Bugtraq mailing list archives
Re: TXT or HTML? -- IE NEW BUG
From: Trevor O'Donnal <todonnal () yahoo com>
Date: Sat, 28 Jul 2001 23:09:56 -0700 (PDT)
--- cr4zybird <cr4zybird () hotmail com> wrote:
solutions: 1) download some antivirus softwares. and update the virus datebase all the time. and change the name of some 'dangerous' programs in your system, such as format.exe deltree.exe etc. i.e change format.exe to format_0.com etc. 2) try, not to visit those so- called 'hacker'or'cracking'sites. most of the time, you are the victim while you want to learn to attack others. 3) if you have to go visit some site that you are not quite sure if they are safe. then check it here first: http://crazybird.51.net/look.htm or you can also save the source code of this page to your computer, then save it as *.htm, so you can execute it on your own comp. be aware if it says "the web page contains some unsafe ActiveX" or something like that, then you'd better not to execute that ActiveX widget. and i can't promise that it can give you this kind of warn for any aggressive files.. 4) DO NOT open your attachment in IE!!!!!don't ever open any type of file in IE directly!!!BE AWARE!! you'd better use antivirus to scan it before you open it after you've download it to ur computer. 5) Update the system patch immediately if the patch comes out.
I don't think many of these will help with this vulnerability, however, there is a built in solution in IE. Most of you probably know about it. It's called Security Zones. I know somebody could probably write a small book of instructions on this feature alone, but used properly, it can really make IE the secure piece of software it was meant to be. Here's a quick bit of configuration you can do to protect yourself from this vulnerability: 1 - Set the Internet Zone security slider to HIGH. 2 - Click on "Custom Level" and change the following settings. a - "Script ActiveX controls marked 'safe for scripting'" set to "Disable" b - "Allow per session cookies (not stored)" set to Enable c - "File download" set to Enable d - "Active Scripting" set to Prompt While this does result in lots of pop-ups while browsing, it does protect you from the exploit in question. If there is a site you trust that uses active content and you don't want these pop-ups while browsing that site, add it to your "Trusted Sites" zone. This is just a quick overview of one way to set these options to protect yourself. It is my understanding thatOutlook also uses these settings, so you SHOULD be safe there too. I recommend all of you research how to use the security zones feature of IE if you haven't already done so, if only so you can help others who like to use it. I welcome all corrections and comments! :) Oh, and by the way, Nice to meet you all! -Trevor O'Donnal __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
Current thread:
- Re: TXT or HTML? -- IE NEW BUG, (continued)
- Re: TXT or HTML? -- IE NEW BUG bjarne bingo (Jul 28)
- Re: TXT or HTML? -- IE NEW BUG Nathan Neulinger (Jul 28)
- Re: TXT or HTML? -- IE NEW BUG Magnus Bodin (Jul 29)
- Re: TXT or HTML? -- IE NEW BUG Justin Nelson (Jul 29)
- Re: TXT or HTML? -- IE NEW BUG Aaron Whiteman (Jul 29)
- Re: TXT or HTML? -- IE NEW BUG Justin Nelson (Jul 30)
- Re: TXT or HTML? -- IE NEW BUG Magnus Bodin (Jul 29)
- Re: TXT or HTML? -- IE NEW BUG Fred Oliveira (Jul 28)
- Re: TXT or HTML? -- IE NEW BUG Tom Laermans (Jul 29)
- RE: TXT or HTML? -- IE NEW BUG arivanov (Jul 28)
- RE: TXT or HTML? -- IE NEW BUG Daniel Lukasiak (Jul 29)
- Re: TXT or HTML? -- IE NEW BUG Trevor O'Donnal (Jul 28)
- RE: TXT or HTML? -- IE NEW BUG Microsoft Security Response Center (Jul 29)
- RE: TXT or HTML? -- IE NEW BUG Rebecca Kastl (Jul 29)
- Re: TXT or HTML? -- IE NEW BUG Oliver Bleutgen (Jul 30)
- RE: TXT or HTML? -- IE NEW BUG Deirdre Warshall (Jul 30)
- Re: TXT or HTML? -- IE NEW BUG Aaron Bentley (Jul 30)
- Re: CGI, PATH_INFO, convenience/security (TXT or HTML? -- IE NEW BUG) Peter W (Jul 31)
- Re: CGI, PATH_INFO, convenience/security (TXT or HTML? -- IE NEW BUG) Marc Slemko (Jul 31)
- Re: CGI, PATH_INFO, convenience/security (TXT or HTML? -- IE NEW BUG) Peter W (Jul 31)