for that kind of stuff back then.

then, i got into game development. PC's rule. i can still whip out a little assembly exe with the command line assembler (called DEBUG, still comes with each windows) in a few minutes. nothing like talking the CPU's language!

oh, i also used to program device drivers in machine language for unix systems.
and did i mention i redid the complete OS for the C64, shrunk it into half and used the free space for a ROM based compiler/decompiler? burned the thing on a ROM and used it to hack games.

fun times. bottomline, i like working with computers. ANY computer.
they all have their place and use ...
smile.gif Andy
morgan
I have both, just like the Mac because there is no MS
John
Rusty
Geez... I had no idea that Mozilla was Netscrape in disguise. Get this piece of crap off my system!!! ARRGGGGGGH!! mad.gif

-Rusty smoke.gif
Part Pricer
I know that I recommended that you look at using a different browser than IE. Now, to show you that you are never safe and must always be vigilant.
QUOTE
A popular browser for Windows is subject to a security hole that creates a means for hackers to run malicious code on vulnerable machines. But this time, the vulnerability involves Mozilla and Firefox browsers - not Internet Explorer.

Security researchers have discovered that users could be attacked by hackers using a bug in how Mozilla and Firefox handle the "shell:" function in windows. The function enables websites to invoke various programs associated with specific extensions. But flaws in Mozilla's implementation create a way for a skilled hacker to execute arbitrary code on vulnerable Windows machines. Information on the bug was posted onto a full disclosure security mailing list earlier this week.

The flaw affects Mozilla and Firefox on Windows XP or Windows 2000 only.

The Mozilla Foundation yesterday issued a patch that resolves the flaw by disabling the use of the shell: external protocol handler. Alternatively users are advised are advised to update their systems to the latest version of Mozilla (1.7.1), Firefox (0.9.2). Users of Thunderbird, Mozilla's next generation e-mail client, also need to upgrade to version 0.7.2 of the software. Firefox is a preview of Mozilla's next generation browser. Thunderbird is Mozilla's email client.

Security firm Secunia rates the problem as "moderately critical". So it’s less serious than still unresolved issues bedevilling IE but still unwelcome to Windows users defecting from IE for security reasons. Secunia notes that multiple exploits in Internet Explorer also utilise "shell:" functionality. "The shell: URI handler is inherently insecure and should only be accessed from a few trusted sites - or not from a browser at all," it says.

Here is the link to the update instructions and the downloads:
http://mozilla.org/security/shell.html
cnavarro
My Macintosh 128k (circa 1985) got a trojan horse that wiped out the motherboard on early models and the only resolution was to buy a new motherboard. If i'm not mistaken, that was one of the first viruses, eons before the thought had even occurred to have a virus scanner.

Charles Navarro
LN Engineering
http://www.LNengineering.com
Aircooled Precision Performance
newdeal2
If I have anti virus how important is adding a firewall?

Peter
Powaqqatsi
Thank god I own a Mac. I would not even consider a Windows PC anymore. We have one, but I never use it, it's my dad's and he's constantly whining about viruses and stuff like that. Things are starting to get worse every day with Windows. By the way MacOS X is an excellent developer platform and there is not 1 known virus for MacOS X beerchug.gif
Part Pricer
QUOTE(newdeal2 @ Jul 9 2004, 08:20 AM)
If I have anti virus how important is adding a firewall?

Peter


IMHO, it is very important.

The techniques that malware authors use are getting more sophisticated each day. A lot of the new variants have the capability of installing themselves by performing a "drive by". It used to be that the user had to initiate the installation of some malicious code by either opening an email, downloading some software or visiting a site. That is the case no longer. Now, if your computer is merely present on the Internet (and unprotected) you are vulnerable.

Here in my office, I practice "belt and suspenders" protection. I have a hardware firewall and each PC is running Kerio.
SirAndy
QUOTE(Paul Heery @ Jul 9 2004, 07:08 AM)
I practice "belt and suspenders" protection.

agree.gif

for a home PC (and i include MACs in here as well) you should have a hardware firewall (you can get that with any brand name Cable/DSL router these days).

block ALL and ANY incoming ports.

there's no need for a single port to be open unless you're running your own webserver or email server, in which case it wouldn't be a home pc anymore ....
wink.gif Andy
Toast
I love reading about all this technical computer mumbo jumbo. blink.gif girlboing.gif
(sad thing is I actualy understand most of this stuff wacko.gif )
givemebeer.gif
anthony
If you have a PC it's best to do as much as you can so you're not hassled by an infected machine. In my opinion you need:

Anti Virus software (updated regularly)
Windows patches updated (Automatic Updates control panel)
Anti Spyware software (Adaware, Spy Sweeper, etc)
Firewall (hardware or software)

As Andy said a DSL/Cable modem router will shield you from a lot of stuff. It does NAT (network address translation). It basically blocks random packets from entering the network where your computer is located.

FWIW, if your AV software has expired or something and you've been putting off updating it, there is decent free AV software out there:

http://www.grisoft.com/us/us_index.php

You can do everything else for free or almost free so there's no reason not to do everything. I've even seen routers for as low as $25.
tat2dphreak
QUOTE(anthony @ Jul 9 2004, 12:10 PM)
If you have a PC it's best to do as much as you can so you're not hassled by an infected machine. In my opinion you need:

Anti Virus software (updated regularly)
Windows patches updated (Automatic Updates control panel)
Anti Spyware software (Adaware, Spy Sweeper, etc)
Firewall (hardware or software)

As Andy said a DSL/Cable modem router will shield you from a lot of stuff. It does NAT (network address translation). It basically blocks random packets from entering the network where your computer is located.

FWIW, if your AV software has expired or something and you've been putting off updating it, there is decent free AV software out there:

http://www.grisoft.com/us/us_index.php

You can do everything else for free or almost free so there's no reason not to do everything. I've even seen routers for as low as $25.

agree.gif

I have a hardware firewall, a software firewall(sygate), AV, 2 anti-spyware softwares, an anti-trojan. etc... not that I'm paranoid or anything smile.gif
fiid
mmmmmmm. Macintosh.

OSX has a firewall built in. And it doesn't have wide open scripting capabilities.

I haven't look back since I switched. Much better for development having a real unix machine under the hood.
fiid
QUOTE(SirAndy @ Jul 2 2004, 06:12 PM)
QUOTE(morgan @ Jul 2 2004, 06:20 PM)
I run a Mac dont know these things!!!! confused24.gif

owning a MAC does not automatically protect you from viruses etc. in general.
in fact, one of the first computer viruses ever was for the AppleII !!!

the kids focus more on the PC simply because it's the much more common platform which means more exposure for their creative ventures into exploitive computer programming ...

wink.gif Andy

The main problem with the PC is Visual Basic. It runs in outlook, web pages, etc etc, and has access to all kinds of sensitive information. There is no security model under the hood.

Most other machines suffer from the odd buffer-overrun or root exploit, yes, but nowhere near the volume that microsoft has created. It is worse, and not only because it is the most prevalent, it's also because it's the worst implemented.
ArtechnikA
QUOTE(fiid @ Jul 9 2004, 05:04 PM)
...Much better for development having a real unix machine under the hood.

better for developing -what- ?

we make and sell Windows apps.
we have a niche product; deploying a niche product on a niche platform is a quick path to failure.

i understand Macs are great at what they're good for. i remain unconvinced that they are the optimal development platform for realtime Windows applications in C++.
fiid
Well- for windows apps, clearly windows would be better. My bad - I should have been more specific.

I do mostly server side Java development for deployment on unix servers. I use the same codebase on several linux boxes and my mac with no problem. All the stuff I run on linux will compile on the mac anyway, and all the build tools run correctly.

If I was developing apps for windows, and I didn't need stuff like access to the sound system or 3D card, I would probably stick to Java development on the mac, with extensive QA on windows.

So - I agree with you whole heartedly, although depending on your definition of real-time - I may question the sanity on running that on Windows. The Blue Screen of Death is many things, but real time, it is not. :-)
ArtechnikA
QUOTE(fiid @ Jul 9 2004, 05:22 PM)
So - I agree with you whole heartedly, although depending on your definition of real-time - I may question the sanity on running that on Windows. The Blue Screen of Death is many things, but real time, it is not. :-)

no - i've done hard deterministic realtime apps (flight simulators...) but in this case, all we really need is timing to millisecond accuracy. we can pretty much grab all the resources of the machine necessary to achieve this - it's a dedicated machine and application at that point.

you develop applications for the platforms your customers have, or will buy. our application runs just fine on a $200 Ebay Win-98 laptop - and as we do vehicle diagnostics, portable hardware is a big plus...
fiid
Cool beans. What does the app do?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2024 Invision Power Services, Inc.