MAJOR Internet Explorer security hole TODAY. Protect your PC!

http://zdnet.com.com/2100-1105_2-5247187.html?tag=zdfd.newsfeed

snip

Security researchers warned Web surfers on Thursday to be on guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection.

The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer.

snip

he flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch. Moreover, the infectious Web sites are not just those of minor companies inhabiting the backwaters of the Web, but major companies, including some banks, said Brent Houlahan, chief technology officer of NetSec.

"There's a pretty wide variety," he said. "There are auction sites, price comparison sites and financial institutions."

The Internet Storm Center, which monitors Net threats, confirmed that the list of infected sites included some large Web properties.

"We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site.

snip

Meanwhile, the average Internet surfer is left with few options. Windows users could download an alternate browser, such as Mozilla or Opera, and Mac users are not in danger.

NetSec's Houlahan advocated drastic action.

"I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now," he said.


---------------------------------
I suggest Mozilla Firefox (http://mozilla.org). It's fast, blocks popups, low memory... and it's FREE!

This is a MAJOR security problem that everyone needs to know about.

people need to know about this

Get a clue, folks!

Not only is Apple a Liberal company, but Macs are vastly more secure than Windows.

But - If you won't get a Mac, PLEASE ditch windows for Linux or Free-BSD.

It was not too long ago when an exploit came out that allowed attackers to do about the same thing as this windows exploit. Apple took about a week to fix it, too.

Linux and BSD are great, but quality of the linux desktop is still somewhere around the mac os 7 / win95 .

And we are talking ONE exploit that Apple closed ASAP. How many with Windows?

There are many unpublished exploits for Windows as well...

pretty big embarassment for apple

Nothing against Macs except they are pricy and for those who like gaming and a bunch of other things, the software isn't really there.

Linux (in all it's forms) still isn't ready for primetime. Until it's dumbed down enough for the complete novice, it never will be. I use Mandrake 10 on one of my machines and while it has made strides, it still has a way to go. UI is fine, but the bottom line is they need to get their shit together on the third party software installation routines (ie, where the hell is that program I just installed?) and a lot of other mainstream apps that people use like cd/dvd burning software needs a lot of work in friendliness/features department.

I concede gaming (although way more quality games come out for OS X than I have money to buy) to windows, but what is there outside of propreitary legacy apps (vpc fodder, if you ask me) that windows has and the Mac doesn't? My experience has been that there's a Mac implementation of pretty much every appication. And because the programming framework is awesome (mmm... cocoa), shareware is high quality (as opposed to a lot of win32 stuff built in VB)

and Linux... well, like I said: desktop linux has caught up to win95

Some are pretty much equal (DTP/video software/office type apps).

But for most other applications, Mac has one or two analogs and that's your choice, where whereas there is quite a selection in the PC area.

If you prefer Macs that's fine, but I can build a PC from scratch for about 500 bucks that will run circles around a mid-range Mac in price to performance ratio. I like Macs a lot, but they have some issues (proprietary parts) that make them a no go in my department. On one hand, that same proprietary nature makes Macs much easier to program for than the umpteen zillion permutations of PCs, but it keeps the price high.

Macs would be the ones hackers were attacking on a daily basis, and I would be posting your same screed except substituting similar horseshit about IE and Intel-based systems.

MacOS X is gaining fast when it comes to known exploits. Also this is - again- an IIS /IE issue, not an OS issue. Mozilla has similar known exploits as well - the yes/no dialog improves the security only marginally.

...in a timely manner. Compared to microsoft at least.

I think this is in part because base system has so much F/OSS. The open source community seems to be really good at fast patching.

Of course, Apple has far far fewer installations that they need to distribute patches to. They also don't have to worry as much about breaking everything else when they make a fix. Windows has been all about the backwards compatability (tho I hear this will change for security reasons in the next xp service pack)... Apple didn't even mind breaking the API in the change from 10.1 to 10.2

what the are doing. The reason Macs aren't hit as often is that the hacker wants to get the biggest disruption for the time he or she has invested ergo Microsoft.

ALL operating systems have flaws. :evilgrin:

Mac OS X security myth exposed

Windows is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.

The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm. Each product is broken down into pie charts demonstrating how many, what type and how significant security holes have been in each.

One thing the hard figures have shown is that OS X's reputation as a relatively secure operating system is unwarranted, Secunia said. This year and last year Secunia tallied 36 advisories on security issues with the software, many of them allowing attackers to remotely take over the system -- comparable to figures on operating systems such as Windows XP Professional and Red Hat Enterprise Server.

Thanks for that info, Nomad559. While Microsoft is an entity that I definitely have a love/hate relationship with, I get really short with the voices that inevitably chime in on threads like this with comments like "Get a Mac!" or "Macs are immune!".

:grr:

sometimes it's just young guys with no lives trying to be cool and write damaging virii... but more recently it seems that it's pros who are infecting PCs to turn them into spam senders.

Will all web sites function properly with mozilla? If so, is there any reason to ever use IE? Do you have to change any settings if you use mozilla?

some microsoft.com sites don't work because they want to integrate into the OS and do funky activeX stuff.

I've found that if you install mozilla and then Sun Java, java applets run much better. Flash and macromedia work fine...

Go for it! Though I suggest Mozilla Firefox as the broswer. The full "Mozilla" product is a web browser, mail client, irc, kitchen sink. Firefox is the standalone browser.

work on..........should I just tell them to "fuck off" like Cheney told the Democratic senator yesterday?

Thank you, sir......I appreciate your feedback. I'll give mozilla a try.

but seriously, I can't remember ever finding one outside of microsoft... and one would hope that at least THEIR servers are all patched

it's OK for voting.




NOT!

It's free (even the full version) and easy to install. The popup blocker alone is a godsend.

but I sure do like that mozilla firefox

....as soon as I changed banks (in Dec. or Jan, I think) and started using the new bank's (a really, really major national bank) online services, I started getting mysterious charges and new accounts being opened in my name, using information only someone with access to my computer could have known. I nipped that in the bud real quick!

And now, in addition to Mozilla, I have a better firewall, a Trojan detector, a spyware detector--all thanks to recommendations from DU folk.

to make sure no one gets your information. :-)

I'm glad to hear you are running more safely now! Amazing what those creeps can do, isn't it?

Sheesh.

It sounds like you are talking about something other than backing up? (sorry, but I'm feeling more vulnerable than technically literate today!)

I meant to literally burn the harddrive. It's the only truly safe way to protect one's information. Of course, you no longer have it...

Sorry if the joke was confusing. :D

but I have heard acid does a good job as well.... :7

using?....Since it is such a jungle out there, I want to be fully protected.....not only do we have to fight the repubs in politics, now we have to battle with them trying to infect our computers...lol.

big news last night and today. it's an organized crime hit - looks like to set up more spam

Started with 4.73, now have 7.1........ People, MSIE is the hackers most preferred target. It stands to reason that if you don't use MSIE you won't be hit as often as those who do. And this includes Outlook as your mail client. Lower your vulnerability and you are better off. With Netscape, Norton Anti-Virus and BlackIce Firewall I have very little trouble with virii, worms, and/or popups.

AKA Netscape.

However don't ever let your guard down, just because you're not using IE: many malignant pages auto-detect the browser and are thus dangerous for IE and Mozilla.

are you still "safe?"

and just get it over with. I realize its not that simple, but I sure would like to get rid of all things Microsoft.

This happened to me I think
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=105&topic_id=1320151&mesg_id=1320151

How to Tell If You Are Affected

http://www.microsoft.com/security/incident/download_ject.mspx

I'm apparently not, but will use mozilla for the indefinite future...

Thanks to all who provide their expertise and advise!

I have IE but it is irreparably damaged so I don't use it.

It is generally safer than IE and it is not affected by this particular bug, but safe? There is no such browser.

Instead of Netscape I recommend Mozilla: it is the same core, but newer and without the advertising/spyware bundled with Netscape.

Mozilla Browser Address Bar Spoofing Weakness

http://secunia.com/advisories/11856/

:hi:

Those programs help, nothing is perfect - except not having an Internet connection.


Really: it just doesn't work that way. It might protect you from the common worms, but a custom-made worm( or a new one) for your system might get through.

Edit: and firewalls will not protect you from browser exploits anyway.

I am looking for a reason to get a new one :).

That is what keeps me from downloading it.

Unfortunately, it seems that every place I've worked, they use IE--and Outlook. I think it's just laziness (and cheapness): these came with the system, so that's what they use. When I worked at a major hospital, they were constantly getting email viruses because they used Outlook and people didn't know enough to not open attachments (even though they constantly got notices telling them that). One day, they had to shut down their whole online network to repair it.

Against the Trojan sending your data into the Internet: yes - if configured properly. (Zonealarm Pro might do the trick though)

The way to stop this worm from affecting IE is simple: turn off active scripting. Easiest way to do so: change IE's overall security settings. This will stop many web pages from working.

As long as there isn't a patch, using Mozilla is really the best thing to do.

http://www.opera.com/download/

You will not be disappointed