Welcome to the North American Subaru Impreza Owners Club Friday March 29, 2024
Home Forums Images WikiNASIOC Products Store Modifications Upgrade Garage
NASIOC
Go Back   NASIOC > NASIOC Miscellaneous > Off-Topic

Welcome to NASIOC - The world's largest online community for Subaru enthusiasts!
Welcome to the NASIOC.com Subaru forum.

You are currently viewing our forum as a guest, which gives you limited access to view most discussions and access our other features. By joining our community, free of charge, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is free, fast and simple, so please join our community today!

If you have any problems with the registration process or your account login, please contact us.







* As an Amazon Associate I earn from qualifying purchases. 
* Registered users of the site do not see these ads. 
Reply
 
Thread Tools Display Modes
Old 12-11-2008, 10:01 AM   #1
xothermic
Scooby Newbie
 
Member#: 36884
Join Date: May 2003
Chapter/Region: South East
Location: Cary, NC
Vehicle:
2019 Sti
WR Blue

Default Yet another reason not to use IE

http://www.computerworld.com/action/...intsrc=hm_list


Quote:

December 11, 2008 (IDG News Service) Chinese security researchers mistakenly released the code needed to hack a PC by exploiting an unpatched vulnerability in Microsoft's Internet Explorer 7 browser, potentially putting millions of computer users at risk -- but it appears some hackers already knew how to exploit the flaw. At one point, the code was traded for as much as US$15,000 on the underground criminal markets, according to iDefense, the computer security branch of VeriSign, citing a blog post from the Chinese team.
The problem in Internet Explorer 7 means a computer could be infected with malicious software merely by visiting a Web site, one of the most dangerous computer security scenarios. It affects computers running IE7 on Windows XP, regardless of the service pack version.
Microsoft has acknowledged the issue but not indicated when it will release a patch.
The vulnerability was first revealed earlier this week by the Chinese security team "knownsec." Knownsec said on Tuesday they mistakenly released exploit code thinking that the problem was already patched, iDefense said.
"This is our mistake," knownsec said in a Chinese-language research note.
That mistake could mean that more hackers will try to build Web sites in order to compromise users PCs since the exploit code is more freely floating around on the Internet. However, other information indicates that hackers already knew how it worked before the release. According to knownsec, a rumor surfaced earlier in the year about a bug in Internet Explorer, iDefense wrote.
Information on the vulnerability was allegedly sold in November on the underground back market for US$15,000. Earlier this month, the exploit was sold second or third hand for $650, said iDefense, citing knownsec.
Eventually, someone developed a Trojan horse program -- one that appears harmless but is actually malicious -- that is designed to steal information related to Chinese-language PC games, a popular target for hackers.
Now, other Web sites are being built that incorporate the exploit. Hackers then usually try to get people to visit those sites through spam or unsolicited instant messages.
iDefense said in a note that the vulnerability is "really nasty" and that computer security professionals could be in for a rough ride. Microsoft issued its biggest group of patches in five years on Tuesday, and is not due for a regular patch release until Jan. 13, although it could opt to do an emergency release.
* Registered users of the site do not see these ads.
xothermic is offline   Reply With Quote
Sponsored Links
* Registered users of the site do not see these ads.
Old 12-11-2008, 10:04 AM   #2
Fish
RIP Sirkbac
 
Member#: 869
Join Date: Feb 2000
Chapter/Region: NESIC
Location: Southern NH
Vehicle:
1984 GPZ-750 TURBO
90' MX-5/11' DGM STi Sdn

Default

is this new?
the desc reads like most IE vulnerabilities.
Fish is offline   Reply With Quote
Old 12-11-2008, 10:06 AM   #3
xothermic
Scooby Newbie
 
Member#: 36884
Join Date: May 2003
Chapter/Region: South East
Location: Cary, NC
Vehicle:
2019 Sti
WR Blue

Default

Quote:
Originally Posted by Fish View Post
is this new?
the desc reads like most IE vulnerabilities.
The article is dated today but they do state that "other information indicates that hackers already knew how it worked before the release"
xothermic is offline   Reply With Quote
Old 12-11-2008, 10:19 AM   #4
LastResort
Scooby Guru
 
Member#: 99289
Join Date: Oct 2005
Default

Is this part of the biannual, let's-find-a-totally-crippling-security-flaw-in-IE roundup that seems to happen? Or is this a special occasion?
LastResort is offline   Reply With Quote
Old 12-11-2008, 10:23 AM   #5
dr_wheel
has never eaten a strawberry
 
Member#: 60106
Join Date: Apr 2004
Chapter/Region: Tri-State
Location: Pennsyltucky
Vehicle:
I eat pieces of
* like you for breakfast

Default

Quote:
Originally Posted by LastResort View Post
Is this part of the biannual, let's-find-a-totally-crippling-security-flaw-in-IE roundup that seems to happen? Or is this a special occasion?
Actually, it's more like bimonthly, but yea... this looks like that.
dr_wheel is offline   Reply With Quote
Old 12-11-2008, 05:07 PM   #6
xothermic
Scooby Newbie
 
Member#: 36884
Join Date: May 2003
Chapter/Region: South East
Location: Cary, NC
Vehicle:
2019 Sti
WR Blue

Default

Retarded ass workaround:

http://www.computerworld.com/action/...intsrc=hm_list

Quote:
December 11, 2008 (Computerworld) Microsoft warned users of Internet Explorer 7 (IE7) late yesterday that attackers are actively exploiting a critical bug in the browser, and urged them to take countermeasures in lieu of a patch.
In a late-Wednesday security advisory, Microsoft officially acknowledged the flaw. "We are aware only of limited attacks that attempt to use this vulnerability," the company said, adding that users running IE7 in Windows XP, Windows Vista, Windows Server 2008 and Windows Server 2008 are at risk.
As is its practice, however, the company was vague about whether it would patch the problem, and if so, when. "On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
The last time that Microsoft went off its usual once-a-month security update schedule was in late October, when it issued an emergency patch for a bug in Windows that was also being exploited in the wild.
In one way, Microsoft downplayed the threat posed by the IE7 bug, which independent researchers have said is in a browser rendering component, and is triggered by misuse of the HTML "span" tag.
"Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory," Microsoft said. "Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability."
The company spelled out three things IE7 users can do to protect themselves:
Set "Internet" and "Local internet" security zones to "high." To do that, users must select "Internet Options" from the Tools menu, click the Security tab, click on "Internet," then move the slider to the "High" setting. Repeat for "Local intranet." Click OK.
Disable Active Scripting. Choose "Internet Options" from the Tools menu, click the Security tab, click the "Internet" icon and then the "Custom level" button. In the ensuing dialog, under the "Scripting" section, in the "Active scripting" item, click "Disable," then OK.
Enable DEP (data execution prevention). Select "Internet Options" from the Tools menu, click the Advanced tab, then check "Enable memory protection to help mitigate online attacks." Click OK.
Although multiple exploits have surfaced, all are effective against only IE7. Researchers, including those at Microsoft, are still investigating whether the older IE6 also contains the same vulnerability.
"The information posted in Microsoft's security advisory is what the company knows to be true at this time, [but] Microsoft continues to investigate this vulnerability," a company spokesman replied in an e-mail when asked whether Microsoft had found a similar bug in IE6. "If Microsoft can confirm new information based on its ongoing investigation, it will update the security advisory as necessary."
xothermic is offline   Reply With Quote
Old 12-11-2008, 05:08 PM   #7
Flake
Scooby Newbie
 
Member#: 84657
Join Date: Apr 2005
Location: Colorado Springs, CO
Default

Flake is offline   Reply With Quote
Old 12-11-2008, 06:54 PM   #8
CryderSpeed
Scooby Specialist
 
Member#: 88816
Join Date: Jun 2005
Chapter/Region: NWIC
Location: GET BACK
Vehicle:
TO TWERK

Default

Quote:
Originally Posted by Flake View Post
Word.
CryderSpeed is offline   Reply With Quote
Old 12-11-2008, 06:55 PM   #9
anthonywrx
Scooby Specialist
 
Member#: 60276
Join Date: Apr 2004
Chapter/Region: MWSOC
Location: SW Burbs IL
Vehicle:
2015 Camaro SS
03 WRX/STi hybrid sold :(

Default

Quote:
Originally Posted by Flake View Post
too late for me
anthonywrx is offline   Reply With Quote
Old 12-11-2008, 07:03 PM   #10
Slug71
Scooby Newbie
 
Member#: 159963
Join Date: Sep 2007
Chapter/Region: NESIC
Location: Albany, N.H - U.S.A
Vehicle:
2003 Subaru Baja
Black & Silver

Default

Linux FTW!
Slug71 is offline   Reply With Quote
Old 12-11-2008, 07:07 PM   #11
skywaffles
Scooby Specialist
 
Member#: 82470
Join Date: Mar 2005
Chapter/Region: NWIC
Location: The CHAZ
Default

Is IE still primarily used in business/offices?
skywaffles is offline   Reply With Quote
Old 12-11-2008, 07:13 PM   #12
Flake
Scooby Newbie
 
Member#: 84657
Join Date: Apr 2005
Location: Colorado Springs, CO
Default

Quote:
Originally Posted by skywatcher View Post
Is IE still primarily used in business/offices?

Yup.




Flake is offline   Reply With Quote
Old 12-11-2008, 07:17 PM   #13
Slug71
Scooby Newbie
 
Member#: 159963
Join Date: Sep 2007
Chapter/Region: NESIC
Location: Albany, N.H - U.S.A
Vehicle:
2003 Subaru Baja
Black & Silver

Default

Quote:
Originally Posted by Flake View Post
Yup.




Slug71 is offline   Reply With Quote
Old 12-11-2008, 07:35 PM   #14
skywaffles
Scooby Specialist
 
Member#: 82470
Join Date: Mar 2005
Chapter/Region: NWIC
Location: The CHAZ
Default

Quote:
Originally Posted by Flake View Post
Yup.




skywaffles is offline   Reply With Quote
Old 12-11-2008, 07:56 PM   #15
LastResort
Scooby Guru
 
Member#: 99289
Join Date: Oct 2005
Default

Quote:
Originally Posted by skywatcher View Post
Is IE still primarily used in business/offices?
LastResort is offline   Reply With Quote
Old 12-11-2008, 07:58 PM   #16
skywaffles
Scooby Specialist
 
Member#: 82470
Join Date: Mar 2005
Chapter/Region: NWIC
Location: The CHAZ
Default

Why no switch to Firefox?
skywaffles is offline   Reply With Quote
Old 12-17-2008, 04:18 PM   #17
aod
Scooby Newbie
 
Member#: 7121
Join Date: Jun 2001
Chapter/Region: MWSOC
Location: D2F.1 = D2F.2, D2F.3 = D2F.4
Default

Yeah, those of you foolish enough to use IE will probably want to patch it now:

http://news.cnet.com/8301-1009_3-10125593-83.html

Patch is here:

http://www.microsoft.com/protect/com...00812_oob.mspx

@Microsoft.
aod is offline   Reply With Quote
Old 12-17-2008, 04:32 PM   #18
Kaiser
The Fellas fella
 
Member#: 7170
Join Date: Jun 2001
Chapter/Region: NESIC
Vehicle:
Aut Kaiser,
aut nullus.

Default

Already installed and rebooted. Good old AU.
Kaiser is offline   Reply With Quote
Old 12-17-2008, 04:35 PM   #19
docwhorocks
Scooby Newbie
 
Member#: 13772
Join Date: Dec 2001
Chapter/Region: RMIC
Location: -=OT SQUIRREL HERDER=-
Vehicle:
16 Frontier
Red

Default

Quote:
Originally Posted by Slug71 View Post
Quote:
Originally Posted by skywatcher View Post
What they said.
docwhorocks is offline   Reply With Quote
Old 12-17-2008, 04:39 PM   #20
Mr_Hox
Scooby Guru
 
Member#: 118789
Join Date: Jun 2006
Chapter/Region: NWIC
Location: Seattle, WA
Vehicle:
I just went from
six to midnight...

Default

Gooooooooooooooooooooooooooooooooo Netscape!
Mr_Hox is offline   Reply With Quote
Old 12-17-2008, 04:42 PM   #21
FunkerVogt
Scooby Newbie
 
Member#: 4585
Join Date: Mar 2001
Chapter/Region: Tri-State
Location: Northern NJ
Default

Opera
FunkerVogt is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Another reason not to speed in GA.. boxered Off-Topic 112 02-01-2011 11:55 PM
Yet another reason not to buy a rental car speaker General Community 37 08-27-2005 12:51 AM
CAI - another reason not to do it... TopKatz Factory 2.0L Turbo Powertrain (EJ Series Factory 2.0L Turbo) 6 08-04-2005 06:12 PM
Yet Another Reason not to Drive Stupid coyote73176 New England Impreza Club Forum -- NESIC 68 05-16-2005 08:49 PM
Another reason not to buy an HDTV norseone Off-Topic 42 01-31-2005 10:49 PM

All times are GMT -4. The time now is 04:26 AM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Powered by Searchlight © 2024 Axivo Inc.
Copyright ©1999 - 2019, North American Subaru Impreza Owners Club, Inc.

As an Amazon Associate I earn from qualifying purchases.

When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission
Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.