Attached Link: http://story.news.yahoo.com/news?tmpl=story&cid=75&e=12&u=/nf/20050110/tc_nf/29577

> Security experts are warning of a new and highly critical security flaw in Microsoft Internet Explorer, when running under Windows XP SP2. > > Simply visiting a malicious Web site could leave a user's computer vulnerable to malicious code.

People still using IE should update immediately, and maybe consider switching to a different browser. Try Firefox or Netscape or Opera.

bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis

I use firefox now. Had tooo many problems from Trojans, viruses and what have you with Exploer. My server still uses it with so-called pop-up stoppers. What a laugh. Went online to check my email there and a porn site popped up. I hate that! sometimes my 7 year old granddaughter pops into my room while I'm online. Nothing like that with firefox, thank goodness.

Let me introduce you to my multiple personalities. :)
     BluEcho...Faery_Light...Faery_Souls.

Thanks for the link, Bonni. I sent it to my son who is a die-hard IE user. Can't seem to get him to switch to FF. :(

turn off activex, turn off javascript. do not run any scripts you have not checked line by line first. even with mozilla/firefox/netscape since they are all the same browser.

Quote - (1) HIGH: Mozilla NNTP Protocol Processing Overflow Affected: Mozilla version 1.7.3 and prior Description: Mozilla browser supports NNTP (news) protocol and interprets "news://" URLs. The browser contains a heap-based buffer overflow that can be triggered by an overlong news URL ending in a "" (backslash) character. A malicious webpage or an HTML email may possibly exploit the flaw to execute arbitrary code on the system running the browser. Mozilla developers initially reported that the flaw cannot be exploited to execute arbitrary code. However, the discoverer has posted a proof-of-concept exploit that overwrites heap memory with the user-supplied data. Status: Mozilla confirmed, upgrade to version 1.7.5. The discussion on MozillaZine indicates that Firefox prior to version 1.0 may also be affected. Hence, upgrade Firefox to version 1.0. Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary. Several of the sites commented that they block NNTP at their network security perimeter. References: Posting by Maurycy Prodeus http://www.isec.pl/vulnerabilities/isec-0020-mozilla.txt Mozilla Bugzilla Entry https://bugzilla.mozilla.org/show_bug.cgi?id=264388 Discussion on MozillaZine News http://www.mozillazine.org/talkback.html?article=5844 SecurityFocus BID http://www.securityfocus.com/bid/12131

Hence, upgrade Firefox to version 1.0. Well, that's what I use. Also, how do you turn off Active X in Firefox? I can't find any options, nor even any references in the Help file. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis

turn it off in windows itself. firefox, and all non ms browsers don't use activex. it's to much of a security risk

It's baffled me for a while why there's no IE7. Perhaps MS were just happy to have offed Netscape and had nothing left to prove (other than that they could write the most hacker-friendly system attack launch vector in computing history, ably support by Outlook Express just in case email systems might have felt safe). Still, if Firefox were the biggest browser around I dare say it would attract more scrutiny. ActiveX: Just say 'For the love of God, NO!'

Netscape Corporation, owned by AOL, owns the gecko rendering engine used in netscape, mozilla and firefox. read the license for mozilla and firefox, it states the Netscape public license in it. Mozilla Netscape Public Licenses

Sorry I should've said Netscape /Navigator/ ...I realize that Netscape as a corporate entity survived. Sort of.

Jaqui...if one is using FF exclusively, why would it be neccessary to turn off "activeX in windows"?

because, even though the browser doesn't run it, a malicious script can run an activex control in the background ( no windows open, nothing visible at all ) that can be used to do just about anything to your computer that you can do.

All - thanks for the heads up .... for what it's worth? ....

SEATTLE, Washington (Reuters) -- Microsoft Corp. warned Windows users Tuesday of two new "critical" level security flaws in its software that could allow attackers to take control of a computer and delete or copy information.

The world's largest software maker issued patches to fix the problems as part of its monthly security bulletin, which affects the Windows operating system and the Internet Explorer Web browser.

Computer security experts urged users to download and install the patches, available at www.microsoft.com/security.

"It's very critical that users patch machines for these vulnerabilities," said Jimmy Kuo, a researcher at McAfee Inc.'s virus detection center.

A hacker could exploit one of the security flaws if a user directed the Web browser to a specially designed Web page, Redmond, Washington-based Microsoft said.

Microsoft also issued one other security warning, rated at

the second-highest level of "important."

Microsoft has been working for the last three years to improve the security and reliability of its software under its Trustworthy Computing initiative, as more and more malicious software targets weaknesses in Windows and other Microsoft software.

Also Tuesday, Microsoft began offering downloads of a software tool to remove viruses and other malicious software from computers.

Ok..Jaqui, just how would this malicious script enter my computer that way?

I can't find out anything about disabling Active X within Windows, itself. I found tons of information on turning it off in IE (which I don't use at all), but nothing about disabling it system wide. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis

I don't see anything connecting Active X and Windows itself either, Bonni.

windows scripting host. disable that and you disable activex scripts. Bonni: < ----- script ... some script to run activex in background here ----- > < /head > < body > when you visit the site with a script embedded in the head like that, you don't see it, yet it can download ( through javascript ) a file, then set it into the startup for all users, specially if you, like most people, are always running on an Administrator account.

Thanks for the heads up! I just downloaded Firefox.

Nancy Deer With Horns
Deer With Horns Native American Indian Site

Attached Link: http://www.sophos.com/support/wsh.html

Ah. Windows scripting host. Right. Thanks. (Link attached for those interested in doing it, themselves. ;-)

bonni

Message edited on: 01/13/2005 00:58

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis

wsh is absolutely resquired for the advanced featured in windows help and search functions.

disabling this will revert these to windows 9x functionality.
it will improve security for your computer.

I followed the advice of the article I linked to and so far I haven't seen any change. I did try an advanced search and Help seems to work, as well. Just FYI. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis

Thanks for the great info Jaqui and Bonni. :) Jaqui..could you possibly explain what Sophos means by the next text I have copied here? It's all greek to me, but sounds interesting nontheless. (like what is a PDA) ----------------------------------- "The threat of viruses infecting PDAs and mobile phones has been widely hyped by some anti-virus companies. The fact is that there have never been any reports of viruses successfully infecting these kind of devices outside of laboratory conditions. However, it is possible for PDAs to carry a virus into a company (thus avoiding any email gateway protection), and for the suspect file to be copied onto your desktop from the PDA." ------------------------------------

a palm pilot = pda most cell phones are susceptable to javascripted viruses, even though several manufacturers are useing linux to run the phone. ( Motorola for example ) but to be infected the cell has to be using bluetooth technology. ( a wireless interconnectivity system )

Thank you for explaining, Jaqui. :)

Good thing I never use IE

Talent is God's gift to you. Using it is your gift to God.

Me too, bone..me too! smile

05.2.1 CVE: CAN-2004-1043 Platform: Windows Title: Windows HTML Help Code Execution Description: A cross-domain vulnerability exists in Windows HTML Help ActiveX control that could allow information disclosure or remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious web page that could allow remote code execution if an unsuspecting user visits that page. All windows systems are affected. Ref: http://www.microsoft.com/technet/security/Bulletin/MS05-001.mspx ______________________________________________________________________ 05.2.2 CVE: CAN-2004-1049 Platform: Windows Title: Windows User32.DLL Buffer Overflow Description: Windows ANI (Animated Cursor Files) handler component in user32.dll is affected by a stack based buffer overflow issue. The issue exists because the user-specified length of an ANI file header is directly used in the "memcpy()" operation without boundary checks. All versions of Microsoft Windows are vulnerable to this issue. Ref: http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx ______________________________________________________________________ 05.2.3 CVE: CAN-2004-0897 Platform: Windows Title: Windows Indexing Service Buffer Overflow Description: Microsoft Indexing Service is used to manage, query, and index information in file systems or Web servers. Microsoft Indexing Service is affected by a buffer overflow vulnerability. Microsoft has released a security advisory to solve this issue. Ref: http://www.microsoft.com/technet/security/Bulletin/MS05-003.mspx ______________________________________________________________________

As some of you may know I have always been a die hard Internet Explorer / MicroSoft / Intel supporter. Well dang it! I downloaded FireFox this morning. Wow - Nice browser. I love the Tabed browsing. Ok - So now I am a Firefox supporter. I really like this browser and will be loading it up on all my systems. I also like that they didnt ask for any information when downloading FireFox. I figured I would have had to supply my name and E-Mail address prior to downloading...but I didnt. Click the DL button and I got what I was after. Just thought I would share. :) Clint

Clint Hawkins
MarketPlace Manager/Copyright Agent

---

All my life I've been over the top ... I don't know what I'm doing ... All I know is I don't wana stop!
(Zakk Wylde (2007))

---

welcome to the new world Clint... checkout some of the Extentions you can add.. you can really tailor FF to your needs..

Hi Khai, Yea - I DL'ed the bandwidth meter and FLASH plug-in. (grin) I may DL some of the "Themes"... Any cool Themes you can recommend?? Clint

Clint Hawkins
MarketPlace Manager/Copyright Agent

---

All my life I've been over the top ... I don't know what I'm doing ... All I know is I don't wana stop!
(Zakk Wylde (2007))

---

not looked into those so much.. I'm running a wood theme that fits in with my desktop grin I recommend Adblock tho.. a very very useful addon that.. and I run Chatzilla for my IRC needs...

Thanks Khai. Have a nice weekend!! Clint

Clint Hawkins
MarketPlace Manager/Copyright Agent

---

All my life I've been over the top ... I don't know what I'm doing ... All I know is I don't wana stop!
(Zakk Wylde (2007))

---

I'm using the "Nautipolis" theme by Alfred Kayser, Clint. Love it! :)

~shudder~ irc yuck!!!

I downloaded FireFox this morning. Wow - Nice browser. I love the Tabed browsing. Ok - So now I am a Firefox supporter. Woohoo! :-) I keep telling people if they'll just try it they will almost certainly find that they like it. ;-) bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis

Just wondering....how fast is internet with firefox for you? I tried it, but it was so slow. It took a page several minutes (up to 6 min) to load (i use explorer at the moment and it takes a page seconds to load) and i use broadband. I guess i'm wondering if i did something wrong when i installed it because it was just so so slow, that i ended up uninstalling it.... At the moment i'm using explorer, but i would like to use a safer alternative.

Firefox is very quick for me. Most people remark on how fast it is, actually... bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis

Okay... stupid question from me. If you disable windows scripting host in WinXP, is that going to cause problems for any programs that use Java? Cause I have programs I use that I cannot live without.

Attached Link: http://forums.mozillazine.org/

Firefox is fast for me too, just as fast as IE was. However there are a few users who say that it is slow. If it doesn't straighten itself out in cache, then go to this URL for Firefox support and ask them what's up. http://forums.mozillazine.org/

winders scripting is vbscript, and activex java needsa a java virtual machine, only available from sun. javascript needs a javascript enabled application

Thanks. It was the word script that confused me, lol.

java is a scripted language. the javavm is an engine to interpret the language and run the application. some programmers use compilers that will compile java into bytecode, removing the reliance on an interpreter / vm, and speeding it up. but most don't

One thing that totally confuses me: We've heard stories of Windows or Internet Explorer vulnerability for years if not decades. They keep "fixing" it, yet we keep hearing of vulnerabilities. Why can't they REALLY fix it once and for all?

Because their lazy and inept! :)

~l~ actually it's because microsoft has a coding policy: keep all existing code intact, and never meet coding standards. this creates bugs they don't fix. ( win 9x / me still had win 3.x file manager ) the code is proprietary so only an extremely limited number of people can access it to fix it. also, remember that windows is designed for the sole purpose of playing video games ( bill gates in press conference ) security is not something they actually care about.

TdaC: Try running Adaware and Spybot Search and Destroy..then reinstall Firefox..see if that helps any?

~Jani

Renderosity Community Admin
---------------------------------------

Thanks for the tip, it worked for a little while. Yesterday i visited rdna and their front page took 3,5 minuts to load and a few hours later the computer froze twice. I uninstalled firefox and everything went back to normal. Maybe my computer is too old for that browser, it's from 2000 and not very big. An interesting thing is firfox is safer than explorer but when i use explorer, spyboot never finds anything. The little time i used firefox, spyboot found several ojbects.

The problem with IE isn't that it attracts spyware or whatever. It's that there are numerous holes in it that directly tie to the operating system. Visit a page that uses the right (or wrong) code, and, bam, your system is compromised. The browser actually allows malicious code to be executed on your system. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis

Yup, IE lets stuff download behind the curtains..things you never even know about..at least with Firefox you can see it, and have the option of allowing it or not. I dont think its your machine either..my girls both have older machines, and are running Win 98 SE..Not many machines have I seen that wouldnt run Firefox.....gotta be sompin' else..puts on thinking cap

~Jani

Renderosity Community Admin
---------------------------------------

I recently visited a site link from a message here in Renderosity, using Firefox. I was amazed to see the site had loaded a "pop-under" screen. The site belonged to someone who apparently was popular here, so I didn't say anything. Now I don't remember whose site it was. But Firefox is not immune to such annoyances.

damn... they be finding away to do it on all browsers now...

Not too long ago, there was a flaw that was discovered in Windows server and also in IE. Certain very well-trusted sites with big names were compromised through the flaw in Windows (because the server was running it), and when people visited the site with IE, a file was downloaded and run. When it was successful, the thing compromised your system quite badly (can't remember just offhand what it did). So in that case, even visiting well-known and trusted sites was dangerous... bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis

MODERATE: Internet Explorer File Download Security Warning Bypass
Affected:
Internet Explorer on XP SP2

Description: It has been reported that the security warning (information
bar) presented to the users, while downloading executable files from the
Internet, can be bypassed in Internet Explorer on XP SP2. HTML pages,
which dynamically create a frame with its source as an executable file,
can be used for such a purpose. A malicious webpage may exploit this
flaw to download malware like Spyware or adware on the Windows clients.
A proof-of-concept exploit is included in the discoverer's posting. Note
that the "standard" file download dialogue is still presented to the
user prior to the download. Hence, the flaw can be exploited only with
user interaction.

Status: Microsoft not confirmed, no patches available.

Please refer to the links in the references for configuring IE with limited privileges as a general IE security trick.

Council Site Actions: All council sites are waiting for confirmation and
a patch from Microsoft. Several sites said that they would roll out the
patch during their next regularly scheduled system update process.

References:
Posting by Rafel Ivgi
http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0475.html
IE Configuration Hardening Tricks
http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0031.html
http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp
SecurityFocus BID
http://www.securityfocus.com/bid/12264

Internet Explorer Remote Information Disclosure Description: Microsoft Internet Explorer is affected by a remote information disclosure issue. The application fails to properly secure scripts that reside on a local computer. If a user navigates to a remote malicious script, it is possible for the remote malicious script to load and execute. All current versions of Internet Explorer are affected. Ref: http://secunia.com/advisories/13872/