 
bokamba
Chengdu Rocks
Premium
join:2002-04-05
Falls Church, VA | Scary! I often use the "Open" option. Thank goodness I use Mozilla Firebird more often these days! | |
|  | 
Nam Vet
Premium
join:2001-12-03
Allentown, PA | Re: Scary! me too, Well only from trusted sites and usually only pdf's,
but no longer! | |
| | | | | 
Pole883
Premium
join:2004-01-27
Schenectady, NY | Yes, it is scary.....I utilize K-Meleon , these days; ya never know.....I use I.E. 6 for updates ....
So it goes....
--
Pole883 | |
| | | 
53059959
Temp banned from BBR more then anyone
join:2002-10-02
PwnZone
| nothing new wow this is nothing new, sites have been doing this for a while. if you visit warez/crack sites on a regular basis you get that all the time, sites trying to make you think your downloading a legit file. all you gotta do (in ie) is when you go to save it, you will notice it's not a pdf or what it claims to be when you save it. | |
| | 
devil24
Premium
join:2002-06-28
Houston, TX | Hail to the new king... Mozilla Firebird!  | |
| | Deathsadvoca
join:2003-08-20
South Lyon, MI
clubs: | Mozilla Anyone? | |
| | tc17
join:2003-08-14 | I must be missing something, because when I use IE to open this file, it opens it as an html file. When I use Mozilla Firebird, it wants to open it as an html file also. | |
| | |
Nam Vet
Premium
join:2001-12-03
Allentown, PA
2 edits | Re: Scary!
I E 6 | 
FIREBIRD |
yes it is a html file but you are led to believe its a pdf!
it's the download dialog box that is not letting you know the correct file type!
if you chose to open this file thinking its a pdf does acrobat reader open? NO!!!
Although if you download the file (at least in the case of this exploit demo) and then try to open it windows now thinks its a pdf because of its extension.
so after downloading it when you try to open it acrobat reader opens but you get an error message either because its zero bytes or because its an html file.
If the demo actually was not zero bytes and you did download an html file either windows explorer would append the correct extension to the file(maybe) or if it still said it was a pdf then acrobat would try to open it but you would get an error message (from acrobat reader) that the file was an invalid format.
using a zero byte file for this demo was not the right thing to do, however the demo is correct in pointing out that the IE download dialog box shows an incorrect extension or does not reveal (NOTE THE EMPTY "FILE TYPE" LINE) The correct file type
btw using firebird is not the same thing!
it's download dialog box lets you know its an html file!
--
H O W T R U E : If you want something done, ask a busy person to do it | |
| 
acehyde
Tired.
Premium
join:2001-08-14
clubs: | Just another reason to dump IE Here is a prime reason why I choose not to use IE as my main web browser. Too many vulnerabilities, not enough action taken when they are found.
--
Insert witty comment here | |
| tdp17
join:2001-04-24
Charlotte, NC
| Sick of hearing "that's why I use Mozilla, etc." I'm glad people point out these problems, it creates a better product. I'm happy knowing that even though there are all these exploits and such, Microsoft fixes them to the best of their ability, leaving a browser that is better secured than before. As for the other browsers, Mozilla, Netscape, Opera, etc. they may seem as the best alternative, but does anyone really test for errors in these browsers and report them to media? no. Instead, they make an update available and keep it all hush, hush from the media making it seem like they have no problems or exploits. The other browsers are much more vunerable to exploits than ie. | |
| |
Nam Vet
Premium
join:2001-12-03
Allentown, PA
| Re: Sick of hearing "that's why I use Mozilla, etc." quote:
The other browsers are much more vunerable to exploits than ie.
LOL, yea sure they are
--
H O W T R U E : If you want something done, ask a busy person to do it | |
| | mladd
join:2002-12-20
Ooltewah, TN
| tdp17,
It's actually the other way around. Due to numerous "enhancements" and "features" in IE and it's to-close-for-comfort integration with the OS and other apps (like Outlook) they practically build these vulnerabilities into it's own product.
Instead of "does anyone really test for errors in these browsers and report them to media?" you should be asking
"does anyone at Microsoft really test for these errors in it's own browser before releasing to the public" The answer would be the same. no.
I used alternate browsers, and now even an alternate OS. I just could no longer go on trusting Microsoft and it's products to provide the basic security in a normal home PC.
Using a PC should not mean having to first check every day to see if there are new updates and security releases available. You shouldn't have to go out and scan the virus boards to see if some new virus has sprung up. You shouldn't have to run an auto update (or download the latest DAT files) for you virus software. You shouldn't have to go out to the stores and buy new virus/firewall/spy-ware-protection/security software every few months. True, I may be exaggerating a bit, but you get my point.
After all is said and done.... It should just work.
That may be ignorant of me, but that's just my opinion of what what a personal computer SHOULD be.
-Mike | |
| | | 
mph300
Two Thirds The Way There
join:2000-11-09 | Re: Sick of hearing "that's why I use Mozilla, etc." Hey Mike,
Not Ignorant at all.....but thinking in a dream world....Wouldn't it be nice if computers WERE like what you described!! | |
| | 
glorybox48
join:2001-02-08
Little Ferry, NJ
| said by tdp17  :
As for the other browsers, Mozilla, Netscape, Opera, etc. they may seem as the best alternative, but does anyone really test for errors in these browsers and report them to media?
You DO realize that many of these "other browsers" have been invulnerable to several huge IE exploits (including this extension spoofing and phishing) in the first place, right.. ? Wouldn't you rather -not need- a patch in the first place for a problem that doesn't exist? | |
| | evagilon
join:2003-01-10
Imperial Beach, CA | yeah right. when was the last update for ie again?
11/5/03.
as for keeping hushed, msnbc regularly notes when updats come out. | |
| | | mladd
join:2002-12-20
Ooltewah, TN
| Re: Sick of hearing "that's why I use Mozilla, etc." MSNBC IS Microsoft. Of course they aren't going to bash Microsoft on all of the security issues and let all of the IE folks know when to patch their Operating Sys...I mean...Browser.
"when was the last update for ie again?
11/5/03."
How many vulnerabilities have been reported since then? More than Microsoft can keep up with, apparently, since they still have not released a patch for some of the most notorious ones that have been out for close to two months now.
I love this "vapor policy" of Trustworthy Computing Initiative. It's a joke. | |
| | | | | | | 
72276539
Premium
join:2001-01-19
Atlanta, GA
| Re: Sick of hearing "that's why I use Mozilla, etc said by CO_Chris :
Remember a few months ago someone made a patch for IE??? well what happed it worked and Microcrap made then take it down Y?? because someone knew how to fix there crap and they did not. I got the patch but don't use IE anymore.
so Whatever
Get your facts straight, the patch the group made created several more problems then it actually fixed.
--
some people believe in astrology others believe in technology some people believe in all those -ologies but i believe in swordfish | |
| | raye
Premium
join:2000-08-14
Orange, CA
| Perhaps you should check out »umbrella.mx.tc/ before you make such a grand statement. 35 unpatched IE vulnerabilities vs 6 for Netscape and 1 for Mozilla.
I checked the site most recently yesterday, however it seems to have some difficulty accessing it as of 7 AM PST 01/29/04.
Mozilla does not have the phishing exploit that IE user have been tricked with. | |
| | | 
mod bait
Premium
join:2001-06-11
Rochester, NY
| Re: Sick of hearing "that's why I use Mozilla, etc said by raye :
Perhaps you should check out »umbrella.mx.tc/ before you make such a grand statement. 35 unpatched IE vulnerabilities vs 6 for Netscape and 1 for Mozilla.
Telling someone to "get your facts straight" is something that needs to be done carefully. The site you linked to lists 24 MSIE "vulnerabilities", but at least half a dozen of them are not vulnerabilities at all (because they only work in the My Computer zone), some others are "still being investigated", and some of the few remaining have yet to be verified elsewhere.
--
"Most people would sooner die than think; in fact, they do so." --Bertrand Russell | |
| | stufried
Premium
join:2003-10-13
 ·Verizon BroadbandA..
| Microsoft is a victim of its own success. Hackers and researchers are concentrating on the Microsoft line of products because they have the largest market share. I'm not sure that the question is whether the same programmer (spending an equal amount of time) could find an exploit in Mozilla, Netscape, or Opera, but whether obscurity creates an additional measure of security.
For example, if I drive a Holden in Australia, it is likely to get ripped off. It is an easy car to steal and every thief knows how to "hotwire" it in about three seconds. If I take that Holden to the US, however, it is less likely to be ripped off, because US car thieves aren't spending their time learning how to steal cars that aren't readily available. Holden's security may be worse than say a Jeep's, but I've personally increased my security by going with the odd-ball car. | |
| | | 
GNXPower
Got Boost?
Premium
join:2003-12-18
Huntington Beach, CA
| Re: Sick of hearing "that's why I use Mozilla, etc Of course they can. I have no problems with the exploits being discovered themselves. EVERY type of software like these has problems.
The problem I have with Microsoft is the SLOW response from Microsoft regarding patching the exploits.
I'm still using IE most of the time (as part of MSN 9) but more and more often I'm finding myself using a Mozilla based browser, not just because of them less of these exploits discovered, but because they also offer more features including pop up blocking and some page manipulation blocking.
--
Mac Truth »members.cox.net/clyqz/macs.html | |
| | | dda
Premium
join:2003-12-29
Bolton, MA
| Re: Sick of hearing "that's why I use Mozilla, etc." Actually, Microsoft is also a victim of their own arrogance; by "integrating" IE into the OS and shipping it with the OS (all in an attempt to stifle competition), they have a responsibility to make (and keep) it secure. They have fallen down badly, I'd say because of their usual attitude of failing to plan for the unintended consequences of their "whiz bang" ideas.
Plus, they tend to ship code a wee bit "early," so to speak, which doesn't help matters. When bugs or exploits are found, they should fix them quickly, but they haven't done that, either.
Their browser is popular because they ship it with the OS, it is "good enough" for most people and they make getting any other browser more difficult. So yes, it becomes a target because some cracker can assume it is on the desktop and most likely be right. All the more reason to fix exploits quickly. | |
| |
mod bait
Premium
join:2001-06-11
Rochester, NY
| said by tdp17 :
I'm glad people point out these problems, it creates a better product. I'm happy knowing that even though there are all these exploits and such, Microsoft fixes them to the best of their ability, leaving a browser that is better secured than before. As for the other browsers, Mozilla, Netscape, Opera, etc. they may seem as the best alternative, but does anyone really test for errors in these browsers and report them to media? no. Instead, they make an update available and keep it all hush, hush from the media making it seem like they have no problems or exploits. The other browsers are much more vunerable to exploits than ie.
Just use whatever you want, and be happy with it. Some people just need the little ego boost that goes along with (what they perceive as) a validation of their choice in software. So, take the "This is why I use..." quotes which fail to make any real point as a little cry for help, smile, and go on.
--
"Most people would sooner die than think; in fact, they do so." --Bertrand Russell | |
| nasadude
join:2001-10-05
Rockville, MD
 ·Comcast
| almost ready to remove IE I am pretty close to removing IE from all the computers I and my family use. I use firebird now at work and on "mom n dad's" computer at home, but my son and wife still use IE.
One more security vulnerability for IE and I will make the whole family start using firebird.
The only reason I keep IE around at all is that there are still web pages out there that will only work or display properly when using IE. | |
| | 
ArchAngel21x
MacFan Pro
Premium
join:2001-10-28
Lincoln, NE
 ·Internet Nebraska
| Re: almost ready to remove IE said by nasadude :
The only reason I keep IE around at all is that there are still web pages out there that will only work or display properly when using IE.
I like Firebird, but I keep on truckin' with IE because of the reason you stated.
--
I am the beginning. I am the end. I am forever, and I will continue to exist long after everything, even hope itself, has been destroyed. | |
| | | tc17
join:2003-08-14
| Re: almost ready to remove IE said by ArchAngel21x :
said by nasadude :
The only reason I keep IE around at all is that there are still web pages out there that will only work or display properly when using IE.
I like Firebird, but I keep on truckin' with IE because of the reason you stated.
Thats also the very reason why I still use IE most of the time. Mozilla/Firebird still doesn't work with everything, and its a real pain to get working correctly. | |
| | | | | ross
join:2000-08-16
·Digizip
| Re: almost ready to remove IE And whose fault is that? Microsoft's hijacking/twisting of code language to create the proprietary incompatibilities you speak of, and the dumbass coders who continue to ignore that a good website must be accessible to, and compatible with, all major browsers. Particularly, when the browser they so slavishly support is so full of SECURITY flaws. It seems unthinkable that financial institutions would continue to utilize such demonstrably flawed software for access to their depositors accounts. | |
| | | |
See 10 replies to this post | |
| | | | | systems2000
What? You Say It's Fixed. Hah
join:2001-11-29
Cyberspace
·Embarq
|
Have you never heard of W3C.org? Anyone who has been building web sites in the last Year or two and don't meet their standards is asking for trouble.
Taking the attitude that, "if your not using IE then we don't care", is a horrible attitude. What about ADA requirements (WCAG or section 508), WebTV users, or the coming revolution of handheld devices, let alone 3rd party browser compatability. | |
| | | | 
Jason Levine
Premium
join:2001-07-13
USA
| Re: almost ready to remove IE said by systems2000 :
Have you never heard of W3C.org? Anyone who has been building web sites in the last Year or two and don't meet their standards is asking for trouble.
Taking the attitude that, "if your not using IE then we don't care", is a horrible attitude. What about ADA requirements (WCAG or section 508), WebTV users, or the coming revolution of handheld devices, let alone 3rd party browser compatability.
When I build my web sites, I make sure they look good in IE (of course) and Mozilla/NS 6.x+. I used to check with NS 4.x but that's so horribly outdated, that I'd rip too much hair out trying to get pages with valid CSS working properly under NS 4.x. Luckily, few people are using it any more.
WebTV users and handheld users make up a fraction of a percent of my visitors (if any at all), so why should I spend precious time recoding the site over and over to make it look good for them? (Besides which, I don't have a WebTV box or Internet-enabled handheld to test against.)
As far as the ADA requirements go, I've been trying to use the ALT tag more and rely on CSS-enhanced text menus rather than images of text. Besides that, though, I really don't make an effort to be compliant. (I don't fall under section 508, so it's really not a "requirement" for me.)
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ | |
| | | | 
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| said by systems2000 :
Have you never heard of W3C.org? Anyone who has been building web sites in the last Year or two and don't meet their standards is asking for trouble.
I would like to point out that many of the incompatibilities in browsers today are a result of the W3C. They waited too long to react to both Netscape and IE's proprietary tags (that have valid uses that the W3C chose not to address); and now we have an HTML standard that only sort of works on newer browsers.
So the reality of the situation is that you have to code your pages with a mishmash of nonstandard and standard HTML or you cut off potential customers.
As for this exploit:
The first thing I was ever told when I started to use the web was; never ever open a file from your browser, save it to disk first. So my question is, where has everyone else been all these years?
--
Japan-- Now with 30% more climbable telephone poles!! | |
| | | 
Lumberjack
Premium
join:2003-01-18
Newport News, VA
| How many of you have actually been exploited? I've been using IE since before Windows95 and have yet to have had problems with any of these exploits during all of my web adventures.
I suppose that because I am technology inclined I know better than to do stupid things so maybe it's just a matter of education. And like said above people find things and they eventually get fixed. When Firebird gets an exploit it's probably fixed and pushed under the rug. When IE has an issue everybody jumps Microsoft's shit, as usual.
--
whatever | |
| |
See 7 replies to this post | |
| 
R4M0N
Brazilian Soccer Ownz Joo
join:2000-10-04
Glen Allen, VA
·Comcast
| Go ahead and remove IE! Then Firebird or some other browser will become the biggest and also the target to all this scrutiny. I would love to come back here in a few years and see the same people bitching about how they are removing **insert next big browser name here**
Yes, the browser is full of security holes, but believe me, if half the people looking for holes in IE were also looking for holes in other browsers, we would ditch browsing alltoguether (well, at least some of you would). | |
| | 
Masque
join:2001-12-04
Auburn, MI
·Charter Pipeline
| Re: Go ahead and remove IE! said by R4M0N :
Then Firebird or some other browser will become the biggest and also the target to all this scrutiny. I would love to come back here in a few years and see the same people bitching about how they are removing **insert next big browser name here**
Yes, the browser is full of security holes, but believe me, if half the people looking for holes in IE were also looking for holes in other browsers, we would ditch browsing alltoguether (well, at least some of you would).
Precisely. These people will ALWAYS go for the big gun....just to show their peers they can. As I had written in another forum, in the pre-NT days the O/S with the biggest and most holes was Unix.....until NT became popular. Then the hacks out there started going for them. The big gun's always the target. | |
| | | | | 
mrchris
We don't miss you Bush
Premium
join:2002-10-01
North Babylon, NY | Firebird is very solid, even for 0.7. Havn't come up to one single critical flaw yet. | |
| 
pcdebb
RIP dadkins
Premium
join:2000-12-03
Tampa, FL
clubs: | it's gonna happen..... ...I'll give it a month before someone writes a virus/worm/trojan to take advantage of the exploit. | |
| | | damox
Premium
join:2002-01-07
Olympia, WA
·Comcast Formerly ..
| This is really not about IE Actually, this is not about IE or Microsoft; it is about human nature. As long as there is an internet, and as long as there are computers, there will be people who will find ways to exploit it. Microsoft is a huge target because so many people have it and because they are successful. However, if another company had had that success instead of Microsoft, their software would be the main target, and people would find ways to exploit it. Certainly, software can be made more secure, and Microsoft has stumbled in that arena. Know this, security has a price, it's called functionality and backwards incompatibility. Obviously, there must be a balance.
--
DAMOX | |
| | 
trisomy
Premium
join:2002-05-23
Houston, TX
·Comcast
| Re: This is really not about IE Excellent point dpmox. Furthermore human nature=human curiosity>human experience. When enough of our homo sapien sapien brethren succumb to burned finger tips resultant from entering private data blindly solicited and opening email attachments reflexively likely many of these 'exploits' will be no more damaging than lit cigarette butts tossed mindlessly out of automobile windows...an occasional forest fire but not the consistent conflagration.
I can just see (hear) it now, the next generation cyber-parent, 'no, no, no junior, stay away from the attachment...you'll hurt yourself'! | |
| | 
ikarus1
Premium
join:2002-10-23
Urbanna, VA
| said by damox :
Certainly, software can be made more secure, and Microsoft has stumbled in that arena.
Know this... Microsloth did not stumble in that arena, they "$hit in your face" in that arena.
The problem is not in the browser. The problem is in the rights the person running the browser has by default. Microsoft would like you to believe the problem is with the browser. The problem runs much deeper than that, right to the core of the OS and the company philosophy....
-m-
--
»www.freeantennas.com | |
| 
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
1 edit | Root Cause and Is FireBird really any better? There is a general need in the IT profession for programmers and engineers to have greater management and analysis authority over development expenditures and schedules -- and for marketing types, stock promoters, and pure bureacrates to have less.
How many person-hours of research did it take to discover this vulnerability in IE?
How many person-hours of research have been put into finding security problems with FireBird, Opera and Netscape?
Until equivalent hours of research have been put into the effort, nobody can render a professional opinion on the quality of security in FireBird, Opera or Netscape as regards security exposures.
For now all anyone can really say is that, if a feature is left out it can't be exploited.
And that to the limited extent that "security by obsurity" works, using lesser known and lesser researched products takes advantage of it. | |
| | 
tyspeed29
Premium
join:2001-01-04
Simi Valley, CA
clubs:
 ·AT&T U-Verse
1 edit | Re: Root Cause and Is FireBird really any better? They are working on it. In XP SP2 they have changed alot of the security options. And you really can't blame the makers of IE. As the most used browser, they continuely get bombarded with people trying to exploit the browser, which is not the fault of the makers of IE, they can only fix it as the problem arrises. SO if your interested, go on the web and search for SP2, huge file to download. | |
| 
Cheddarhead
Ain't Nuthin But A Thang
join:2002-02-19
Hudson, WI
·Comcast
| IE is still the prefered browser I use the google toolbar, and roboforms... and on and on. They aren't compatible with Mozilla, or Opera etc... otherwise, I may consider switching. I do have firebird and opera on my PC just for a change of pace, and the tabbed browsing, which I like alot.
--
AMD Athlon XP 1800+60 Gig Seagate512 DDRGeforce FX 5200 Ultra19" TrinitronDVD-R/CDRW drive1.5/256 Cable | |
| |
See 7 replies to this post | |
| | stufried
Premium
join:2003-10-13 | Re: Use Mozilla/Firebird I got the same box on regular old Mozilla 1.6 | |
| 
Spazmoto
Dark Flow
join:2003-08-22
| Already This already happened to me. I visited some stupid Spanish site, and downloaded a zip, it looked like a zip, but it was really an exe. No doubt it was filled with bs. I swear, don't go to any site that is written in Spanish, 9 times out of 10 you will come away with crap spyware or trojans.
--
"...Your effort to remain what you are is what limits you..." | |
| 
mario55
join:2002-02-12
Pompano Beach, FL
| IE users anonymous hi, my name is mario, and im an IE user. been trying to get off of IE, but i always find myself useing it again. i like to make my browser as thin as possible. i don't use outlook for mail
i use Netscape for mail, but i don't use Netscape to browse. so um, what should i try ?
yours truly,
IE addict | |
| | 
ryan291941
@Dial1.Seatt
| IE user heh, i find it silly whenever i hear some1 say "well thats why i use (put alt. browser here)". come on, if u are knowledgeable enough to know that internet explorer is not the only browser out there, you should also know how not to get infected with viruses. | |
| | | 
Vchat20
Landing is the REAL challenge
join:2003-09-16
Warren, OH
clubs: | IE all the way i hate to go against the crowd, but im staying with IE. main reason is cuz most of the things i do on the net require ie for certain reasons. if i didnt need it so much, id be on netscape right now. | |
| |
ikarus1
Premium
join:2002-10-23
Urbanna, VA
| Re: IE all the way said by Vchat20 :
i hate to go against the crowd, but im staying with IE. main reason is cuz most of the things i do on the net require ie for certain reasons. if i didnt need it so much, id be on netscape right now.
That is precisely the point, isn't it? It is BECAUSE MICROSLOTH SETS THINGS UP THE WAY THEY DO THAT YOU IDIOTS ARE SO VULNERABLE AND IT IS BECAUSE YOU IDIOTS CONTINUE TO ACCEPT THAT, THAT WE ALL SUFFER THESE BOMBARDMENTS
If you didn't need it so much... but you do don't you? Why do you need it, well YOU NEED IT BECAUSE IT IS FULL OF SECURITY VULNERABILITIES THAT LET YOU DO THINGS WHICH ANY COMPUTER SCIENCE MAJOR KNOWS ARE UNWISE BUT MICROSUX KNOWS YOU WILL ACCEPT THE PROBLEMS FOR THE CONVIENENCE.
The sadest )(&^*%#$&I^%@$ part of all is Microsoft is right and demonstrates yet another time there is one born every minute.
-m-
--
»www.freeantennas.com | |
| | | 
Pope Torak
Fnord
join:2001-09-23
North Richland Hills, TX | Re: IE all the way shut the *@#*$ up.
you @$*#
just because i want and like IE doesnt meant you can call me names.
--
P3 1000, 512 PC133, Asus CLUC2, GForce2, WinXp Pro Pope Torak -3rd | |
| | | scomps
join:2001-06-05
Utica, NY
| said by ikarus1 :
That is precisely the point, isn't it? It is BECAUSE MICROSLOTH SETS THINGS UP THE WAY THEY DO THAT YOU IDIOTS ARE SO VULNERABLE AND IT IS BECAUSE YOU IDIOTS CONTINUE TO ACCEPT THAT, THAT WE ALL SUFFER THESE BOMBARDMENTS
(lots of ranting snipped)
Uhm yes. Did we get up on the wrong side of the litterbox today? Good to see maturity and rational arguements are once again creeping back into the forums.
--
Scott Johnson -- developer of MWall. Contact me for more information. | |
| rx7mike
join:2004-01-23
West Bend, WI
| Answer for all of you Ditch all our browsers.....get a good unix shell account.......browse the web from your shell textually.....then you dont have to worry about pop-up's or pages taking to long to load......or pretty much any other exploit.If people wouldnt be so lazy as to have to have everything point and click.the web would be much safer. back just a short 10 years ago htere were very few people using the internet because for one it was just not easy to use. you couldn't be a "dummy" and get on the internet.You have other options as well. You can make your own browser. Sounds complicated. Well it is. But if your so damn worried about exploits then do something about it. Sitting here bitching that microsoft dont do this or dont do that will not help you.Get off your own ass and do something about it.I use my own browser 90% of the time.If something dont load on a page its probably not anything I want to see anyway.The people who have to wory most about the exploits are the people going to "warez", or "crack" sites.That is where your most likely to run into a problem. And if your such a good law abiding citizen you shouldnt be there anyway.My point is people create there own problems 98% of the time.Stupidity is the major cause of those problems. Dont worry though if they patch it .someone will make a better dummy to find a hole. | |
| | | 
Rossz
join:2002-12-12
Dublin, CA
| Vulnerability & Popularity A large number of people are saying IE is being targeted because it is popular. Wrong. It is targeted because it is easy. You want proof? No problem.
Most websites run on Apache. In fact, Apache runs three times more websites than all other web servers combined. That would make it the logical target for script kiddies. So where are the panicked reports of Apache hacking? What happened? Yes, there have been reports of vulnerabilities. They were discovered and reported -- and a patch (that worked - what a concept) was typically available within 24 hours.
The script kiddies don't target Apache because it's too hard. They target Microsoft IIS. They target IIS because it is easy. They are successful in cracking into IIS systems rather often. Too often. When a vulnerability is discovered, Microsoft takes their sweet time to release a patch, giving the kiddies lots of time to play. When the patch is released, it usually causes more problems than it fixes.
Expecting security in a Microsoft product is like expecting a gourmet meal at McDonalds because they are also popular. | |
| 
Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
clubs:
·Verizon Online DSL
Host:
Site Tools
W.O.W.
FairPoint
World of Warcraft
Alltel Axcess
1 edit | Great slashdot quotes i knew it (Score:5, Funny)
by jester42 (623276) * on Friday January 30, @05:04AM (#8133062)
i always knew that those hyperlinks were a bad security problem. Web designer should really avoid those propietary 'href'-tags for security reasons.
I haven't clicked links for YEARS! (Score:5, Funny)
by TrollBridge (550878) on Friday January 30, @06:42AM (#8133439)
(»slashdot.org/ | Last Journal: Friday November 14, @03:56PM)
Goatse trolls on Slashdot taught me not to click hyperlinks LONG before they became a security issue!
comment on this link:
»support.microsoft.com/default.as···D;833786
Absolutely hysterical (Score:5, Insightful)
by BigRedFish (676427) on Friday January 30, @05:47AM (#8133256)
I'm laughing so hard I can't type. Hang on... OK. This MS article is so wrong I don't even know where to begin... How about here:
The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself.
Is MS going to issue a patch to disable hyperlinks then? If you can't click hyperlinks, doesn't IE cease to meet the definition of a browser? Look at the bright side, finally Netscape has closure.
Now, from the "but it's so easy to use" department:
Make sure that the Web site uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) and check the name of the server before you type any sensitive information. [....] By checking the name on the digital certificate user for SSL/TLS, you can verify the name of the server that provides the page that you are viewing. [...] double-click the lock icon, and then check the name that appears next to Issued to. If the Web site does not use SSL/TLS, do not send any personal or sensitive information to the site. If the name that appears next to Issued to is different from the name of the site that you thought provides the page that you are viewing, close the browser to leave the site.
Huh? Does anyone expect Joe Luser to understand that? Checking the certificate against the stated URL and the IP address supplied by a DNS lookup of that URL seems rather straightforward. Someday, someone ought to invent a machine to do things like that. We could call it a computer. A computer might also be able to display the actual site name an nothing else, rather than allowing it to be spoofed in any way, eliminating the need for such manual babysitting.
From the "but it's so easy to use" department, take two:
In the Address bar, type the following command, and then press ENTER:
javascript:alert("Actual URL address: " + location.protocol + "//" + location.hostname + "/");
I see. We just proved this week that a huge segment of the Windows user base still hasn't learned about attachments. But grandma, who wants to look at the pictures of her grandchildren, is expected to be a Java programmer. There must be some incredible acid floating around Redmond. A complete break from reality, this is.
--
Everyone is entitled to their opinion. Of course, they're entitled to be blithering idiots at the same time.
What this country needs is a good five dollar plasma weapon.
| |
| 
linicx
Caveat Emptor
Premium
join:2002-12-03
United State
·CenturyLink
| Do you remember IE 3.0? Before IE 3 there were no executable nasties. This was before VBS. I believe it was also before the Word.doc macro virus. I won't even mention the furor VBS created in the security community for months before it was released. Every fear these fine folks expressed about VBS has come to pass and in some cases the outcome was worse than predicted.
»www.sans.org/ is a security site that lists exploits and/or patches for every computer system every day 24/7. Microsoft exploits have increased more than 1000% in five years whereas Unix has remained about the same as has Sun and SCO. Linux exploits have increased but not nearly to the degree MS exploits have, plus, Linux exploits are are patched as quickly as in less than five minutes. When it comes to security and patching holes, the laggard appears to be Bill Gates and Microsoft.
I use IE and OE by choice, but, and this is the big exception -- I do not use it on any machine running a M$ operating system. Therefore my computer is not vulnerable to worms, viruses, trojans, back doors, or any other malware aimed at Bill Gates' products. This is my solution
The simple fact is that Bill Gates cannot support a zillion hardware manufacturers, and a zillion software manufacturers, plus ME, 2000, NT 1-5, Windows 1.0- W98se, Word 1-10, OE 1-6, IIS and be secure. It is impossible, it is not going to happen now or ever. The only POSSIBLE WAY for Bill Gates to produce a secure product is to build every inch of it from idea to the machine it is installed on -- and even then there is no guarantee.
But it is a beginning. | |
| | 
alien9999999
Your Head Looks Nice
Premium
join:2002-05-21
B-3000 | Re: Do you remember IE 3.0? that doesn't make any easy money... | |
| | | |
|
|
Another IE Exploit
Re: Scary!
My Posting Tag says it all!:D
·
Re: it's gonna happen.....
Use Mozilla/Firebird