Slashdot Mirror

← Back to Stories (view on slashdot.org)

CERT Recommends Mozilla, Firefox

Posted by CmdrTaco on from the so-do-i dept.

EvilStein writes "According to this article, "CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera." Quite a statement from CERT - this is related to a fairly recent IIS or IE exploit that has already affected some high traffic web sites, such as the Kelley Blue Book website."

7 of 529 comments (clear)

  1. Confusing CERT and SANS? by shrubya · · Score: 5, Informative
    I think the journalist may have mixed up his notes. None of the recent CERT advisories mention Mozilla, Opera, or non-Windows OSes. However, friday's SANS report says:
    we recommend that you (*) install and maintain anti virus software (*) if possible turn off javascript, or use a browser other then MSIE until the current vulnerabilities in MSIE are patched.
  2. Re:CNET recommendation on mozilla by mnewton32 · · Score: 5, Informative

    Off-topic I know, but the site is using some Javascript code to check for Netscape 4 or Internet Explorer. It is then sending a browser-specific downloadable font to either of those browsers.
    The problem is that they are using a European character set, and just replacing the Latin characters with Telugu ones. This used to be acceptable practice, but now that all modern browsers support unicode and multiple character sets, it's really not necessary.
    You should contact the site owners and have them update the site. Who uses Netscape 4 any more?

  3. Theme+Firesomething IE "spoofing" tutorial :) by acariquara · · Score: 5, Informative

    1. Get Firesomething extension for Firefox 0.9
    2. In the dialog box, remove "Mozilla" vendor and add "Microsoft". Remove all prefixes also and add "Internet". Remove all names and add "_Explorer" (substitute the underline for a leading space). Enable the "single name mode". Apply.
    3. While you are at it, get the Luna Blue 0.4 theme from http://www.intraplanar.net/projects/lunablue/
    4. Adjust the icons so they look really like explorer. The order should be back, forward, STOP, RELOAD, home, separator, favourites, history, separator, mail, print
    5. Rename the shortcut to "Internet Explorer" and change the icon to the blue "e" (do this on the Desktop and Quick Launch bar as well)
    6. Never again worry about worms.

    --
    Dear aunt, let's set so double the killer delete select all
  4. But there is a (server side) patch by fudgefactor7 · · Score: 5, Informative

    This particular vulnerability has been patched for two months (MS04-011). Had the administrators applied that patch when it becase available this would have been half fixed. Then all you'd need to do is get an IE fix. And then that would be the end of this particular issue. Since the patch existed before any known use of the exploit, the blame is squarely on the shoulders of two groups: (1) the malware author(s) themselves; and, (2) the lazy sysetm administrator too slow or stupid to deploy the patch in a timely manner.

    Really, this is an issue settled by termination of the employee responsible for not keeping a good record of patches and updates. Of course, that still leaves the IE problem, but with the IE team recently recreated, probably for Longhorn, but perhaps they're therer just to release an update to IE to fix this type of crap, we may see the end of these types of things. If only people would quite exploiting innocent code... Sadly, people left to their own devices will revert to base and vile activities, then add in the anonymity of the internet, you get the jerks who think it's fun to spoil the party for everyone.

  5. Re:Better security is not a myth. by PinkFreud · · Score: 5, Informative

    > Can anyone point to a single free software worm that auto propagated?

    How about the lion and ramen worms from 2001? Or how about the fact that someone is trying to convince phatbot/agobot to compile on Linux?

    Free software is not impervious to worms. However, due to the diversity of systems, it tends to be far more difficult to write a single exploit.

    Then again, Free Software tends to have patches pretty quickly, too. Where's Microsoft with the patch for this latest pair of vulnerabilities in IE?

  6. Re:When there's no other fix... by bhtooefr · · Score: 5, Informative

    CBS News, ABC News, and MSNBC all recommend (last paragraph, though, but don't mention the Microsoft fix) Mozilla or Opera. Yes, MSNBC recommends Moz and Opera, and doesn't mention a way to keep using IE, even though the MS in MSNBC stands for Microsoft.

  7. Re:Need help to migrate from IE (SlimBrowser) to F by Anonymous Coward · · Score: 5, Informative

    1 Ability of running any Windows shortcut or folder within the browser or explorer.

    Firefox is a web browser. Are your computer running a web server, and if not, why would you expect your web browser to be able to 'explore' your folders in the browser view?. Try "Open file". There, you can "explore" and "open" at your leisure.

    2) Autologin of websites (form filling-username, pass)

    Security hazard. I don't care how much you think this is a great idea; it isn't. Sometimes us developers must protect you against yourselves.

    3) Make your own search engines (like if I want to add yahoo maps and all i type is the destination)

    I just put all the search engines I like in a HTML-page that is my default page. What you want is trivial to do in Opera BTW, and probably in FF too (after all, there's always the source, worst case).

    4) "Groups" of websites that open in tabs at the same time

    This is standard. Are you trolling? Open bookmark folder, click "Open in tabs". What a waste of time.

    5) In-line Flash/Advertsing blocks

    Plugin: Adblock