dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2004-06-12 12:02:36: There have been four new holes found in Microsoft's Internet Explorer Web browser that could allow malicious hackers to run attack code on Windows systems, even if those systems have the latest software patches in place. ..


klobb
join:2000-10-06

klobb

Member

omg0rz!1

what's new?

Subaru
1-3-2-4
Premium Member
join:2001-05-31
Greenwich, CT

Subaru

Premium Member

Re: omg0rz!1

yup they have So called "Fixes" like every other week now, Still have the same problems.

Steve
I know your IP address

join:2001-03-10
Tustin, CA

1 recommendation

Steve

Re: omg0rz!1

said by Subaru:
yup they have So called "Fixes" like every other week now, Still have the same problems.
Microsoft release new patches on the second Tuesday of every month.

Subaru
1-3-2-4
Premium Member
join:2001-05-31
Greenwich, CT

Subaru

Premium Member

Re: omg0rz!1

said by Steve:
said by Subaru:
yup they have So called "Fixes" like every other week now, Still have the same problems.
Microsoft release new patches on the second Tuesday of every month.

Sarcasm...

EnzonE
join:2000-03-23
Indiana, PA

EnzonE to Steve

Member

to Steve
Wow I with it was that spread out; about once a day I always have the window popping up for the 'IE Cumulative Security Patch" pop up; it'll never stop!

Parogadi
What? Stop Looking At Me Like That
Premium Member
join:2003-03-31
Racine, WI

Parogadi to Subaru

Premium Member

to Subaru
What I wanna know is how this is news worthy? I mean come on, this is a daily occurrence with MS garbage.

If M$ hasn't gotten it right in this many years they never will and this new SP wont even cause a blip in the number of attacks.

You fanboys need to stop kidding yourself that its safe and secure when we know damn well your all trying to be security nazis and holding the security together with ductape like Spybot only to have to slave away endlessly to keep the machine from falling apart.

M$ doesn't give a shit about security, only about keeping their image good to the uninformed so they continue to throw cash at them.
Cybertoad
join:2001-11-08
Houston, TX

Cybertoad to klobb

Member

to klobb

Re: omg0rz!1

said by klobb:
what's new?

No joke. It's getting to the point where I'd
only be surprised if they DIDN'T find any more
security holes in IE.

I'll take the mushroom and IE burger medium well, please!

Dude9
What Happens When I Do This
Premium Member
join:2000-11-20
Chicago, IL

Dude9 to klobb

Premium Member

to klobb
when will microsoft just throw in the towel?????

Jeremy341
Bye
Premium Member
join:2000-01-06
localhost

Jeremy341

Premium Member

Re: omg0rz!1

said by Dude9:
when will microsoft just throw in the towel?????
I don't see why they'd do that. IE SP2 isn't vulnerable to any of these exploits.

Dude9
What Happens When I Do This
Premium Member
join:2000-11-20
Chicago, IL

Dude9

Premium Member

said by Dude9:
when will microsoft just throw in the towel?????

yet

Da22in
Buck Fush
join:2002-06-10
Charlotte, NC

3 recommendations

Da22in

Member

*gulp*

We're all doomed. DOOMED!

I better go get that foxilla...foxfire...what?


jopfef
Home of The Rat Patrol
MVM
join:2001-03-31
Saint Louis, MO

jopfef

MVM

Re: *gulp*

said by Da22in:
We're all doomed. DOOMED!

I better go get that foxilla...foxfire...what?



I believe you're referring to Mozilla's Firefox browser???

Nerdtalker
Working Hard, Or Hardly Working?
MVM
join:2003-02-18
San Jose, CA

Nerdtalker

MVM

Re: *gulp*

said by jopfef:
said by Da22in:
We're all doomed. DOOMED!

I better go get that foxilla...foxfire...what?



I believe you're referring to Mozilla's Firefox browser???

I don't even use IE anymore, partly because I'm sick of having to patch it every day or so...

I've really switched sides on this issue, before, I was all for IE, now, I avoid it when I can...

Jigsaw
Stardust We Are
Premium Member
join:2000-10-21
Cleveland, OH

1 edit

Jigsaw to jopfef

Premium Member

to jopfef
said by jopfef:
said by Da22in:
We're all doomed. DOOMED!

I better go get that foxilla...foxfire...what?



I believe you're referring to Mozilla's Firefox browser???

I just Started to use FireFox.Im very Impressed with it to.I just thought i download it and try it now Im using it all the time good browser.

teagle
@rr.com

teagle

Anon

how much wait, 90 days?

I'm not surprised

its gonna take like another 90 days to release so called Emergency patch

BIGMIKE
Q
Premium Member
join:2002-06-07
Gainesville, FL

1 recommendation

BIGMIKE

Premium Member

Why Windows is a Security Nightmare

Why Windows is a Security Nightmare
by latif [May 16, 2004]

Security in all mainstream operating systems is non-existent; however, things are especially bad for Windows. Windows happens to be the favorite target of worm and virus writers. Conventional wisdom suggests that the huge installed base of Windows helps spread the worms and viruses, and also makes it a highly attractive target for worm/virus writers. The installed base of Windows certainly has an undeniable effect on the prevalence of malware on Windows, but this is not all there is to it. »www.techuser.net/index.php?id=47

CKY
join:2002-12-12

CKY

Member

Solution?

»www.mozilla.org/products ··· firefox/
j_7962
join:2004-05-19
Saint Paul, MN

1 recommendation

j_7962

Member

Re: Solution?

The problem it not Internet Explorer it the dumb people that run the computers they go on website like “FULL WAREZ APPZ CRACKZ DOWNLOADZ porn” that bad land , if your looking for trouble on the net you fined it.
IGGY9
No Guru Just Here To Help
Premium Member
join:2001-03-30
Chatham, IL

1 edit

1 recommendation

IGGY9 to CKY

Premium Member

to CKY
said by CKY:
»www.mozilla.org/products ··· firefox/

Solution SPAM competing products link in a topic that has nothing to do with that product. Do we really need to point out that these alternatives have had and still do have some of there own problems? Don't believe the hype folks. If these alternatives had the market share of IE. It be interesting to see how they would hold up with ever hacker, cracker and ---- smacker knocking at there door.

Funny how with basic security and common sense none of this has any effect. Granted holes, flaws, exploits and / or bad code should always be fixed. Granted developers should do there best to make sure that these things can't happen in the first place. But if it was built by a human. A flaw can be found. Just depends on how much time and resources a person wishes to put towards reaching that goal. The alternatives aren't all that and a box of cracker jackers. No matter how much hype they get.
bmn
? ? ?

join:2001-03-15
hiatus

bmn

Re: Solution?

said by IGGY9:
Do we really need to point out that these alternatives have had and still do have some of there own problems? Don't believe the hype folks. If these alternatives had the market share of IE. It be interesting to see how they would hold up with ever hacker, cracker and ---- smacker knocking at there door.
Considering there is a larger pool of developers who proactively look for problems, I'd wager that the open source browsers like Firefox would do much better.

Additionally, since they are not integrated into the OS, like IE, the level of damage than can cause is lessened.

Combat Chuck
Too Many Cannibals
Premium Member
join:2001-11-29
Verona, PA

Combat Chuck

Premium Member

Re: Solution?

said by bmn:
Additionally, since they are not integrated into the OS, like IE, the level of damage than can cause is lessened.
Assuming you're using something from the NT branch of windows as most windows users now are; How so?

linicx
Caveat Emptor
Premium Member
join:2002-12-03
United State

linicx

Premium Member

Look to Windows 3.0

If you want to know how this began, go talk to the security experts who warned Bill Gates he was unleashing the Internet version of the Bubonic Plague when he rewrote OE in VBS and released it. That was ??? 'about ten years ago. It's been a down hill slide ever since.

Security experts warned Gates about XP a couple of years before it was released with unsecured root access enabled; they warned it would make attacks too easy for malware and virus writers. Bill said it would make computing easier and more fun. Hmmmm? Are you having fun swatting viruses, stamping out spam and patching your box every month?

Guess what .. those monthly patches are an accumulation of weekly and sometimes daily patches MS releases. And contrary to popular opinion there are operating systems that can be secured and protected - but they are not compiled on DOS and they are not written by shade tree mechanics.

prestonlewis
Premium Member
join:2003-04-13
Sacramento, CA

prestonlewis

Premium Member

Re: Look to Windows 3.0

I stopped using IE because of the various hijacks that web sites could do: changing your home page, adding all kinds of horrible toolbars. Isn't this because IE comes with default settings for adding toolbar extensions, etc? Why Microsoft leaves all the default settings open for malicious use is just beyond me. They should turn OFF all the settings that allow tampering and make the user learn how to turn them on, if needed.

Anyway, I use Firefox. Never any problem with Firefox at all. I also use aports (shows open ports, what software is running the open port, and what IP it's communicating with) to make sure nothing is communicating without me knowing about it, I check msconfig (startup tab) regularly to see what's running when I turn on my computer, and I use SpyBot. So far, no problems for me.

Like the Comcast spokesperson said when they announced some customers would have port 25 blocked due to spam viruses, most of the people who will get blocked are grannies who haven't a clue and Comcast doesn't want to make them angry.

It's up to Microsoft to protect the grannies of the world from the virus writers. So far, Microsoft has failed miserably.

Sniggs
Iggy is my Hero
Premium Member
join:2002-09-27
Tonasket, WA

2 recommendations

Sniggs

Premium Member

The good new is...

I just saved a BUNCH of money on my Auto Insurance! ;)

ghostpainter
I Write for the Apocalypse
MVM
join:2002-05-25
Rancho Cucamonga, CA

ghostpainter

MVM

Re: The good new is...

said by Sniggs:
I just saved a BUNCH of money on my Auto Insurance! ;)

This sounds like something from the Boys at the "National Lampoon" except I think they write better "scripts"...

alphacorvus
@speednetllc.com

2 recommendations

alphacorvus

Anon

Mozilla is flawed...OMG !

"On Thursday, two more unpatched Internet Explorer holes also surfaced that are slight variations on the same themes. One is a spoofing vulnerability that works on IE, as well as the Mozilla and Safari browsers, and allows attackers to fake the address displayed in the address bar."

»story.news.yahoo.com/new ··· d/116492

So much for the inherent holiness of Mozilla, eh?

jferello
J
Premium Member
join:2001-03-12
Hatboro, PA

jferello

Premium Member

Re: Mozilla is flawed...OMG !

hahahahaha......

pcscdma
hi
Premium Member
join:2004-01-14
Winterset, IA

pcscdma to alphacorvus

Premium Member

to alphacorvus
OMG squid is very very bad

n2jtx
join:2001-01-13
Glen Head, NY

n2jtx

Member

An example of an address spoof

There is a Paypal Phishing page at http://195.46.147.7/~bozkurts/header/index.htm that implements the newly discovered address bar spoof. I got a SPAM message the other day that had a link pointing to this page. It was rather impressive to see how it covered the address bar. Only problem is when you minimize IE, the address line is still visible!

BIGMIKE
Q
Premium Member
join:2002-06-07
Gainesville, FL

BIGMIKE

Premium Member

Re: An example of an address spoof

Click for full size
said by n2jtx:
There is a Paypal Phishing page at http://195.46.147.7/~bozkurts/header/index.htm that implements the newly discovered address bar spoof. I got a SPAM message the other day that had a link pointing to this page. It was rather impressive to see how it covered the address bar. Only problem is when you minimize IE, the address line is still visible!

An example of an address spoof AND NOT A GOOD ONE, TRACE

•••••••
swbrains
join:2004-04-14
Land O Lakes, FL

swbrains to n2jtx

Member

to n2jtx
It also doesn't seem smart enough to figure out where the existing address field is. On my browser, I have a Links bar below the address bar and it put the "spoofed" address bar over top of my Links bar. Made it very obvious it was doing something funky.
ElJay
join:2004-03-17
Portland, ME

ElJay to n2jtx

Member

to n2jtx
In Mozilla 1.6, I get a little Javascript box that says "demonstration requires IE5.5+/Win"

Slackwolf
Seawolf
join:2001-11-27
Milton, FL

1 edit

Slackwolf

Member

Re: An example of an address spoof

said by ElJay:
In Mozilla 1.6, I get a little Javascript box that says "demonstration requires IE5.5+/Win"

same here, but i'm running neither ie nor windoze

also funny how the "reported address bar spoof" supposedly effecting mozilla doesn't happen to my mozilla 1.6 on slackware linux and i've tried every link around that suppose to effect mozilla....guess it's mozilla on windoze eh

CTCNetwork
join:2003-05-17
Notts

CTCNetwork

Member

Re: An example of an address spoof

Hi,

No, never had any addressbar spoofs work in Moz - either mozilla itself nor FireFox. . .

X_Zeratul_X
join:2003-07-28
San Jose, CA

1 edit

X_Zeratul_X to n2jtx

Member

to n2jtx
oops

printscreen
join:2003-11-01
Juana Diaz, PR

printscreen to n2jtx

Member

to n2jtx
Click for full size
If your address bar is in an odd place the screen will show two addreses like this. Kind of hard to spot due t the colors but there it is.
gudel
System Lord
Premium Member
join:2004-06-03
USA

1 recommendation

gudel

Premium Member

nothing new

never really have a problem with IE, nor people taking over my computer.

do you know why? that's because i don't look for trouble, or seek troubles in troublesome sites

of course if you actually run the sexdialer.exe or run other vbs/exe that you do not know where it's from, then you deserve the trouble/spyware/malware/virii in your computer.

••••

Jeremy341
Bye
Premium Member
join:2000-01-06
localhost

Jeremy341

Premium Member

Once Again, SP2 is Fine

None of these new exploits work in SP2, including the ones that cause problems in Safari and Firefox. Hmm...

•••

tim_k
Buttons, Bows, Beamer, Shadow, Kasey
Premium Member
join:2002-02-02
Stewartstown, PA

tim_k

Premium Member

NO IE

I just recently tried firefox. But so far, I like my Opera better. It's never been hijacked. knock on wood
ced06
join:2004-03-12
Towanda, PA

ced06

Member

Rendering!

How about fixing the IE rendering engine (transpareng PNGs)?

Or making IE display code the way it's meant to be. Ex: someone can make a crappily coded website, it displays perfectly in IE...in Firefox or any other browser it's an attrocity.

•••

TheSaint
join:2002-01-25
Hanover Park, IL

TheSaint

Member

See.....

....avatar for details!
8744675
join:2000-10-10
Decatur, GA

8744675

Member

MS bit by the bundling bug

With all the holes in IE, it seems that Microsoft has shot themselves in their own foot by their bundling of IE as part of the operating system. What goes around comes around!

Not only do the IE security flaws spill over and affect the whole operating system, they made it impossible for them to just ditch IE completely and replace it with a whole new, hopefully secure, browser.

I think they would have done it long ago if they could, but instead, now they have to patch, patch, patch. Maybe now they'll begin to understand their end-users frustration.