Slashdot Mirror
CERT Recommends Mozilla, Firefox
EvilStein writes "According to this article, "CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera."
Quite a statement from CERT - this is related to a fairly recent IIS or IE exploit that has already affected some high traffic web sites, such as the Kelley Blue Book website."
This from the Washington Post - which some joe users (at least those based in washington presumably) will be reading.
What seems to be novel about this attack is that it uses holes in both IIS and IE. When an IIS server is attacked, the payload is to compromise the site such that malicious code is inserted into every page with no outward sign that anything's wrong. That code in turn exploits a hole in IE to get onto a user's PC, which in turn goes looking for more IIS sites to compromise.
This worm depends on there being flaws in both programs. It wouldn't be nearly as powerful if those two flaws couldn't be used in concert.
Netcraft reports that Yahoo runs FreeBSD and Earthlink runs Solaris so both of them can't possiby be spreading the worm. eBay runs IIS, but I doubt they've been hit or it'd be more widely reported.
I switched a month ago from Outlook to Thunderbird, which went so well that I switched last week from IE to Firefox. Especially the ease of importing of previous Outlook/IE settings was astonishing!
On the other hand, I found out that it is not that simple to get rid of IE though, a quick search reveals that it is not always simple[google].
According to some people, the exploit can be passed through complex banner ads hosted by servers using IIS - if that's true, then any site including such ads in their pages, including those not using IIS themselves, could still be vectors.
I use Outlook web access with no problem using Firefox, all the time. Sure, it doesn't use the active-x and it doesn't have all the bell and whistles, but all the functionality is pretty much there (Mail, calendar, etc).
That is hard to say. Some Ad networks that were hit by this IIS problem had cascading problems throughout their distribution networks.
One site that I host (FreeBSD/Apache) has many banner ads and popups. The logic of the site layout though, loads the ads first, then the site, so we appeared to be down.
Also, the javascript used to spawn the popups were hosted externally also. Our XP users also went into an infinite loop of popups...
My writeup of the trojan and the incident is here:
http://www.lurhq.com/berbew.html
I find that removing Flash makes Firefox much, much more stable. That said, Flash 7 is much better in this respect.
Allergy advice: Contains eggs.
The Alert Service of the Dutch ministry of Economical Affairs concluded that early june too.
One of the solutions given is to "temporarly choose another browser untill a patch is released".
And while you are at it you may wish to change the security settings for your "My Computer" zone.
u rr entVersion\Internet Settings\Zones\0
Read this:
Description of Internet Explorer security zones registry entries
Then edit the relevant key (if you don't know how, then you should just switch to using a different O/S or browser):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\C
Change Flags from 0x21 to 0x01 to make it visible.
Once you do that you can more easily change the security settings for the My Computer zone.
You could also add your own custom zone, but if you have to ask me how to do it, you shouldn't.
Note that while disabling javascript and stuff in the My Computer zone protects you from numerous IE exploits[1], the web style windows explorer and other stuff require active scripting and other stuff to be enabled. So you would have to switch to the classic style. I don't see what benefits the web style has - other than make monitor/LCD vendors happy - it takes up more screen space.
[1] many attacks involve cross zone exploits with the aim of running the exploit in the My Computer zone which has lower security levels by default - raising the security levels e.g. requiring prompts before active-X stuff is run, disabling active scripting (I see very little need for scripts to be enabled on locally stored HTML pages, heck I see very little need for most websites to use javascript).
The page source says the charset should be both "windows-1252", "iso-8859-1" (and even "x-user-defined"). These are Western, ie. Latin character sets - I'm imagine Telugu doesn't relate to these in any way?
You should contact the authors and make them fix the page.
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
Off-topic I know, but the site is using some Javascript code to check for Netscape 4 or Internet Explorer. It is then sending a browser-specific downloadable font to either of those browsers.
The problem is that they are using a European character set, and just replacing the Latin characters with Telugu ones. This used to be acceptable practice, but now that all modern browsers support unicode and multiple character sets, it's really not necessary.
You should contact the site owners and have them update the site. Who uses Netscape 4 any more?
Have you ever seen an signed mozilla extension?
Not yet, but I believe the example you're refereing to is the reason they included a whitelist (for sites allowed to install extensions) in the latest Mozilla version.
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
The Lion worm gave my University's Linux server's hell a couple of years back. They were al running unpached RedHat 7.3 and it wasn't pretty.
There is nothing wrong with being gay. It's getting caught where the trouble lies.
It's changeable in the program in Mozilla as well. Type "about:config" in the address bar, add a string "general.useragent.override" and set the value to "MSIE".
Not that that does you much good if you're using IE. Last I checked IE blatantly ignores mime types and uses the "file extention" of the URL, or something equally retarded along those lines.
Worse. It examines the document content and guesses the type.
1. Get Firesomething extension for Firefox 0.9
2. In the dialog box, remove "Mozilla" vendor and add "Microsoft". Remove all prefixes also and add "Internet". Remove all names and add "_Explorer" (substitute the underline for a leading space). Enable the "single name mode". Apply.
3. While you are at it, get the Luna Blue 0.4 theme from http://www.intraplanar.net/projects/lunablue/
4. Adjust the icons so they look really like explorer. The order should be back, forward, STOP, RELOAD, home, separator, favourites, history, separator, mail, print
5. Rename the shortcut to "Internet Explorer" and change the icon to the blue "e" (do this on the Desktop and Quick Launch bar as well)
6. Never again worry about worms.
Dear aunt, let's set so double the killer delete select all
This particular vulnerability has been patched for two months (MS04-011). Had the administrators applied that patch when it becase available this would have been half fixed. Then all you'd need to do is get an IE fix. And then that would be the end of this particular issue. Since the patch existed before any known use of the exploit, the blame is squarely on the shoulders of two groups: (1) the malware author(s) themselves; and, (2) the lazy sysetm administrator too slow or stupid to deploy the patch in a timely manner.
Really, this is an issue settled by termination of the employee responsible for not keeping a good record of patches and updates. Of course, that still leaves the IE problem, but with the IE team recently recreated, probably for Longhorn, but perhaps they're therer just to release an update to IE to fix this type of crap, we may see the end of these types of things. If only people would quite exploiting innocent code... Sadly, people left to their own devices will revert to base and vile activities, then add in the anonymity of the internet, you get the jerks who think it's fun to spoil the party for everyone.
I don't know what the actual exploit text looks like. It has to contain "script" because that's the name of the tag. It only has to contain "javascript" in the type attribute if it wants to be valid HTML.
The shareholder is always right.
> Can anyone point to a single free software worm that auto propagated?
How about the lion and ramen worms from 2001? Or how about the fact that someone is trying to convince phatbot/agobot to compile on Linux?
Free software is not impervious to worms. However, due to the diversity of systems, it tends to be far more difficult to write a single exploit.
Then again, Free Software tends to have patches pretty quickly, too. Where's Microsoft with the patch for this latest pair of vulnerabilities in IE?
Its probably just some javascript that is searching for the UserAgent tag. Get the useragent switcher extensions and you can "change" to IE6 on the fly:
User Agent Switcher
In fact, this has already happened. Have you ever used a default install of IE on a Windows 2003 machine? Everything's set for really high security. You can't even *download* an .EXE file by default. You have to manually add the site to the Trusted Sites list, and you're pretty much expected to do that with any site you want to do anything more sophisticated than reading a static page.
Supposedly, this configuration will be rolled into XP Service Pack 2 as well. No word on what Windows 2000 users get.
Of course, the spyware vendors will just add instructions that say "To play this game, click on Trusted Sites and add www.fuckyourcomputer.com". And the masses will obey.
And of course, Microsoft uses it as yet another marketing opportunity. Every single prompt and dialog involved trumpets "Microsoft's New Enhanced Security Configuration Initiative". As if we should be thankful to them for fixing holes that THEY caused in the first place.
CBS News, ABC News, and MSNBC all recommend (last paragraph, though, but don't mention the Microsoft fix) Mozilla or Opera. Yes, MSNBC recommends Moz and Opera, and doesn't mention a way to keep using IE, even though the MS in MSNBC stands for Microsoft.
No, now you read the headline as saying it 'endorses' the Mozilla family, which is not what it said. The headline said they recommend Mozilla. Yes, they do recommend against Internet Explorer and yes, they recommend Mozilla (among other browsers) as alternatives to Internet Exlorer. So, while the headline is quite Mozilla-centric, it is quite correct in stating they recommend Mozilla as alternative to Internet Explorer.
1) not that I know of
2) use the firefox password manager (it is built in)
3) try adding a bookmark to yahoo, removing the search criteria from the url and replacing it with %s. then assign it a keyword.
that way you can just type.. 'yahoo searchciteriahere'
4) groups of tabs. add the group of tabs to a bookmark folder, right click the folder and open all tabs
5) try the adblock firefox extention. it is on the extention website.
there has never been a better time to try it IMO
1 Ability of running any Windows shortcut or folder within the browser or explorer.
Firefox is a web browser. Are your computer running a web server, and if not, why would you expect your web browser to be able to 'explore' your folders in the browser view?. Try "Open file". There, you can "explore" and "open" at your leisure.
2) Autologin of websites (form filling-username, pass)
Security hazard. I don't care how much you think this is a great idea; it isn't. Sometimes us developers must protect you against yourselves.
3) Make your own search engines (like if I want to add yahoo maps and all i type is the destination)
I just put all the search engines I like in a HTML-page that is my default page. What you want is trivial to do in Opera BTW, and probably in FF too (after all, there's always the source, worst case).
4) "Groups" of websites that open in tabs at the same time
This is standard. Are you trolling? Open bookmark folder, click "Open in tabs". What a waste of time.
5) In-line Flash/Advertsing blocks
Plugin: Adblock
My piece, written for the non-techie masses, on why they should consider other browsers:
For the curious, here is the correct link.
Portable versions of Firefox, GIMP, LibreOffice, etc
read my post again. i never mentioned IIS and apache.
Specific browsers links are down the side but the first paragraph says: "Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it". I stirred things up at work by emailing this round :-)
Add:
* Increasing web access from mobile phones and PDAs - where the browser market is wide open. Opera is big and Nokia just pumped $$$ into Mozilla.
Actually there is an extension that will open external applications and folders.
n al app
http://texturizer.net/firefox/extensions/#exter
For a while, I had a Firefox shortcut in my Startup folder. Since I always log in and open Firefox, I figured why not. With this extension, I could open other apps right from the Firefox toolbar.
To open a folder, you have to open Windows Explorer with a location as an argument.
It's easier than it sounds. Really.
If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy. - James Madison
No, they did it quite reasonably, although the only mention of some alternatives is in a slashbox at the side.
to complete the answers you have so far
3. see here for documentation on how to make your own Mozilla search plugins.
5. Besides the already-mentioned Adblock plugin, use Flash Click To View to replace flash with a button you can 'click to view'.
It's going to have to happen, since IE will enforce MIME types starting in XP SP2.
I can't believe it's just me finding an ever growing number of sites not working with anything other than IE on Windows, but I rarely hear mention of this serious problem in any discussion of alternative browsers. Sites that used to work with Netscape/Mozilla are becoming ones that no longer do. Even IE on a Mac doesn't work on most problem sites. Here are just a few sites that have given me trouble: www.giantfood.com - shopping list no longer works without IE; www.washtimes.com - article text often eclipsed by ads - their solution when I called: use IE on Windows.; netbank.com - order a new Visa, Netscape disappears with no error message on submit. They said that they will fix it.; usa.canon.com - downloaded scanner/printer driver *installation* requires IE as default browser. No mention of this on site, it just won't work otherwise.; ebates.com - claims to work with Netacspe, but I never get credits when I do.; Many E-commerce sites I've tried do not function with anything other than IE on Windows.
Just as a note, Flash Click To View is now known as FlashBlock.
:)
Now there's good news and bad news about it. The bad news is, it hasn't been updated for v0.9. The good news is, it still works with 0.9 flawlessly (i'm running it right now). The only problem is it won't show up in your extensions menu, so disabling or removing it could be a pain.
Now I say could be, because if you grab a little gadget known as Show Old Extensions, FlashBlock and any other pre-0.9 extensions you have installed will appear in the extension menu just like magic (cue angels singing). Hurray!
Gotta love open source communities. Solutions for everything!
Since we're talking browsers, which ones are best to use?
.ISO.
/. rendering issue.
I personally prefer Opera. However, some prefer the Gecko browsers, especially Fire(random). Myself, I hate it, but it's a matter of personal taste, and I've never liked Netscape's products, even in the 1.x days.
Also, I just downloaded linux to make the switch.
What distribution by chance?
Unfortunately I just found that I no longer have any burner software on my windows box so I can make the switch..
VMWare is your friend. They offer a trial version, too. And, if the "hardware" doesn't play nice with your distro, try Microsoft(!) Virtual PC, again available in a trial version. You'll need Windows 2000 or XP, and a boatload of RAM (it will work with 256, but then you can only safely give your distro 128MB to play with).
GRRRR I guess I won't see MS bundle burner software free, eh?
Well, you CAN burn files to a CD using Windows XP, but it can't handle a
What are the preferred linux browsers? I've used konqueror before as well as firefox. But I see there is dillo.
Konqueror - Don't like KHTML one bit, and I think the UI is horrible on Konqueror.
Firefox - see my comment above
Dillo - That isn't in the same class as IE/Gecko (Moz, Firefox)/Opera/KHTML (Konq, Safari). It's a lightweight browser, but I think it's only HTML 3.0, and rendering isn't great at all. I personally think this is worse than the Firefox
Those are good examples. I ran Red Hat 6.2 and 7 but was not running wu-ftp or BIND, so they did not get me. I have run pro-ftp on my gateway machine, but I've been able to turn off most ports. This clearly demonstrates the value of user control and choice of software. As I recall, the BIND problem was fixed in a few days.
Friends don't help friends install M$ junk.
http://www.microsoft.com/security/incident/downloa d_ject.mspx
If Windows XP wasn't a nightmare running in limited mode, maybe they would've set it as the default.
And if developers didn't perpetuate the nightmare of having to run as Administrators, maybe we wouldn't have to run as admins. It seems to primarily be a problem with games and copy protection. Age of Mythology, for example, requires Administrator privileges to run due to its copy protection mechanism. Various other programs don't function well when run on a limited (regular Users) account, but I firmly believe it's a problem on the developer side. Hell, you can even debug programs using Visual Studio.NET as a regular user, as long as you add yourself to the Debuggers group.
Crap such as Winamp not working properly as non-admin (it seems to require writing to HKEY_LOCAL_MACHINE when HKEY_CLASSES_ROOT would suffice) shouldn't happen, and is what's preventing limited mode from being viable for most users.
If you're writing programs, PLEASE test it as a regular user!! Don't write to HKLM, don't write to Program Files, don't write to the Windows directory. Keep settings in HKEY_CURRENT_USER or in the Documents and Settings\Username\Application Data directory. Please.
findstr is the windows version of grep.
...]] /B Matches pattern if at the beginning of a line. /E Matches pattern if at the end of a line. /L Uses search strings literally. /R Uses search strings as regular expressions. /S Searches for matching files in the current directory and all /I Specifies that the search is not to be case-sensitive. /X Prints lines that match exactly. /V Prints only lines that do not contain a match. /N Prints the line number before each line that matches. /M Prints only the filename if a file contains a match. /O Prints character offset before each matching line. /P Skip files with non-printable characters. /OFF[LINE] Do not skip files with offline attribute set. /A:attr Specifies color attribute with two hex digits. See "color /?" /F:file Reads file list from the specified file(/ stands for console). /C:string Uses specified string as a literal search string. /G:file Gets search strings from the specified file(/ stands for console). /D:dir Search a semicolon delimited list of directories
/C. For example, 'FINDSTR "hello there" x.y' searches for "hello" or /C:"hello there" x.y' searches for
Searches for strings in files.
FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file]
[/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]]
strings [[drive:][path]filename[
subdirectories.
strings Text to be searched for.
[drive:][path]filename
Specifies a file or files to search.
Use spaces to separate multiple search strings unless the argument is prefixed
with
"there" in file x.y. 'FINDSTR
"hello there" in file x.y.
Regular expression quick reference:
. Wildcard: any character
* Repeat: zero or more occurances of previous character or class
^ Line position: beginning of line
$ Line position: end of line
[class] Character class: any one character in set
[^class] Inverse class: any one character not in set
[x-y] Range: any characters within the specified range
\x Escape: literal use of metacharacter x
\ Word position: end of word
For full information on FINDSTR regular expressions refer to the online Command
Reference.
- Have you ever noticed that the more you learn about technology, the more stupid you sound trying to explain it?
His first comment was: "it's a lot faster!"
Now if I could just get him to install Debian...
1) Ability of running any Windows shortcut or folder within the browser or explorer.
You absolutely do not want this. The mingling of file browser and web browser are what cause a huge number of IE security holes.
You could probably just set up a helper or something, but you don't want to. Really. Mozilla is not a file manager.
2) Autologin of websites (form filling-username, pass)
Exists, and I've seen it, but I don't know what plugin to use. IIRC Mozilla has this built-in.
3) Make your own search engines (like if I want to add yahoo maps and all i type is the destination)
Firefox rocks at this. Do a search, bookmark it, and replace the query text in the address field in the bookmark's properties with "%s", and then give it an alias (say, "gg"). If I did this with a Google search, I can just type "gg foobar" to Google for "foobar". I have imdb, google, and tons of other databases usable through Firefox directly. Absolutely wonderful.
4) "Groups" of websites that open in tabs at the same time
Create a folder in your bookmarks, and choose the menu item "open in tabs" for that folder under the Boomarks menu in Firefox.
5) In-line Flash/Advertsing blocks (I noticed one of Achilles' Heels of FF is that it eats
cpu like crazy when flash is used on the page)
You want Click to View.
May we never see th
I have been using Opera for a couple of years.
After gaining a bit of comfort for Opera, I disabled Internet Exploder. I disabled all features, everyone, ActiveXploiter, Java, Javascript, etc., and then set the proxy for all protocols to 127.0.0.1 port 7777 which means it can't access anything.
I also do almost everything from an account (WinXP lite) without admin privs which means some apps don't work because they can't access the registry.
Yesterday while browsing the net, the system really slowed down and I found from a netstat that there were hundreds of connections to all sorts of IP addresses to Microsoft-DS (445). Although I had recently updated the patches, I discovered after fighting to kill off the processes generating these connections that there were seven more "critical updates". I'm normally looking at all sorts of websites doing research on a dozen different, but social policy related topics, so I had a lot of web pages active and I have no idea which of a dozen or more might have been the source of the infection.
Bottom line:
-Microsoft sucks
-I don't know how and don't have the info to figure it out, but even with IE disabled and using Opera, its still possible to get infected
-Microsoft sucks