Free Republic

It could allow an attacker to download malicious content onto vulnerable PCs (IDG NEWS SERVICE) A computer security researcher and an antivirus company are warning Microsoft Corp. customers about an unpatched hole in the company's Internet Explorer Web browser that could allow a remote attacker to bypass security warnings and download malicious content onto vulnerable systems. The warnings came after the hole was identified on the Bugtraq Internet security discussion list by someone using the name "Rafel Ivgi." The hole affects Internet Explorer Version 6.0.0, including the version released with Windows XP Service Pack 2. The vulnerability allows malicious attackers...

Disable Internet Explorer Active X support, turn off the "drag-and-drop" or "copy-and-paste files" option across a domain, or switch to another Web browser unless you want to face a Hack attack on your PC, warns the security firm Secunia. They have discovered three very critical flaws in the IE and have issued security notice on its website. The company has rated the flaw as of a very high risk nature and has said that this is their last warning for people to secure their data. “The flaw affects IE 6, and can enable hackers to run pornographic dialers to be...

Search engine operator Google has blocked ads that attempt to exploit security holes in the Internet Explorer. In the past few days, Google has been displaying context-sensitive ads on the right margin from its program partner AdWords that link to sites with dangerous JavaScript for various search terms such as "Preisvergleich" (price comparison) and "Gebraucht PC" (used PC). If you clicked on one of the links in the Internet Explorer, a JavaScript attempted to install spyware on your system. And the normal list of hits also included a lot of sites with Trojans. This Monday, Google reacted to the problem...

For a market segment Microsoft was said to have won decisively in the mid-1990s, the company spent a lot of time in 2004 putting out fires on the browser front. Like the ghost of the Netscape browser rising to haunt its slayer, Firefox emerged with a vengeance from the Mozilla open-source group, which was founded by Netscape in 1998 and last year spun off by parent company Time Warner. Firefox started off the year a prerelease, name-challenged project by a group that had lost much of its credibility after chronic delays and significant setbacks. But Firefox ended 2004 as a...

Remember those days back in 1995, when Netscape Navigator was synonymous with internet? That was the time when Microsoft’s Internet Explorer entered the market for a head-on collision with the Netscape Navigator. That was Browser War –I. Now the battle was reignited by the fire of FireFox, internet browser of Mozilla. This is the beginning of the Browser War –II. And it appears that this time Microsoft is losing it. Internet Explorer is rapidly losing market share. OneStat.com a company in Amsterdam had conducted a worldwide survey in late November. The survey shows that Internet Explorer's share dropped to less...

Even SP2 versions of Microsoft's Internet Explorer are vulnerable to a spoofing exploit published yesterday. A vulnerability researcher posted details of a dangerous Internet Explorer (IE) flaw on Thursday that allows phishers to spoof Web sites more realistically than ever before. According to security company Secunia, Paul from Greyhats -- a research group -- has published details of a vulnerability that can be exploited to spoof the content of any Web site. Using the exploit, scammers are able to manipulate all versions of IE, including Windows XP SP2 -- the latest and most secure version of the browser -- and...

Microsoft published a patch for Internet Explorer on Wednesday, aiming to close a month-old hole that has been used by viruses to spread and by an ad banner attack to compromise PCs.The vulnerability, dubbed the Internet Explorer Elements flaw by Microsoft, had previously been called the iFrame vulnerability. The issue--which does not affect Microsoft's major Windows XP security update, Service Pack 2--could allow an attacker to take control of a victim's PC, if the user is logged on as an administrator. Most home users tend to log onto Windows as administrators. A Microsoft representative said the software giant had released...

A new spoofing flaw in Microsoft's Internet Explorer browser allows an improperly coded web link to send users to a diffferent URL than the one displayed in the status bar. The flaw, which was posted to the Bugtraq mailing list by Benjamin Franz, is exploited by placing two URLs and a table within a single HTML href tag, producing a link that looks like this: http://www.microsoft.com displaying http://www.microsoft.com in the browser, but sending the user to Google. Franz says the exploit works in fully-patched versions of Internet Explorer and Outlook Express, meaning the HTML code can be used to...

Blake Ross is lounging at his parents' Florida Keys condo, thinking ahead to his first day back at Stanford. His goal for his sophomore year: nothing less than to "take back the Web" from Microsoft (MSFT).You might think the shy 19-year-old is outmatched. Think again. Ross, a software prodigy who interned at Netscape at age 14, is the lead architect behind Mozilla's Firefox -- a revolutionary new browser that's catching on the way Mosaic did in 1993. In beta for the past four months, Firefox version 1.0 is set to be released in November. With that, Ross will issue the...

PASADENA, Calif. (AP) - Northrop Grumman Space Technology has been selected to help NASA design a nuclear-powered spacecraft to orbit and explore three moons of Jupiter that may have oceans beneath their icy surfaces. The $400 million contract with the Redondo Beach, Calif.-based unit of Northrop Grumman covers work through mid-2008, NASA's Jet Propulsion Laboratory said Monday. The Prometheus Jupiter Icy Moons Orbiter spacecraft will be designed to explore Callisto, Ganymede and Europa sometime in the next decade, after launching in 2012 or later. Scientists want to know what the big moons are made of, their history and whether the...

Microsoft Corp. released a free software update yesterday to close vulnerabilities that left users of its Internet Explorer browser open to attacks by hackers. The security breach, discovered last week, made it possible for users of Microsoft's ubiquitous Web browser to have their passwords and private account information stolen when they logged on to banking sites.

The Web attack that was stopped dead in its tracks on Friday when a Russian Web site was taken offline remained under investigation Monday by a host of security firms still puzzled over the method used to infect a number of Microsoft Internet Information Services (IIS) servers. But the evidence now is leading them to accept Microsoft's explanation that the IIS 5.0 servers were hacked manually and that the server software doesn't have an unknown, or so-called "zero-day," vulnerability. "Nobody yet knows how these servers were infected," said Ken Dunham, the director of malicious code research at iDefense. "But if...

Handler's Diary June 29th 2004Updated June 29th 2004 18:17 UTCBHO scanning tool and New Scam Targets Bank Customers ------------------------------------------ Browser Helper Objects (BHO) scanning tool ------------------------------------------ BHODemon is a free tool that will list all Browser Helper Objects that are installed on a Windows system by scanning the registry and give you the ability to disable them. This will also list "good" BHOs as well, but nevertheless is a useful tool in detecting and disabling malicious software. It is available at: http://www.definitivesolutions.com/bhodemon.htm ------------------------------- New scam targets bank customers ------------------------------- On June 24th, a visitor to the SANS Internet Storm Center...

I need computer help.I am running Windows XP and have IE 6.0.2800 as my browser. This evening, when I wanted to perform a web search, I noticed that my search engine is now DRSN Search, which I assume is some kind of spyware that somehow got loaded onto my PC. How the heck do I get it off my PC, and return to the other search engines I used to use? I cannot seem to find anywhere in IE that permits me to change back. Thanks for your help.

SYDNEY (Reuters) - It was a great legend while it lasted, but DNA testing has finally ended a century-old story of the Hawaiian arrow carved from the bone of British explorer Captain James Cook who died in the Sandwich Islands in 1779. "There is no Cook in the Australian Museum," museum collection manager Jude Philp said on Thursday in announcing the DNA evidence that the arrow was not made from Cook's bone. But that will not stop the museum from continuing to display the arrow in its exhibition, "Uncovered: Treasures of the Australian Museum," which does include a feather cape...

Vulnerability Note VU#323070 Microsoft Internet Explorer does not properly validate source of CHM components referenced by ITS protocol handlers Overview Microsoft Internet Explorer (IE) does not adequately validate the source of script contained in compiled help (CHM) file components that are referenced by the Microsoft InfoTech Storage (ITS) protocol handlers. An attacker could exploit this vulnerability to execute script in different security domains. By causing script to be run in the Local Machine Zone, the attacker could execute arbitrary code with the privileges of the user running IE. I. Description The Cross Domain Security Model IE uses a cross-domain security...

Explorer Madog 'never existed' Feb 27 2004 Darren Devine, The Western Mail A CONTROVERSIAL new book has rubbished claims that a Welsh explorer Prince Madog discovered America hundreds of years before Christopher Columbus. The story of the prince fleeing to America in about 1170 after his father King Owain's death unleashed a battle for the succession has held sway over popular imagination in Wales for centuries. But Did Prince Madog discover America? claims the explorer did not even exist and attempts to credit him with finding America were simply made to deny Spain's claim to the country. Author Michael Senior,...

InformationWeek Danish information security consulting firm Secunia is warning Microsoft Internet Explorer users of a vulnerability that could enable Internet fraudsters to create more-realistic and authentic-looking fake Web sites. Secunia says it has found an "input validation" error in Internet Explorer. By exploiting this vulnerability, known as a URL-spoofing vulnerability, attackers can display any URL name they wish in the address and status bars of IE. This flaw would make it appear to Internet users that they're visiting a banking Web site, for example, when that site is actually a front for fraudsters attempting to collect sensitive financial information. Secunia...

Internet Explorer URL Spoofing Vulnerability Secunia Advisory: SA10395 Release Date: 2003-12-09 Last Update: 2003-12-11 Critical: Moderately critical Impact: ID Spoofing Where: From remote Software: Microsoft Internet Explorer 6 Description: A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars. The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL. Successful exploitation allows a malicious person to display an arbitrary...

Eolas Technologies, which has the rights to a browser plug-in patent, has filed a motion to permanently stop Microsoft distributing Internet Explorer browsers that infringe the patent Eolas Technologies on Monday filed a motion to permanently enjoin Microsoft's distribution of its Internet Explorer browser amid a flurry of court filings by both sides in the pivotal patent infringement case. Eolas, the sole licensee and sublicensor of a browser plug-in patent owned by the University of California, asked the US District Court in Chicago for an injunction against distributing copies of IE capable of running plug-in applications in a way the...