Slashdot Mirror

← Back to Stories (view on slashdot.org)

CERT Recommends Mozilla, Firefox

Posted by CmdrTaco on from the so-do-i dept.

EvilStein writes "According to this article, "CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera." Quite a statement from CERT - this is related to a fairly recent IIS or IE exploit that has already affected some high traffic web sites, such as the Kelley Blue Book website."

20 of 529 comments (clear)

  1. Re:i agree with CERT by Tony+Hoyle · · Score: 4, Informative

    This from the Washington Post - which some joe users (at least those based in washington presumably) will be reading.

  2. When holes work together... by LostCluster · · Score: 4, Informative

    What seems to be novel about this attack is that it uses holes in both IIS and IE. When an IIS server is attacked, the payload is to compromise the site such that malicious code is inserted into every page with no outward sign that anything's wrong. That code in turn exploits a hole in IE to get onto a user's PC, which in turn goes looking for more IIS sites to compromise.

    This worm depends on there being flaws in both programs. It wouldn't be nearly as powerful if those two flaws couldn't be used in concert.

  3. Re:A list of sites by LostCluster · · Score: 4, Informative

    Netcraft reports that Yahoo runs FreeBSD and Earthlink runs Solaris so both of them can't possiby be spreading the worm. eBay runs IIS, but I doubt they've been hit or it'd be more widely reported.

  4. My experience with Firefox.. by kristofme · · Score: 4, Informative

    I switched a month ago from Outlook to Thunderbird, which went so well that I switched last week from IE to Firefox. Especially the ease of importing of previous Outlook/IE settings was astonishing!
    On the other hand, I found out that it is not that simple to get rid of IE though, a quick search reveals that it is not always simple[google].

  5. Re:A list of sites by One+Louder · · Score: 4, Informative

    According to some people, the exploit can be passed through complex banner ads hosted by servers using IIS - if that's true, then any site including such ads in their pages, including those not using IIS themselves, could still be vectors.

  6. Re:But... by 1001011010110101 · · Score: 4, Informative

    I use Outlook web access with no problem using Firefox, all the time. Sure, it doesn't use the active-x and it doesn't have all the bell and whistles, but all the functionality is pretty much there (Mail, calendar, etc).

  7. Re:A list of sites by lylonius · · Score: 4, Informative

    That is hard to say. Some Ad networks that were hit by this IIS problem had cascading problems throughout their distribution networks.

    One site that I host (FreeBSD/Apache) has many banner ads and popups. The logic of the site layout though, loads the ads first, then the site, so we appeared to be down.

    Also, the javascript used to spawn the popups were hosted externally also. Our XP users also went into an infinite loop of popups...

  8. Re:A list of sites by httptech · · Score: 4, Informative
    Yahoo, Earthlink and Ebay are not spreading the trojan; they are just the targets for the phishing the trojan performs. Sites like Kelly Blue Book and BuyMicro were actually spreading the trojan through compromised IIS servers.

    My writeup of the trojan and the incident is here:

    http://www.lurhq.com/berbew.html

  9. Confusing CERT and SANS? by shrubya · · Score: 5, Informative
    I think the journalist may have mixed up his notes. None of the recent CERT advisories mention Mozilla, Opera, or non-Windows OSes. However, friday's SANS report says:
    we recommend that you (*) install and maintain anti virus software (*) if possible turn off javascript, or use a browser other then MSIE until the current vulnerabilities in MSIE are patched.
  10. If you use IE just turn off active scripting by TheLink · · Score: 4, Informative

    And while you are at it you may wish to change the security settings for your "My Computer" zone.

    Read this:
    Description of Internet Explorer security zones registry entries

    Then edit the relevant key (if you don't know how, then you should just switch to using a different O/S or browser):

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu rr entVersion\Internet Settings\Zones\0

    Change Flags from 0x21 to 0x01 to make it visible.

    Once you do that you can more easily change the security settings for the My Computer zone.

    You could also add your own custom zone, but if you have to ask me how to do it, you shouldn't.

    Note that while disabling javascript and stuff in the My Computer zone protects you from numerous IE exploits[1], the web style windows explorer and other stuff require active scripting and other stuff to be enabled. So you would have to switch to the classic style. I don't see what benefits the web style has - other than make monitor/LCD vendors happy - it takes up more screen space.

    [1] many attacks involve cross zone exploits with the aim of running the exploit in the My Computer zone which has lower security levels by default - raising the security levels e.g. requiring prompts before active-X stuff is run, disabling active scripting (I see very little need for scripts to be enabled on locally stored HTML pages, heck I see very little need for most websites to use javascript).

    --
  11. Re:CNET recommendation on mozilla by mnewton32 · · Score: 5, Informative

    Off-topic I know, but the site is using some Javascript code to check for Netscape 4 or Internet Explorer. It is then sending a browser-specific downloadable font to either of those browsers.
    The problem is that they are using a European character set, and just replacing the Latin characters with Telugu ones. This used to be acceptable practice, but now that all modern browsers support unicode and multiple character sets, it's really not necessary.
    You should contact the site owners and have them update the site. Who uses Netscape 4 any more?

  12. Re:At least he didn't continue a myth. by secondsun · · Score: 4, Informative

    The Lion worm gave my University's Linux server's hell a couple of years back. They were al running unpached RedHat 7.3 and it wasn't pretty.

    --
    There is nothing wrong with being gay. It's getting caught where the trouble lies.
  13. Theme+Firesomething IE "spoofing" tutorial :) by acariquara · · Score: 5, Informative

    1. Get Firesomething extension for Firefox 0.9
    2. In the dialog box, remove "Mozilla" vendor and add "Microsoft". Remove all prefixes also and add "Internet". Remove all names and add "_Explorer" (substitute the underline for a leading space). Enable the "single name mode". Apply.
    3. While you are at it, get the Luna Blue 0.4 theme from http://www.intraplanar.net/projects/lunablue/
    4. Adjust the icons so they look really like explorer. The order should be back, forward, STOP, RELOAD, home, separator, favourites, history, separator, mail, print
    5. Rename the shortcut to "Internet Explorer" and change the icon to the blue "e" (do this on the Desktop and Quick Launch bar as well)
    6. Never again worry about worms.

    --
    Dear aunt, let's set so double the killer delete select all
  14. But there is a (server side) patch by fudgefactor7 · · Score: 5, Informative

    This particular vulnerability has been patched for two months (MS04-011). Had the administrators applied that patch when it becase available this would have been half fixed. Then all you'd need to do is get an IE fix. And then that would be the end of this particular issue. Since the patch existed before any known use of the exploit, the blame is squarely on the shoulders of two groups: (1) the malware author(s) themselves; and, (2) the lazy sysetm administrator too slow or stupid to deploy the patch in a timely manner.

    Really, this is an issue settled by termination of the employee responsible for not keeping a good record of patches and updates. Of course, that still leaves the IE problem, but with the IE team recently recreated, probably for Longhorn, but perhaps they're therer just to release an update to IE to fix this type of crap, we may see the end of these types of things. If only people would quite exploiting innocent code... Sadly, people left to their own devices will revert to base and vile activities, then add in the anonymity of the internet, you get the jerks who think it's fun to spoil the party for everyone.

  15. Re:Better security is not a myth. by PinkFreud · · Score: 5, Informative

    > Can anyone point to a single free software worm that auto propagated?

    How about the lion and ramen worms from 2001? Or how about the fact that someone is trying to convince phatbot/agobot to compile on Linux?

    Free software is not impervious to worms. However, due to the diversity of systems, it tends to be far more difficult to write a single exploit.

    Then again, Free Software tends to have patches pretty quickly, too. Where's Microsoft with the patch for this latest pair of vulnerabilities in IE?

  16. Re:When there's no other fix... by bhtooefr · · Score: 5, Informative

    CBS News, ABC News, and MSNBC all recommend (last paragraph, though, but don't mention the Microsoft fix) Mozilla or Opera. Yes, MSNBC recommends Moz and Opera, and doesn't mention a way to keep using IE, even though the MS in MSNBC stands for Microsoft.

  17. Re:Need help to migrate from IE (SlimBrowser) to F by beware1000 · · Score: 4, Informative

    1) not that I know of
    2) use the firefox password manager (it is built in)
    3) try adding a bookmark to yahoo, removing the search criteria from the url and replacing it with %s. then assign it a keyword.

    that way you can just type.. 'yahoo searchciteriahere'

    4) groups of tabs. add the group of tabs to a bookmark folder, right click the folder and open all tabs

    5) try the adblock firefox extention. it is on the extention website.

    there has never been a better time to try it IMO

  18. Re:Need help to migrate from IE (SlimBrowser) to F by Anonymous Coward · · Score: 5, Informative

    1 Ability of running any Windows shortcut or folder within the browser or explorer.

    Firefox is a web browser. Are your computer running a web server, and if not, why would you expect your web browser to be able to 'explore' your folders in the browser view?. Try "Open file". There, you can "explore" and "open" at your leisure.

    2) Autologin of websites (form filling-username, pass)

    Security hazard. I don't care how much you think this is a great idea; it isn't. Sometimes us developers must protect you against yourselves.

    3) Make your own search engines (like if I want to add yahoo maps and all i type is the destination)

    I just put all the search engines I like in a HTML-page that is my default page. What you want is trivial to do in Opera BTW, and probably in FF too (after all, there's always the source, worst case).

    4) "Groups" of websites that open in tabs at the same time

    This is standard. Are you trolling? Open bookmark folder, click "Open in tabs". What a waste of time.

    5) In-line Flash/Advertsing blocks

    Plugin: Adblock

  19. Re:A list of sites by Devi0s · · Score: 4, Informative

    findstr is the windows version of grep.

    Searches for strings in files.

    FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file]
    [/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]]
    strings [[drive:][path]filename[ ...]] /B Matches pattern if at the beginning of a line. /E Matches pattern if at the end of a line. /L Uses search strings literally. /R Uses search strings as regular expressions. /S Searches for matching files in the current directory and all
    subdirectories. /I Specifies that the search is not to be case-sensitive. /X Prints lines that match exactly. /V Prints only lines that do not contain a match. /N Prints the line number before each line that matches. /M Prints only the filename if a file contains a match. /O Prints character offset before each matching line. /P Skip files with non-printable characters. /OFF[LINE] Do not skip files with offline attribute set. /A:attr Specifies color attribute with two hex digits. See "color /?" /F:file Reads file list from the specified file(/ stands for console). /C:string Uses specified string as a literal search string. /G:file Gets search strings from the specified file(/ stands for console). /D:dir Search a semicolon delimited list of directories
    strings Text to be searched for.
    [drive:][path]filename
    Specifies a file or files to search.

    Use spaces to separate multiple search strings unless the argument is prefixed
    with /C. For example, 'FINDSTR "hello there" x.y' searches for "hello" or
    "there" in file x.y. 'FINDSTR /C:"hello there" x.y' searches for
    "hello there" in file x.y.

    Regular expression quick reference:
    . Wildcard: any character
    * Repeat: zero or more occurances of previous character or class
    ^ Line position: beginning of line
    $ Line position: end of line
    [class] Character class: any one character in set
    [^class] Inverse class: any one character not in set
    [x-y] Range: any characters within the specified range
    \x Escape: literal use of metacharacter x
    \ Word position: end of word

    For full information on FINDSTR regular expressions refer to the online Command
    Reference.

    --
    - Have you ever noticed that the more you learn about technology, the more stupid you sound trying to explain it?
  20. Re:Need help to migrate from IE (SlimBrowser) to F by 0x0d0a · · Score: 4, Informative

    1) Ability of running any Windows shortcut or folder within the browser or explorer.

    You absolutely do not want this. The mingling of file browser and web browser are what cause a huge number of IE security holes.

    You could probably just set up a helper or something, but you don't want to. Really. Mozilla is not a file manager.

    2) Autologin of websites (form filling-username, pass)

    Exists, and I've seen it, but I don't know what plugin to use. IIRC Mozilla has this built-in.

    3) Make your own search engines (like if I want to add yahoo maps and all i type is the destination)

    Firefox rocks at this. Do a search, bookmark it, and replace the query text in the address field in the bookmark's properties with "%s", and then give it an alias (say, "gg"). If I did this with a Google search, I can just type "gg foobar" to Google for "foobar". I have imdb, google, and tons of other databases usable through Firefox directly. Absolutely wonderful.

    4) "Groups" of websites that open in tabs at the same time

    Create a folder in your bookmarks, and choose the menu item "open in tabs" for that folder under the Boomarks menu in Firefox.

    5) In-line Flash/Advertsing blocks (I noticed one of Achilles' Heels of FF is that it eats
    cpu like crazy when flash is used on the page)

    You want Click to View.

    --
    May we never see th