Skip to comments.Secunia warns of flaws in IE
Posted on 01/08/2005 9:48:47 AM PST by holymoly
Disable Internet Explorer Active X support, turn off the "drag-and-drop" or "copy-and-paste files" option across a domain, or switch to another Web browser unless you want to face a Hack attack on your PC, warns the security firm Secunia. They have discovered three very critical flaws in the IE and have issued security notice on its website.
The company has rated the flaw as of a very high risk nature and has said that this is their last warning for people to secure their data. The flaw affects IE 6, and can enable hackers to run pornographic dialers to be dialed from the users computer without their knowledge said Thomas Kristensen, Secunia's chief technology officer. He said that only those flaws that can let someone manipulate users machine without users intervention get such high rating.
Even PCs with Microsoft's Service Pack 2 patch are vulnerable to be attacked.
The company has also said that Microsoft has been aware of this flaw for at least two months now but they have not yet come up with a security patch. The exploit code for one of the three vulnerabilities, a flaw in an HTML Help control, was already published on the Internet on Dec. 21.
Commenting on this Microsoft officials said that an incomplete patch can at times be worse than no patch at all. They want to thoroughly test the patch and it should be well engineered. This will take sometime
These flaws have made a big dent in Microsofts already battered image when it comes to security.
And now Bill and the Gang want to charge you for their own spyware/antivirus fixes!!! They want you to subscribe to their program so they can charge you to fix their vulnerabilities. Is this a great country or what?!
Disable Internet Explorer completely and use the Mozilla Firefox web browser.
I already have moved to Mozilla...What a difference!
Microsoft's corporate culture made viruses, spyware and viruses the phenomenon they are today.
I refer to the determination among managers and supposedly genius-level, supposedly "responsible" employees -- from the highest to the lowest -- to downplay and whitewash obvious problems in the evolving architecture. Their goal was to avoid saying anything that rocked the boat, in order to vest and cash out their stock options. That attitude influenced the company's judgment when developing IE and Active-X, and made today's situation possible.
Active-X should never have been let loose on the world in its present form; the "fixes" are small bandaids on a gaping security wound.
One of these days, AGs will grow balls and sue Microsoft for deliberately putting consumers at risk, by igoring obvious flaws in its products. The agreements that people must sign when installing a Microsoft product do not and should be allowed to exclupate Microsoft from deliberate negligence.
Correction: Microsoft's corporate culture made viruses, spyware and hacking the phenomena they are today
I pretty much have as well. Mozilla is far from perfect, (and still use IE for a couple of things), but the ad/popup blocking is worth its troubles.
"The nytimes.com domain is in my Trusted sites zone so that I can read The New York Times free every day (fantastic deal, I think). The free registration and cookie required to access the content at The New York Times web site are a modest "price" to pay for daily access to one of the world's great newspapers."
I do hope the information in this article from Eric L. Howes at the University of Illinois is better than the choices he makes in life. ;)
Pinging the techs.
Is firefox web browser free?
After reading this I did a quick check and found that I had one entry under my trusted sites: http://free.aol.com
I never put this under trusted. Did it get there from the IE sp2 etc...? Or it it there because AOL uses IE?
I don't have AOL as a provider.
I'm removing the entry now.
I'm not computer savvy, how does one disable IE? I do have Firefox downloaded, but it didn't seem to work as well with the accelerator on my ISP (earthlink). Any help appreciated!
But I'm also wathing the NFL playoffs, so I'm a bit distracted. ;)
Listen to Mom! Be careful.
That is true as far as it goes, but if you don't change your default browser, IE will launch whenever you click on a hot link. Download Firefox and install it. When you launch it for the first time you will get a notice that asks if you want to set Firefox as your default browser. Check the box, and you have for the most part throttled Microsoft's Insecure Explorer...
And while you're there, download Thunderbird for a better email client than Outlook Distressed ever dreamed of being...
Thanks for the Thunderbird link. I'll try working with Firefox some more....
Ping. Maybe we should give Firefox/mozilla another try.
This possibly is due to a default setting in Mozilla/Firefox/Netscape 7.2. Accelerators (some anyway, not sure what Earthlink's does) typically work by caching web pages and then pumping the information your way in multiple streams. Mozilla for some reason chose to have pipelining turned off by default. Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading. (This reallly makes a difference when you have DSL/Cable access!)
Mozilla/Firefox pipeline settings
1.Type "about:config" into the address bar and hit return. Scroll down and look for the following entries:
2. Alter the entries as follows (right click the setting and select 'modify'):
Set "network.http.pipelining" to "true"
Set "network.http.proxy.pipelining" to "true"
Set "network.http.pipelining.maxrequests" to some number like 30. (This means it will make 30 requests at once.)
Here's what I use (your mileage may vary - try other settings to find optimum..)(With your dial-up you might just want to try turning on pipelining and keep the default settings for connections at first, my settings work well with my DSL connection)
SETTING NAME: New Value (default setting)
network.http.max-connections: 48 (24)
network.http.max-connections-per-server: 24 (8)
network.http.max-persistent-connections-per-proxy: 12 (4)
network.http.max-persistent-connections-per-server: 6 (2)
network.http.pipelining: true (false)
network.http.pipelining.maxrequests: 32 (4)
network.http.proxy.pipelining: true (false)
To return any setting back to the default setting, right click the setting and select 'reset'.
Hope this helps. (Let me know how this works for you...)
I will give it a try and let you know. It's strange, but I went on Firefox today, and it seems to be working better and faster. I have no clue as to why....lol. I am saving your message so I can take a look. Thank you so much for helping me out! You have no idea how much I appreciate it.
My personal opinion is that if someone creates a web page that will not load in all browsers, they must not want me to view it, so I don't try. Some companies have lost a sale because of that, but that's their choice! < /rant>
It's possible that the last time you tried Firefox you were trying to view a page or site that was created using some of Microsoft's stuff and wouldn't come up. This means that you still have to keep IE hanging around just in case you want to see some of these sites...
One other item that I don't know for sure if Mozilla's site makes clear. Java is not included with the download for Mozilla or Firefox. If you don't have a Java plug-in already on your machine, you must get the plug-in separately. Here is the link to Sun's Java Download page. You want to click the "Download J2SE JRE" link. Read the install instructions and Read Me on that page before you install. And you'll need the usual plug-ins like QuickTime, Shockwave and Flashplayer when you run into pages that use that content.
Hope all this hasn't confused you too much!