A warning for those STILL using Internet Explorer

Discussion in 'OT Technology' started by Juvenall, Jan 11, 2005.

  1. Juvenall

    Juvenall What Would Juvie Do?

    Joined:
    Dec 31, 2004
    Messages:
    2,221
    Likes Received:
    0
    Location:
    #!/usr/bin/Detroit
    There has been a major security hole found in IE that can allow an attacker full and total access of your box. Through the use of a corrupt HTML Help file, an attacker can execute arbitrary commands on your system which could allow them to do anything your account has the premission to do (and since most people work under the admin account, that's everything).

    It would just take some minor work to force your system to download and install something along the lines of SubSeven or simply erase your entire "My Documents" directory.

    ..and all you have to do is a single click.

    The security company that found the hole has an example up on it's web site. From what I understand, Microsoft does not have a patch for this and it's expected to be a while before one shows up (due to the nature of the hole I assume).

    http://secunia.com/internet_explorer_command_execution_vulnerability_test/

    This works just fine on my fully patched XP Pro box with SP2.
     
  2. 4W4K3

    4W4K3 New Member

    Joined:
    Dec 31, 2004
    Messages:
    5,108
    Likes Received:
    0
    Location:
    TX
    I use Firefox. Kind of sucks that IE is imbedded into XP though, almost impossible to get rid of it...:(
     
  3. I just got a new computer at work (XP) and it won't let me install Firefox on it. I can download it, but not install it. It's on a huge state network, so I figured it was some sort of thing that I had to have an administrator's password for. Is there some other way to get this done? I've become addicted to tab browsing.
     
  4. 4W4K3

    4W4K3 New Member

    Joined:
    Dec 31, 2004
    Messages:
    5,108
    Likes Received:
    0
    Location:
    TX
    hmm...not an easy way. if they found out you bent the rules and got out of line they might get you in serious trouble. i wouldn't attempt it unless its not against the rules to bypass security measures for you. you might be able to gain rights with a bit of tampering...i had that problem when i was swapping HDD's with my GF and some of her files were locked. theres a uide on www.tweakxp.com for gaining rights..but i dont remember what it was called. installing should be allowed once you have the rights...
     
  5. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    I hate Firefox. IE does me just fine.
     
  6. Stilgar

    Stilgar New Member

    Joined:
    Dec 31, 2004
    Messages:
    1,941
    Likes Received:
    0
    yeah but who the fuck hacks random peoples computers? what do they expect to do or find?
     
  7. Keyzs

    Keyzs OT Supporter

    Joined:
    Nov 3, 2003
    Messages:
    814
    Likes Received:
    0
    Location:
    Charlotte, MI
    Release Date: 2004-10-20

    Have anything new???

    FYI - does not effect my unpatched W2K... Click the link and NOTHING happens.

    EDIT - Click nothing happens, NAV alerts on the HTML page in cache....
     
    Last edited: Jan 11, 2005
  8. 4W4K3

    4W4K3 New Member

    Joined:
    Dec 31, 2004
    Messages:
    5,108
    Likes Received:
    0
    Location:
    TX
    i used oit for years..but my overclocking kills IE6 on my PC for some reason. it's totally stable..and Firefox is still cool, but when i tried IE6 it would crap out and freeze. after reformat IE6 worked fine again even overclockied...but i was hooked on Firefox. It gives me faster page loading and faster download/upload speeds, and tabs and all that. it's got a few quirks...but i still like it. i only use IE6...well...nvm i dont use it lmao. (cept for Windows update sometimes when i dont want to install the files by themselves)
     
  9. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    Understood, I could see that.
     
  10. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    ActiveX turned off
     
  11. Juvenall

    Juvenall What Would Juvie Do?

    Joined:
    Dec 31, 2004
    Messages:
    2,221
    Likes Received:
    0
    Location:
    #!/usr/bin/Detroit
    There are three types, actually.

    1) Those who think it's funny when they look at their server logs and see how many suckers have clicked the link. They know that well over 90% of them are still using IE and are now missing every single .mp3, .doc, and .txt file on their system.

    2) Those who are looking for passwords to your account by using this exploit to install a keylogger on your computer. When you click the link, your system could install this app that will email the attacker everything you type. Just think what they could do if they get ahold of say, your bank account or credit card numbers. Others in the group simply want to screw with as many people as possible. So they'll train the logger to search for hotmail accounts and change the passwords.

    3) The thrid group is the type that wants control of your system for another reason. Lets say I want to hack the Microsoft web site. I sure as hell don't want to do that from MY home account. So I install some sort of back door that lets me use your system for this task. Another type of person in this same group are spammers. Because of the pressure on most ISPs, it's hard for them to find servers to send off their spam. Well, if they can install a simply mail program on your system along with say, a thousand others, they can use your computer as a spam hub.
     
  12. Juvenall

    Juvenall What Would Juvie Do?

    Joined:
    Dec 31, 2004
    Messages:
    2,221
    Likes Received:
    0
    Location:
    #!/usr/bin/Detroit
    What about Opera then?
     
  13. 4W4K3

    4W4K3 New Member

    Joined:
    Dec 31, 2004
    Messages:
    5,108
    Likes Received:
    0
    Location:
    TX
    haha! i don't have e-mail! at the moment anyways...outlook is being gay. (sarcastic)

    i think a few basic security measures can be taken to avoid an automatic download if a keylogger or any other kind of harmful files. heck my AV software would freak out, XP would warn me, if you are stubborn enough to ignore all that then you might deserve it lmao. but to the average computer user who has an open computer and no kind of AV or security it's a big risk.
     
  14. Juvenall

    Juvenall What Would Juvie Do?

    Joined:
    Dec 31, 2004
    Messages:
    2,221
    Likes Received:
    0
    Location:
    #!/usr/bin/Detroit
    That's what you think. Many keyloggers are not part of any database and I don't believe ANY antivirus solution currently looks for programs that hook into inputs.

    ..and just so computer newbies knows, you don't need to use any email client on your system. Many of these keyloggers set up their own mail server or use your internet connection to connect to one that will send out. You wouldn't believe how many people I've heard from that think "Oh, I only use hotmail, so my system can't send anything"..:rofl:
     
  15. 4W4K3

    4W4K3 New Member

    Joined:
    Dec 31, 2004
    Messages:
    5,108
    Likes Received:
    0
    Location:
    TX
    how would it install an entire program on my computer without me noticing? I'm pretty watchful of my system especially right after i reformat (a week ago lmao) AdAware has caught a few keyloggers (from LAN's i went to :rollseyes: ) but i don't know if they were what you would find on the internet. i've run this machine on the house network for almost 2 yrs. i think, and my older one for over 6 yrs. never had any kind of virus or trojan...i only get those from n00bs at LAN's trying to ruin other people's computers. don't you hate that. i would notice any kind of outgoing/incoming messages, our server logs everything i download/view/type/install...it's kind of an all-in-one keylogger. it will record "unfriendly" bandwidth usage if it thinks there is something amiss. i can read all my MSN convos from my dad's office, or my mom's e-mails, i can see what the last thing my sister downloaded was and where it came from...i don't think there's anything our server doesn't catch. it's so freaking locked down it's annoying sometimes. but i have yet to know it's full potential, my dad has alot of it locked out from me:(
     
  16. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    :werd:
    Nope.. never cared for that much either. I don't see any compelling reason to do anything differently... I've used IE my entire life (except using Netscape a few years ago because it was company policy) and my machines and network are locked down about as tight as they are going to get. Not worried about it.. if some kiddie wants to delete all my already archived MP3s or get the password to my OT account then by all means!
     
  17. Goonigoogoo

    Goonigoogoo Active Member

    Joined:
    Nov 30, 2004
    Messages:
    14,765
    Likes Received:
    0
    I use FF and IE, why you ask cause i grew up with IE and its hard to change over especially when FF still has major bugs that aggrevate me. When i do my online banking and ebay stuff i use FF, just to surf the net i use FF.
     

Share This Page