Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Secunia warns of flaws in IE
Earthtimes.org ^ | 2005-01-08 | Chaney. R

Posted on 01/08/2005 9:48:47 AM PST by holymoly

Disable Internet Explorer Active X support, turn off the "drag-and-drop" or "copy-and-paste files" option across a domain, or switch to another Web browser unless you want to face a Hack attack on your PC, warns the security firm Secunia. They have discovered three very critical flaws in the IE and have issued security notice on its website.

The company has rated the flaw as of a very high risk nature and has said that this is their last warning for people to secure their data. “The flaw affects IE 6, and can enable hackers to run pornographic dialers to be dialed from the user’s computer without their knowledge” said Thomas Kristensen, Secunia's chief technology officer. He said that only those flaws that can let someone manipulate user’s machine without user’s intervention get such high rating.

Even PCs with Microsoft's Service Pack 2 patch are vulnerable to be attacked.

The company has also said that Microsoft has been aware of this flaw for at least two months now but they have not yet come up with a security patch. The exploit code for one of the three vulnerabilities, a flaw in an HTML Help control, was already published on the Internet on Dec. 21.

Commenting on this Microsoft officials said that an incomplete patch can at times be worse than no patch at all. They want to thoroughly test the patch and it should be well engineered. This will take sometime

These flaws have made a big dent in Microsoft’s already battered image when it comes to security.


TOPICS: News/Current Events; Technical
KEYWORDS: acivex; activex; browser; computersecurity; danger; exploit; explorer; feature; flaw; ie; internet; microsoft; msie; security; warning
FYI:
Internet Explorer Privacy & Security Settings
Tips for securing (hardening) Microsoft Internet Explorer, Versions 4-6.  From the University of Illinois at Urbana-Champaign.  (Many images; Dial-up users be patient.)

Alternative browsers:
Mozilla & Firefox
Opera

For more PC security-related links, see my FR homepage.
1 posted on 01/08/2005 9:48:47 AM PST by holymoly
[ Post Reply | Private Reply | View Replies]

To: holymoly

And now Bill and the Gang want to charge you for their own spyware/antivirus fixes!!! They want you to subscribe to their program so they can charge you to fix their vulnerabilities. Is this a great country or what?!


2 posted on 01/08/2005 10:03:58 AM PST by Shady
[ Post Reply | Private Reply | To 1 | View Replies]

To: Temple Owl

ping


3 posted on 01/08/2005 10:04:48 AM PST by Tribune7
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Disable Internet Explorer completely and use the Mozilla Firefox web browser.


4 posted on 01/08/2005 10:04:56 AM PST by xrp (Executing assigned posting duties flawlessly -- ZERO mistakes)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce; backhoe

tech bump


5 posted on 01/08/2005 10:06:55 AM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. )
[ Post Reply | Private Reply | To 1 | View Replies]

To: JoJo Gunn

I already have moved to Mozilla...What a difference!


6 posted on 01/08/2005 10:11:34 AM PST by Shady
[ Post Reply | Private Reply | To 5 | View Replies]

To: holymoly

Microsoft's corporate culture made viruses, spyware and viruses the phenomenon they are today.

I refer to the determination among managers and supposedly genius-level, supposedly "responsible" employees -- from the highest to the lowest -- to downplay and whitewash obvious problems in the evolving architecture. Their goal was to avoid saying anything that rocked the boat, in order to vest and cash out their stock options. That attitude influenced the company's judgment when developing IE and Active-X, and made today's situation possible.

Active-X should never have been let loose on the world in its present form; the "fixes" are small bandaids on a gaping security wound.

One of these days, AGs will grow balls and sue Microsoft for deliberately putting consumers at risk, by igoring obvious flaws in its products. The agreements that people must sign when installing a Microsoft product do not and should be allowed to exclupate Microsoft from deliberate negligence.


7 posted on 01/08/2005 10:12:46 AM PST by Tax Government (Boycott and defeat the Legacy Media. Become a monthly contributor to FR.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tax Government

Correction: Microsoft's corporate culture made viruses, spyware and hacking the phenomena they are today


8 posted on 01/08/2005 10:22:06 AM PST by Tax Government (Boycott and defeat the Legacy Media. Become a monthly contributor to FR.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Shady

I pretty much have as well. Mozilla is far from perfect, (and still use IE for a couple of things), but the ad/popup blocking is worth its troubles.


9 posted on 01/08/2005 10:33:31 AM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. )
[ Post Reply | Private Reply | To 6 | View Replies]

To: holymoly
Good post ... good web page ... good bookmark ... good guy ;)

Thank you

10 posted on 01/08/2005 10:37:30 AM PST by G.Mason (A war mongering, UN hating, military industrial complex loving, Al Qaeda incinerating American.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly
Re: Internet Explorer Privacy & Security Settings

"The nytimes.com domain is in my Trusted sites zone so that I can read The New York Times free every day (fantastic deal, I think). The free registration and cookie required to access the content at The New York Times web site are a modest "price" to pay for daily access to one of the world's great newspapers."

I do hope the information in this article from Eric L. Howes at the University of Illinois is better than the choices he makes in life. ;)

11 posted on 01/08/2005 10:51:07 AM PST by G.Mason (A war mongering, UN hating, military industrial complex loving, Al Qaeda incinerating American.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: G.Mason
Good post ... good web page ... good bookmark ... good guy ;)

Thank you


You're quite welcome. Glad you found some of it interesting/useful.
12 posted on 01/08/2005 11:00:52 AM PST by holymoly (Whatever)
[ Post Reply | Private Reply | To 10 | View Replies]

To: rdb3; Bush2000; ShadowAce; Nick Danger; Swordmaker

Pinging the techs.


13 posted on 01/08/2005 11:02:40 AM PST by Salo
[ Post Reply | Private Reply | To 1 | View Replies]

To: xrp

Is firefox web browser free?


14 posted on 01/08/2005 11:25:05 AM PST by processing please hold (Islam and Christianity do not mix ----9-11 taught us that)
[ Post Reply | Private Reply | To 4 | View Replies]

To: pbrown
Is firefox web browser free?

100% free. No strings attached. Just download, install, and surf the Net.
15 posted on 01/08/2005 11:26:41 AM PST by holymoly (Whatever)
[ Post Reply | Private Reply | To 14 | View Replies]

To: holymoly

After reading this I did a quick check and found that I had one entry under my trusted sites: http://free.aol.com

I never put this under trusted. Did it get there from the IE sp2 etc...? Or it it there because AOL uses IE?

I don't have AOL as a provider.

I'm removing the entry now.

Most curious


16 posted on 01/08/2005 11:29:45 AM PST by SirChas
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Thank you.


17 posted on 01/08/2005 12:51:57 PM PST by processing please hold (Islam and Christianity do not mix ----9-11 taught us that)
[ Post Reply | Private Reply | To 15 | View Replies]

To: xrp

I'm not computer savvy, how does one disable IE? I do have Firefox downloaded, but it didn't seem to work as well with the accelerator on my ISP (earthlink). Any help appreciated!


18 posted on 01/08/2005 12:56:04 PM PST by Annie03
[ Post Reply | Private Reply | To 4 | View Replies]

To: Annie03
I'm not computer savvy, how does one disable IE?

You can't disable it, per se. All you can really do is increase the various security settings, disable ActivX, etc. If you want to know more, I posted a link earlier with tips towards securing (hardening) MSIE.
19 posted on 01/08/2005 2:29:29 PM PST by holymoly (Whatever)
[ Post Reply | Private Reply | To 18 | View Replies]

To: holymoly

Thanks :)


20 posted on 01/08/2005 2:55:12 PM PST by Annie03
[ Post Reply | Private Reply | To 19 | View Replies]

To: Annie03
One thing I forgot - if your primary browser is not MSIE (you use Firefox, Opera, etc.), you may want to double-check that it is set as your "default" browser (if you haven't already). Other than that, I can't think of anything.

But I'm also wathing the NFL playoffs, so I'm a bit distracted. ;)

21 posted on 01/08/2005 3:12:35 PM PST by holymoly (Whatever)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Tribune7

Listen to Mom! Be careful.


22 posted on 01/08/2005 4:19:24 PM PST by Temple Owl (19064)
[ Post Reply | Private Reply | To 3 | View Replies]

To: holymoly
This is exactly the reason I'm reading this using Mozilla Firefox.
23 posted on 01/08/2005 5:43:00 PM PST by Malesherbes
[ Post Reply | Private Reply | To 1 | View Replies]

To: pbrown
Yes, it is free.

http://www.mozilla.org/

24 posted on 01/08/2005 6:53:51 PM PST by xrp (Executing assigned posting duties flawlessly -- ZERO mistakes)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Annie03
You disable IE by simply not using it.
25 posted on 01/08/2005 6:54:14 PM PST by xrp (Executing assigned posting duties flawlessly -- ZERO mistakes)
[ Post Reply | Private Reply | To 18 | View Replies]

To: xrp; Annie03
You disable IE by simply not using it.

That is true as far as it goes, but if you don't change your default browser, IE will launch whenever you click on a hot link. Download Firefox and install it. When you launch it for the first time you will get a notice that asks if you want to set Firefox as your default browser. Check the box, and you have for the most part throttled Microsoft's Insecure Explorer...

And while you're there, download Thunderbird for a better email client than Outlook Distressed ever dreamed of being...

26 posted on 01/09/2005 2:27:36 PM PST by NoCmpromiz (The only thing the French do well is wine and cheese, both of which are made better in California.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: NoCmpromiz

Thanks for the Thunderbird link. I'll try working with Firefox some more....


27 posted on 01/09/2005 2:36:46 PM PST by Annie03
[ Post Reply | Private Reply | To 26 | View Replies]

To: dAnconia

Ping. Maybe we should give Firefox/mozilla another try.


28 posted on 01/09/2005 2:37:50 PM PST by Annie03
[ Post Reply | Private Reply | To 1 | View Replies]

To: Annie03
it didn't seem to work as well with the accelerator on my ISP

This possibly is due to a default setting in Mozilla/Firefox/Netscape 7.2. Accelerators (some anyway, not sure what Earthlink's does) typically work by caching web pages and then pumping the information your way in multiple streams. Mozilla for some reason chose to have pipelining turned off by default. Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading. (This reallly makes a difference when you have DSL/Cable access!)

Try this:

Mozilla/Firefox pipeline settings
1.Type "about:config" into the address bar and hit return. Scroll down and look for the following entries:
network.http.pipelining, network.http.proxy.pipelining,
network.http.pipelining.maxrequests

2. Alter the entries as follows (right click the setting and select 'modify'):
Set "network.http.pipelining" to "true"
Set "network.http.proxy.pipelining" to "true"
Set "network.http.pipelining.maxrequests" to some number like 30. (This means it will make 30 requests at once.)

Here's what I use (your mileage may vary - try other settings to find optimum..)(With your dial-up you might just want to try turning on pipelining and keep the default settings for connections at first, my settings work well with my DSL connection)

SETTING NAME: New Value (default setting)
network.http.max-connections: 48 (24)
network.http.max-connections-per-server: 24 (8)
network.http.max-persistent-connections-per-proxy: 12 (4)
network.http.max-persistent-connections-per-server: 6 (2)
network.http.pipelining: true (false)
network.http.pipelining.maxrequests: 32 (4)
network.http.proxy.pipelining: true (false)

To return any setting back to the default setting, right click the setting and select 'reset'.

Hope this helps. (Let me know how this works for you...)

29 posted on 01/09/2005 3:09:59 PM PST by NoCmpromiz (The only thing the French do well is wine and cheese, both of which are made better in California.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: NoCmpromiz

I will give it a try and let you know. It's strange, but I went on Firefox today, and it seems to be working better and faster. I have no clue as to why....lol. I am saving your message so I can take a look. Thank you so much for helping me out! You have no idea how much I appreciate it.


30 posted on 01/09/2005 5:43:02 PM PST by Annie03
[ Post Reply | Private Reply | To 29 | View Replies]

To: Annie03
One thing to keep in mind: Microsoft in its effort to become king of everything has pushed what they call 'active content' in web pages, notably those authored using Microsoft Frontpage. This questionable 'technology' uses their proprietary "Active-X Controls". Since this is a non-standard function, most non-Microsoft browsers (meaning anything except Internet Exploder, er, Explorer) will have difficulty rendering pages with that content, or may not display them at all... (Active-X is what happens to a standard thng like Java after Microsoft 'extends its capabilities' thus making it something only THEY control. The Borg on Star Treck come to mind... It's also the biggest reason that IE is so insecure.)

My personal opinion is that if someone creates a web page that will not load in all browsers, they must not want me to view it, so I don't try. Some companies have lost a sale because of that, but that's their choice! < /rant>

It's possible that the last time you tried Firefox you were trying to view a page or site that was created using some of Microsoft's stuff and wouldn't come up. This means that you still have to keep IE hanging around just in case you want to see some of these sites...

One other item that I don't know for sure if Mozilla's site makes clear. Java is not included with the download for Mozilla or Firefox. If you don't have a Java plug-in already on your machine, you must get the plug-in separately. Here is the link to Sun's Java Download page. You want to click the "Download J2SE JRE" link. Read the install instructions and Read Me on that page before you install. And you'll need the usual plug-ins like QuickTime, Shockwave and Flashplayer when you run into pages that use that content.

Hope all this hasn't confused you too much!

31 posted on 01/09/2005 6:45:36 PM PST by NoCmpromiz (The only thing the French do well is wine and cheese, both of which are made better in California.)
[ Post Reply | Private Reply | To 30 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson