love those patches for earlier patches!

Post #117,321

9/10/03 8:21:54 AM

The vulnerability is similar in scope to those exploited by devastating worms such as Nimda, Badtrans and Klez, according to one security company. And, to make matters worse, the flaw is one Microsoft said it fixed weeks ago.

[...]

On August 20, Microsoft released a patch for IE, MS03--032, that it said closed the hole and patched other security holes in IE.

According to a message posted to a prominent security discussion group Sunday, however, the vulnerability still exists on machines using IE even after applying the patch. That message, posted by an individual using the name "http-equiv@excite.com," contained sample code that showed IE is still vulnerable to attack using the vulnerability from HTML pages that are created dynamically using computer script, like JavaScript, embedded in Web pages or e-mail messages.

[link|http://www.computerworld.com/securitytopics/security/holes/story/0,10801,84756,00.html|link]

lincoln

"Windows XP has so many holes in its security that any reasonable user will conclude it was designed by the same German officer who created the prison compound in "Hogan's Heroes." - Andy Ihnatko, Chicago Sun-Times
[link|http://users3.ev1.net/~bconnors/resume.htm|VB/SQL resume]
[link|http://users3.ev1.net/~bconnors/tandem_resume.htm|Tandem resume]
[link|mailto:bconnors@ev1.net|contact me]

Post #117,330

by Silverlock

9/10/03 10:08:49 AM

Finally someone gives usefull advice

Failing that, users should consider uninstalling the popular browser to protect themselves from attack, experts said.

-----------------------------------------
It is much harder to be a liberal than a conservative. Why?
Because it is easier to give someone the finger than it is to give them a helping hand.
Mike Royko

Post #117,339

by pwhysall

9/10/03 11:12:18 AM

Cackle.

I think users should also uninstall Windows Explorer, while they're at it; it has a terrible record for security.

Post #117,416

by rickmoen

9/10/03 11:37:06 PM

Real-world antivirus measures

Silverlock wrote:

Finally someone gives useful advice

My technopeasant mother runs a Win98SE box, and prevailed upon me to help her do what can be done for security -- and particularly to put together an antivirus regime that actually works. So (among other things), I buried MS-Outlook Express and MS Internet Explorer in the deepest pit I could find, made very sure that MS-Outlook wasn't around at all, and installed Eudora, Mozilla Firebird, AbiWord, and OpenOffice.org.

Because of various convulsions in her newspapers and magazines about whatever is the Microsoft virus du jour, she's forever bothering me about whether she should install "antivirus software" to protect her against this-or-that virus. So, about once every couple of months, I have to re-explain to her the Moen Family Antivirus Plan:

1. Don't run untrustworthy software.
2. Don't run software that autoruns untrustworthy software on your behalf.
3. Have means of recovery in place for various mishaps.

As longtime security-watchers will already know, shitcanning MS-Outlook Express, MS Internet Explorer, and MS-Outlook wins 98% of the battle immediately, because those applications' mindblowingly stupid handling of "active content" is the Typhoid Mary for practically all Microsoft viruses. And substituting AbiWord and OpenOffice.org for MS-Office applications eliminates VBA macro viruses, the other main scourge (well, malware scourge, anyway) of Microsoft software users.

She is on notice that she has big problems in the Rule #3 area for lack of (1) meaningful backup, and (2) usable means to reinstall some of her key software, if necessary. But that's a problem of broader scope, in which malware is merely an also-ran threat compared to hardware/software failure or user-induced mishap of other sorts. (After several iterations, she now understands what I mean when I say she's always wielding root-user authority.)

Rick Moen
rick@linuxmafia.com

If you lived here, you'd be $HOME already.

Post #117,422

by Silverlock

9/10/03 11:54:18 PM

Double thanks

Correcting my spelling in your quote and then giving a fine discourse on practical antivirus measures.

You mind If I steal that for a presentation to some suits?

Post #117,427

by rickmoen

9/11/03 12:27:38 AM

Re: Double thanks

Silverlock wrote:

You mind If I steal that for a presentation to some suits?

No problem; please do. And you're welcome to flatter me any time. ;->

Possibly related:
[link|http://linuxmafia.com/pipermail/conspire/2003-September/000287.html|http://linuxmafia.co...ember/000287.html]
[link|http://linuxmafia.com/pipermail/conspire/2003-September/000288.html|http://linuxmafia.co...ember/000288.html]

Rick Moen
rick@linuxmafia.com

If you lived here, you'd be $HOME already.

Post #117,600

by static

9/12/03 8:49:54 AM

Nothing teaches like experience.

My sister's PC got infected with an unknown trojan and managed to corrupt her Photoshop install. It also somehow corrupted her data partition and she lost quite a lot of art work and photos. (She's been studying graphic art.) The PC required a re-install.

It was this experience - and loss - that finally persuaded her after several years that Outlook was not a good idea. She now runs Eudora.

Wade.

Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed

Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please

-- "Anything but Ordinary" by Avril Lavigne.

Welcome to IWETHEY!