 sj |
||
|
||
Tech: New weakness in IE7
|
|
|
|||||||
|
Tech: New weakness in IE7 |
Share Thread
|
||||||
|
Subject: BS: New weakness in IE7 From: nutty Date: 26 Oct 06 - 11:36 AM I'm posting this to make everyone aware. If you use Internet Explorer 7 follow the link and take the test for peace of mind. http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/
-Joe Offer- |
|
Subject: RE: BS: New weakness in IE7 From: bobad Date: 26 Oct 06 - 12:56 PM Beware |
|
Subject: RE: BS: New weakness in IE7 From: nutty Date: 26 Oct 06 - 03:53 PM THANX bobad ... IT'S A BIG BAD WORLD OUT THERE you don't know friend from foe Stay safe everybody |
|
Subject: RE: BS: New weakness in IE7 From: Bernard Date: 26 Oct 06 - 04:24 PM The really bad thing is this vulnerability existed in IE6 and wasn't fixed... Micro$hafted again! |
|
Subject: RE: BS: New weakness in IE7 From: JohnInKansas Date: 26 Oct 06 - 05:05 PM ??? I tried it and found no vulnerability with my IE6. Secunia is claiming to be a "security provider" and this looked to me like a "cheap trick" ad. If you click on the test button you (I) get a "popup" from Secunia saying something to the effect of "you clicked a button, ya dumbass, and it could have been a phishing ploy so you better buy our crap so we can tell you we'll do something about it." I'll note that I've seen reviews on Secunia, and evidently was not sufficiently impressed to remember what the reviews said; but they are a known (marginal(?)) software producer. I think the paid commercial announcement coming up on my TV has a vacuum cleaner about as interesting as this "vulnerability." I probably won't buy it either. John |
|
Subject: RE: BS: New weakness in IE7 From: Lighter Date: 26 Oct 06 - 05:06 PM Get ready for this: I recently got a full-screen alert that my computer was infected by some kind of malware. A window appeared with plenty of red, appearing to show a virus search in progress. At the same time, a balloon popped up from my task bar confirming the infection. I didn't recognize the name of either the full-screen warning or the search, so I was very suspicious, especially since the warning provided the option of "updating" my protection. To make a long story short, the full-screen alert with its impressive "search window" was *itself* part of the infection ! And I couldn't easily remove it because it had already installed a malicious program with some kind of rather effective self-defense (think "AIDS virus"). My real anti-malware program kept assuring me (you'll love this) that all "installed" programs were "operating properly." The crooks were counting on that response to give them a further edge. They were claiming, basically, that only new software from them could cure the infection. The good news is I eventually eliminated the intruder with my defense suite. It wasn't easy. If I hadn't been suspicious, resistant to dire alerts, and incredibly persistent, I'd have fallen for the trap. So, yes, BEWARE. |
|
Subject: RE: BS: New weakness in IE7 From: JohnInKansas Date: 27 Oct 06 - 03:09 AM One of the recently reported malware exploits actually does contain an AV program that scans your machine to remove all other malware of similar kind. The bot programs that allow someone to take over your computer to send SPAM, to launch DDOS attacks, and;or just to steal everything you've got are becoming common enough that they often compete with each other, so these "authors" hacked an AV program from a major AV supplier and incorporated it into their "bot" so that they'd have exclusive use of your machine. At the time of the last report I saw, it was still undetermined what use the people distributing this intend to make of the machines they manage to infect; but it isn't likely something you want your machine to participate in. It's fairly common for malware to try to kill your AV and other anti-malware stuff, but these guys took a sort of novel approach on it. John |
|
Subject: RE: BS: New weakness in IE7 From: John O'L Date: 03 Nov 06 - 01:19 AM OK, well IE7 has come through for me now as a recommended update. Does anybody have any strong ayes or nays regarding this? |
|
Subject: RE: BS: New weakness in IE7 From: JohnInKansas Date: 03 Nov 06 - 02:01 AM The reviews on IE7 indicate that it is a somewhat improved browser. It has lots of new (to Microsoft) ways of displaying things, most of which strongly resemble what other "more modern" browsers have been doing for some time. There are, according to reports, some security enhancements. The new features might allow some who've wandered off to other browsers to have some of the The thing that puts me off it is the admission by Microsoft that it's being released in advance of Vista, the coming(?) new operating system, in order to "get people used to" the new look of Vista. I'm a bit underwhelmed by the reports of what Vista will do in the way of its "new looks" . . . and don't expect to go with it at any time soon, so why would I want to train for it now? IE7 was kicked off to be the browser for Vista, but after several years of schedule slips on Vista, it apparently came (forth) prematurely. IE7 reportedly plays well with WinXP, but may be snobbish about showing it's abilities to obsolete Windows versions. It looks good. It just that the features the reviewers seem most impressed with don't get me particularly excited. John |
|
Subject: RE: BS: New weakness in IE7 From: Stilly River Sage Date: 03 Nov 06 - 12:15 PM That link at the top brought up a Norton response that blocked the site's activity. The second link in this thread is to a site that doesn't make a lot of sense--what exactly are they trying to show or prove? At the university where I work we received a campus-wide announcement from the IT folks to not allow the new IE to automatically install (the way Microsoft has sent it out) when it comes down the pike. They asked us to block it for the time being and stick with the browser we're using now. SRS |
|
Subject: RE: BS: New weakness in IE7 From: Cruiser Date: 04 Nov 06 - 01:25 AM Recommendation: DO NOT click on the link in the first post by nutty. There is a very low level threat when accessing that site: Bloodhound.Exploit.94 is a heuristic detection for detecting web pages attempting to exploit an undocumented Internet Explorer 7 Popup Address Bar Spoofing Weakness. Bloodhound.Exploit.94 explained @ the Symantec Site After following that link I got a virus warning. To be safe, I ran a full virus scan with the heuristic detection set on the highest level instead of the default level. This scan took 2 hours 22 minutes. A normal scan usually takes less than half that time at 1 hour 5 minutes. Cruiser |
|
Subject: RE: BS: New weakness in IE7 From: Sandra in Sydney Date: 04 Nov 06 - 01:59 AM maybe someone could remove the link? maybe I'll post the request on Help, even tho I don't use IE posted! sandra
-Joe Offer- |
|
Subject: RE: BS: New weakness in IE7 From: Cruiser Date: 04 Nov 06 - 02:14 AM Here are discussions at the official MS IE site: Discussions in microsoft.public.internetexplorer.general When reaching the page, type IE7 in the SEARCH FOR: "Box" I think I will wait awhile longer. |
|
Subject: RE: BS: New weakness in IE7 From: My guru always said Date: 04 Nov 06 - 05:26 AM I almost clicked on the first link but decided to read on - glad I did. Request to close the first link hereby seconded! |
|
Subject: RE: BS: New weakness in IE7 From: Jeri Date: 04 Nov 06 - 07:53 AM The link is to "Internet Explorer 7 Popup Address Bar Spoofing Test." If you then click on the link in that page to do the test, and you're vulnerable, it opens a popup window that says something like "If this hadn't been a test, we could have..." AND your browser's main window takes you to a spoofed microsoft.com. If it's a test to see if bad people can do bad things to your computer, then good people will have to try those same things. If your firewalls or whatever are protecting you, then the test will show that you aren't vulnerable, or perhaps you'll receive an alert telling you of a threat, lik Cruiser did. Discovered by clicking on link. I have an anti-virus program and firewall that are updated daily, plus two anti-spyware programs that I updated two days ago. No alerts, but then the test indicates I'm vulnerable. I don't use MSIE7, though, and I'd ignore messages claiming to be from Microsoft, even if they were from Microsoft. It's up to you, though. |
|
Subject: RE: BS: New weakness in IE7 From: Cruiser Date: 04 Nov 06 - 09:30 AM Thanks Jeri. I suggest if the "Click Here" link is left in the first post then a clone checks it out first and explain in the initial thread, as you did in a later thread, what the link is about. I take any Dialog Box Warning from my NAV very serious. I have only had 4 such warnings in as many years. People need to know it is an advertizing site and I suggest they get their information on MSIE7 at the official MS site....I know, MS does not do a very good job at being self-critical. |
|
Subject: RE: BS: New weakness in IE7 From: Jeri Date: 04 Nov 06 - 11:50 AM The reason I don't want to say I'm sure it's OK is because I'm not that much of a tech-head. I can't see how the test could harm a person, but I'm not going to take responsibility for other people's actions. (Oh yeah, the test was no problem, so when I got pop-up and Microsoft page later, I figured it was safe. Microsoft only wanted me to verify my credit card number...) The test does everything a real spoofing/phishing attack would do except phish (ask you for personal information), so if your anti-whatsit-ware warns you, it's protecting you. If it DOESN'T warn you, and the test works, then, since the spoofing works in other browsers, don't enter personal information into a web page, unless it's secure & has a certificate and you entered the web address yourself or opened a known bookmark, or clicked on a known link. If you have MSIE7, you can download the patch. |
| Share Thread: |