[quote]netcraft.com: A new security hole in Internet Explorer exploit allows hackers to gain control of a user's computer when they click on a hyperlink, even while using a fully-patched version of IE6. An exploit using the technique, which employs a complex series of Javascript, VBScript and PHP code, has been published on the Web and is being discussed in several security mailing lists.
The attack splices together multiple weaknesses in Internet Explorer, including at least one known but unpatched flaw and several new ones. The scripting cocktail tricks the browser into running code from a remote web server as though it were a local help file, and can then install a trojan of the attacker's choice on the compromised system.

The exploit is launched when a user clicks on a malicious link in an e-mail or web page. Internet Explorer launches a pop-up window with an "iframe" tag, which is commonly used to display text or interactive features in a floating window. The code tricks the browser into thinking the iframe contains a help file from the user's hard drive, while downloading a javascript that can then run with local privileges. The javascript then launches a remote php file, which in turn downloads a trojan to the user's hard drive. A complete analysis of the exploit and how it works can be found here.[/quote]

Time for people to apply better security settings. I only have a couple web sites which I allow to use those types of things. You also shouldn't be running your browser with administrative access.

Download and install this program and you won't have to worry about any more IE vulnerabilities.

Yep, FIrefox all the way. Kills the dumbass popups too.

[quote author=Thing link=board=2;threadid=7235;start=0#msg65030 date=1087140383]
Download and install this program and you won't have to worry about any more IE vulnerabilities.
[/quote]I agree. I was using a fully patched IE6 and still managed to get hijacked. I started using Firefox back when it was still in its early stages as 'Phoenix'. Haven't went back since.

I've used firefox and Opera on Windows and Linux, and I actually prefer Opera on both platforms. But they're both good :)

Just downloaded FireFox, it's neat :P

Edit - It seems to be tons++ faster than IE

[quote author=UserLoser. link=board=2;threadid=7235;start=0#msg65052 date=1087152470]
Just downloaded FireFox, it's neat :P

Edit - It seems to be tons++ faster than IE
[/quote]

It seemed to open much slower on my computer. :\

I use FireFox and IE. :)

There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?

[quote author=Mephisto link=board=2;threadid=7235;start=0#msg65094 date=1087172647]
There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?
[/quote]

Because Microsoft made it

[quote author=Mephisto link=board=2;threadid=7235;start=0#msg65094 date=1087172647]
There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?
[/quote]

Ah yes, lets use it just because it is award winning.

Winning of what awards?

[quote author=warz link=board=2;threadid=7235;start=0#msg65097 date=1087174055]
Winning of what awards?
[/quote]

Microsoft's Trusted Computing Performance award, of course. :)

There's nothing wrong with Internet Explorer -- have you read the first post in this thread?

[quote author=Mephisto link=board=2;threadid=7235;start=0#msg65094 date=1087172647]
There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?
[/quote]

Here's a good reason not to use I.E. but they may have fixed this already.
http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=55
http://www.tjhsst.edu/~agupta/ecard-hijack/

I'd say those exploit stupid people just as much as they do IE. Who in their right mind would click on one of those links? I use IE & Firefox as well - IE most of the time.

I love the ctrl-t thing mozilla has but im to used to clicking on the IE icon. I tried replacing it mozilla's so we will see how that works out.

[quote author=muert0 link=board=2;threadid=7235;start=0#msg65169 date=1087198624]
[quote author=Mephisto link=board=2;threadid=7235;start=0#msg65094 date=1087172647]
There's nothing wrong with Internet Explorer. I prefer it over the other Browsers. And why do you think it's the "Award Winning Browser"?
[/quote]

Here's a good reason not to use I.E. but they may have fixed this already.
http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=55
http://www.tjhsst.edu/~agupta/ecard-hijack/
[/quote]

They aren't going to fix that for sure, because it's not a problem. The correct form for a url is
[protocol]://[username]:[password}@[host]/[path]
We just happen to use the shortened form which automatically logs in as anonymous. Every browser should let that happen.

What a coincidence. Look what I just received this morning:

[quote]Received: from scott ([201.128.172.254])
by mail.vpnsys.net (Merak 7.4.2) with SMTP id HRA74455
for <my email address>; Mon, 14 Jun 2004 10:38:07 -0500
Message-ID: <kvplwqymfq.3423215093uluwnz@Scmercerjwpvcrkrl.com>
From: "Scmercer" <servicetastefully@usbank.com>
Date: Mon, 14 Jun 2004 10:32:59 -0600
To: my email address
Subject: [Spam] U.S. Bank Important Warning Message
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset=iso-8859-1

<HTML><BODY bgcolor=

#f4f2ee><DIV><TD height=47><IMG hspace=10 src=

"https://www4.usbank.com/internetBankingStatic/images/logo.gif" border=0></TD><P><B>
<SPAN style="FONT-SIZE: 12px; COLOR: #000066; FONT-FAMILY: 'Arial, Helvetica, Verdana';">
Dear U.S. Bank valued customer,<font color=

"#fffff1">Uraniaresidences</font><br><br>
Due to concerns, for the safety and integrity of the online banking community we have issued this warning message.<br><br>It has come to our attention that your account information needs
to be updated due to inactive customers, fraud and spoof reports.<br>If you could please take 5-10 minutes out of your online experience and renew
your records you will not run into any future problems with the online service.<br>However, failure to update your records may result in your account suspension.
This notification expires on June 15, 2004<br><br>Once you have updated your account records your internet banking
service will not be interrupted and will continue as normal.<br><br>Please follow the link below
and renew your account information.<br><br><a hrefMunseyhref=http://megabyte.com href=

"http://www.usbank.com
@202.39.13.130/www/us/verify.html" onMouseMove="window.status='http://www.usbank.com/internetBanking/RequestRouter?requestCmdId=DisplayLoginPage';return true;" onMouseout="window.status=''">http://www.usbank.com/internetBanking/RequestRouter?requestCmdId=DisplayLoginPage</a>
<br><br><br>U.S. Bank Internet Banking<font color=

"#fffff1">Palmyrastrait</font>[/quote]

Those sneaky guys. :P Maybe I'll follow that link and see what the heck is really going on later today.

I followed it, it will probably catch a lot of people too. :\

I was looking at the source for both that and the real bank site, and here they are in .txt:

www.valhallalegends.com/iago/bank/realbank.txt
www.valhallalegends.com/iago/bank/fakebank.txt

I didn't actually click the link since I only have ie at school and I don't want a virus, but it looks like the fake one either loads the real one or copies/pastes the source from the real one..

It was just an example of some of the crap some people try to pull off and those aren't the greatest examples. I guess really bad social engineering. But the people it does trick it really screws over. And a lot of older people who get computers just start going all over looking at anything and don't think twice about it.

[quote author=muert0 link=board=2;threadid=7235;start=15#msg65331 date=1087274306]
It was just an example of some of the crap some people try to pull off and those aren't the greatest examples. I guess really bad social engineering. But the people it does trick it really screws over. And a lot of older people who get computers just start going all over looking at anything and don't think twice about it.
[/quote]

The good thing is that people who don't understand computers often don't feel safe doing online banking. The ones who do get screwed, but they should know better :/

EW. Opera is decent, but has an advertisement, which is hard to get over. Firefox looks better than Opera because no advertisement, but I spent the last 10minutes trying to import my favourites to no success. I've got beef with these browsers.

Also, first thing I noticed is their lack of alt+d and ctrl+enter, EW.

Edit: Oh, and the link to the main forum, sub forum, topic etc at the top of the page all gets highlighted when I mouse over in Opera.

Don't forget to look up Mouse Gestures in Opera, they're very handy. For example, hold the right button and click left for back, and hole left and click right for forward -- very handy.

I already have special buttons for those :P

[quote author=Arta[vL] link=board=2;threadid=7235;start=15#msg65607 date=1087479014]
I already have special buttons for those :P
[/quote]

Me too, but they don't work in Linux.

There are also shortcuts for homepage, new window, search page, rewind/fast forward (all the way back or forward), and lots of other stuff. I just don't remember them all, I do them one at a time :)

I think this kinda goes here:
http://www.securityfocus.com/printable/news/8998

There's a Gestures plugin for Mozilla/Firefox as well.

[quote author=j0k3r link=board=2;threadid=7235;start=15#msg65589 date=1087470241]
EW. Opera is decent, but has an advertisement, which is hard to get over. Firefox looks better than Opera because no advertisement, but I spent the last 10minutes trying to import my favourites to no success. I've got beef with these browsers.

Also, first thing I noticed is their lack of alt+d and ctrl+enter, EW.

Edit: Oh, and the link to the main forum, sub forum, topic etc at the top of the page all gets highlighted when I mouse over in Opera.
[/quote]

Opera has advertisements? Where?! :P

Incidentally, what's wrong with the highlighting? It's not like it hurts your eyes.

[quote author=Stealth link=board=2;threadid=7235;start=15#msg67637 date=1088458419]
There's a Gestures plugin for Mozilla/Firefox as well.
[/quote]

That would be handy, but I still like Opera. *shrug*

Indeed, I've adjust to Opera, don't even notice the ad bar anymore it blends in with the top. There are some sites that don't support it though, so that sucks.

[quote author=j0k3r link=board=2;threadid=7235;start=30#msg67656 date=1088464797]
Indeed, I've adjust to Opera, don't even notice the ad bar anymore it blends in with the top. There are some sites that don't support it though, so that sucks.
[/quote]

But that's the site's fault :)

There was one site that said "Could not identify your browser blahblahblah", but I just told it to emulate MSIE 6, and it worked fine.

My Opera is set to simulate IE, however on sites such as bots2.net and gmai.coml it doesn't work, it's not that big of a concern though.

More info on the recent attacks: http://tms.symantec.com/documents/040624-Alert-CompromisedIISServerReports.pdf

<edit>
Also http://www.securityfocus.com/news/9004
The comment "Gates lies" is the first thing I thought of when I read this:
[quote]Gates Lies
by Daniel Convissor
Jun 29 2004 5:49AM

"the average time to fix on an operating system other than Windows is typically ninety to a hundred days,"

I'd love to know exactly what that absurd statistic means and where it came from. Did it come from the fake "think tanks" MS funds?

All of the major open source OS's I know are very prompt about issuing updates for security vulnerabilities.

"Today we have that down to less than forty-eight hours." Aw, cut it out. As has been mentioned here, there are tons of holes in MS software that haven't been patched. Let alone, the patches are issued once per month. [/quote]

<edit2> Another reference: http://www.securityfocus.com/news/8983
[quote]"Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the U.S. Computer Emergency Readiness Team warned in an Internet alert. [/quote]
So even trusted sites may spread it to you -- that's scary.

http://www.securityfocus.com/news/9054

To summarize -- the patch they released did nothing, you should disable active scripting, or, better yet, get a real browser :)

[quote author=iago link=board=2;threadid=7235;start=30#msg67785 date=1088530819]So even trusted sites may spread it to you -- that's scary.[/quote]

You have it backwards. Do you know what trusted means in this context? Trusted in the IE context is merely adding a website to a security grouping, granting that grouping's permissions to the website content on your browser.

That a trusted website can spread something to you is not scary -- it is stipulated by your trusting it that it can run higher permissions on your browser. What should be the scary is when untrusted websites can run higher security actions on your PC. That's why they are called vulnerabilities and exploits.

[quote author=Grok link=board=2;threadid=7235;start=30#msg68799 date=1089119665]
[quote author=iago link=board=2;threadid=7235;start=30#msg67785 date=1088530819]So even trusted sites may spread it to you -- that's scary.[/quote]

You have it backwards. Do you know what trusted means in this context? Trusted in the IE context is merely adding a website to a security grouping, granting that grouping's permissions to the website content on your browser.

That a trusted website can spread something to you is not scary -- it is stipulated by your trusting it that it can run higher permissions on your browser. What should be the scary is when untrusted websites can run higher security actions on your PC. That's why they are called vulnerabilities and exploits.
[/quote]

I didn't mean "trusted" as in the browser group, I mean a site that you wouldn't think twice about going to on an unsecured machine. For example, www.valhallalegends.com, if it was running the insecure software, could have been infected, and I could have taken an unpatched browser there without thinking twice about it, gotten the virus, and had no idea.

That's what I meant was scary.

opera rules!