sandbox 0 Report post Posted November 22, 2005 For Internet Explorer users, please note that there is a new exploit in the wild that is capable of compromising a fully patched and updated WinXP machine:http://www.eweek.com/c/a/Mobile-and-Wireless/HP-TouchPad-Needs-68-Weeks-for-Additional-Shipments-142584Microsoft has not released a fix yet. From the article: IE users should immediately disable Active Scripting via the Tools > Internet Options > Security tab > Custom Level feature.Firefox and other alternative web browsers are not affected. You would have to be tricked into going to a malicious website to have any chance of being affected by this one, so most folks are probably safe anyway, but I thought I would let everybody know. For the curious, here's a proof of concept site that launches MScalculator when you visit their web page. Scary!http://www.computerterrorism.com/research/ie/poc.htm Share this post Link to post Share on other sites
jlhaslip 4 Report post Posted November 22, 2005 So does that mean to disable "javascript" if you are using IE? Or is Active Scripting different than js? Share this post Link to post Share on other sites
wariorpk 0 Report post Posted November 22, 2005 It really bothers me how Internet Explorer has so many flaws. I mean they should take time to test it before releasing it to the general public. Its insane how it has been out for a few years and people are still finding exploits. Share this post Link to post Share on other sites
sandbox 0 Report post Posted November 22, 2005 (edited) Disabling active scripting will disable javascript. I'm not sure exactly what the difference is between the two. You can see the 'Active scripting' option in the 'custom level' area of the security tab in internet options: It's the top one in this image. Just set it to 'Disable' Notice from BuffaloHELP: Edited as reported. Edited November 22, 2005 by BuffaloHELP (see edit history) Share this post Link to post Share on other sites
moogie 0 Report post Posted November 23, 2005 This is really good information. Thank you.I went to the ComputerTerrorism site and tried the test and yes it is scarey how well IE co-operates with the test. Not only that, it hung itself and stopped responding when I tried closing the test pop-up window. First I got the message that that program was not responding and then IE crashed.I went into my security settings and disabled activeX scripting and ran the test again and.....nothing happened. Good!However, ComputerTerrorists do go on to say that as long as you stay off potentially malicious websites, you won't have a problem. Yeah....right.I forgot to add that my Calculator did not pop up. I was expecting it to.Did I misunderstand? Share this post Link to post Share on other sites
sandbox 0 Report post Posted November 23, 2005 Yeah, it's supposed to pop up calculator. It comes up after the pop up does it's thing, so if ie crashed in the middle of it that's probably why you didn't see it. Share this post Link to post Share on other sites
DreamCore 0 Report post Posted November 23, 2005 Nice thanks for that information. And the test like with an "javascript virus" is funny B)lol tought that Internet Explorer was almost 100% safe, anyway its not any big problem its just an little exploit and microsoft will soon deliver an patch to fic that problem. Share this post Link to post Share on other sites
Saint_Michael 3 Report post Posted November 23, 2005 well heres a question if you disable the javascript through your browser are you not going to have problems loading sites and um using certain features like post (fast reply) and what not.of course you would have to be stupid to be tricked into going to a phony website through your email.but its simple delete/block junk email and your find and don't go to websites you don't know about without researching it first. Share this post Link to post Share on other sites
seanooi 0 Report post Posted November 25, 2005 Well, here's another obvious reason why current IE users should switch to FireFox :PI used to use IE a few months ago, but it just keeps getting more annoying everytime i use it. In the end, i decided to reformat my computer, forget about IE and use FireFox. And up till now, FireFox has served me well. Share this post Link to post Share on other sites
truefusion 3 Report post Posted November 25, 2005 I disabled active scripting, but that made my Mcafee virus scanner stop working. So, i advise not to disable, but to "prompt". Good thing i have more than one virus scanner, eh? Share this post Link to post Share on other sites
Tyssen 0 Report post Posted November 25, 2005 anyway its not any big problem its just an little exploit and microsoft will soon deliver an patch to fic that problem. Microsoft have a very poor record when it comes to releasing patches to fix faults in their software - soon doesn't ever come into it. Share this post Link to post Share on other sites