TechSpot

More IE Flaws!

By Phantasm66
Jun 29, 2004
Topic Status:
Not open for further replies.
  1. Security experts have advised internet users to either turn off some Internet Explorer features or to use another browser. Unknown attackers who had taken control of several Web servers used the flaw last week to install a remote-access program, dubbed JS.Scob.Trojan, onto the PCs of visitors to those sites.

    "I hope that Microsoft will come up with a patch soon," said Johannes Ullrich, chief technology officer for the Internet Storm Center, a site that monitors network threats. "Until they do, you basically have two choices: Disable JavaScript in Internet Explorer or install another browser."

    More here.
     
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,916   +9

    Yeah right. No matter how many flaws it has, people using it won't switch. This was already seen in Time to Dump Internet Explorer. And if you disable scripting, many sites will stop working properly.
     
  3. ---agissi---

    ---agissi--- TechSpot Paladin Posts: 2,384   +15

    Yeah its funny how all these "flaws" never actually 'flaw' anything of mine or effect me in anyway.
     
  4. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,574

    I'll try not to bring up the point that other browsers lack so much that IE doesn't and how a simple firewall fixes this issue with (being attacked) and allows us to use a functional browser which has everything I need in one browser that all other browsers never can do correctly or just don't do at all. Not counting how ugly they all are (myIE2 looks alright though).

    Oops!
     
  5. Nic

    Nic TechSpot Paladin Posts: 1,928

    You sound like the smoker that said "well, smoking never did me any harm" then later died of lung cancer.

    Oh, and a firewall doesn't stop javascript from executing. Firewalls only block attacks that aren't the result of a response to a request from the client PC (i.e if your browser issued a request for a web page, which resulted in malicious code being downloaded as part of the response, then having a firewall won't help). Firewalls essentially stop a request (that originates from outside your PC) from reaching your system (e.g your browser, or other software).
     
  6. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,574

    Well I will have to go with Agissi and say how come if it's such an issue I haven't had a problem? All it takes is common sense.
     
  7. BrownPaper

    BrownPaper TS Rookie Posts: 467

    A software firewall will not do anything either if you allow IE permission to access the internet (which most people do).

    The firewall will not protect against malicious websites, etc. since you ok'ed it through the firewall.
     
  8. Nic

    Nic TechSpot Paladin Posts: 1,928

    A software firewall will allow your browser to access the web, but it will stop 'the web' from accessing your browser. The original request must start from the browser. Firewalls prevent access to your system if that access 'originates' from an external source.
     
  9. Nic

    Nic TechSpot Paladin Posts: 1,928

    Common sense? If you want to live up to that statement then follow the advisory (i.e. "Disable JavaScript in Internet Explorer or install another browser.").

    Did all those users that suffered from the 'Blaster' attack use good common sense (i.e they never had any problems before, so why should they have kept up to date with patches and thus prevented the problem?).

    The point being that hackers only start to target exploits once they know about them. Because of the security alert, then hackers are already aware of these issues and may decide to target users using newly discovered exploits. Does common sense prevail?
     
  10. Per Hansson

    Per Hansson TS Server Guru Posts: 1,930   +126 Staff Member

    acidosmosis; your point is seriously flawed.

    The issue talked about here is that many _major_ dot-com sites (including banks) where hacked into and got some javascript code appanded to their html files, so that whenever you requested any page on their site you also got back a Trojan that logged all your keystrokes.

    Since this trojan comes from the server you request the page from your firewall will _not_ block it!

    I suggest you read up on things before you make such claims as you do, I am sorry to be so harsh but this is a very serious issue. There is currently no patch for this flaw in Internet Explorer that other browsers are not affected of.

    Even CERT advised that you should not use Internet Explorer for this reason.
     
  11. ---agissi---

    ---agissi--- TechSpot Paladin Posts: 2,384   +15

    You pose a very good reply Nic, however I have a hard firewall in my router so thats probably why I dont seem to be having any hitches.
     
     
  12. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,574

    Eh, Nick.. only an ***** would disable JS. Then your browser isn't worth much more than this crap they call Firefox for example.

    And yes obviously I know what a firewall does, but the fact remains (and yes it is a fact) that a firewall and common sense is all you need to be completely fine. I've survived on the web for about 10 years with hardly any problems. And up until about 2 weeks ago, that was without a firewall, without turning anything off in IE, or doing any of these things the so called "experts" recommend.

    No offence to any of you guys, but if your having so many problems and are so scared that you have to switch browsers then you can't make it out like because you switched to another browser it makes you "smart". That only means you can't handle the heat and dont know how to avoid problems.
     
  13. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,574

    And I suggest you read what I said and quit making assumptions and turning my posts around into meaning something totally different.

    Who cares what IE is affected by, other than the general public. If your so afraid and get hit by exploits so much then you need to rethink your level of expertise. Period.
     
  14. Rick

    Rick TechSpot Staff Posts: 6,304   +52 Staff Member

    Hardware or software firewall isn't going to stop a scripted exploit through Internet Explorer.

    If you visit an "infected" website.. You've already accepted the connection. It isn't about connection, it's about scripts running on your computer.

    Disabling Javascript would probably be the only fix for this... Until a patch is released of course. A good virus scanner which scans Internet Explorer scripts before they executed would probably stop this too.
     
  15. ---agissi---

    ---agissi--- TechSpot Paladin Posts: 2,384   +15

    Ya or you could just not go to the sites with this crap.
     
  16. Rick

    Rick TechSpot Staff Posts: 6,304   +52 Staff Member

    haha.. Yep. :)

    I wonder which sites have been HaX0r3d?
     
  17. Last time I checked today, Firefox has Javascript.
     
  18. BrownPaper

    BrownPaper TS Rookie Posts: 467

    Last time I checked today, Firefox has Javascript.
     
  19. Nodsu

    Nodsu TS Rookie Posts: 9,431

    I think acidosmosis should be reminded that he was the one starting the infamous Blaster thread..

    You shouldn't make "common sense = no problems" claims when we all know that you have had issues.
     
  20. BrownPaper

    BrownPaper TS Rookie Posts: 467

    Common sense also suggests the principle, "better safe than sorry."

    Acid i do not know how continuing to use IE despite security warnings by security experts is common sense. Apparently, you do not believe in the credibility of these security experts so I guess there is nothing that will sway you from you position.
     
  21. Per Hansson

    Per Hansson TS Server Guru Posts: 1,930   +126 Staff Member


    Let me ask you one thing Acid, do you know the sites you visit so well that you can be 100% certain that they have not been hacked into without the siteadmin knowing it?

    The Internet Storm Center mentioned in one of their news diaries that major sites had been targeted.. Including banks. The only thing you would need to do is visit these hacked sites frontpage and you would be infected. No error message would be delivered by explorer or your computer and the site you visit would look exactly the same it did before the attack.

    Furthermore antivirus definitions where not available for these problems until several days after the initial attack, and as we all know the people creating these viruses/trojans only need to slightly change them so they are not detected by the latest AV definitions...

    Maybe you should quit making these assumptions? Firefox handles JavaScript very fine thank you. Plus it does it without the added benefit of allowing sites to install backdoor to your computer without any information.

    Yet again I want you to realize that a firewall would do nothing to stop this sort of attack we see here, since the file is downloaded from the server you request data from.


    Internet Explorer does not offer _any_ additional functionality compared to Opera or Firefox, the _only_ thing it offers is compability with sites that do not follow the W3C standard.

    Yet again, a firewall would _not_ stop this kind of attack we saw here from happening where a large number of websites where hacked into and got some javascript code appended dynamically to every html file the server serves to endusers.
     
  22. ---agissi---

    ---agissi--- TechSpot Paladin Posts: 2,384   +15

    Not too sure where all the post's went (including mine) but I'll say it again, just stick away from the sites with this stuff to mess you up, be cool like me, and you dont need to worry about all the reported flaws.
     
  23. Nic

    Nic TechSpot Paladin Posts: 1,928

    And exactly how do you tell which sites are/aren't infected? :blackeye:

    Maybe you are psychic, unlike the rest of us here, no? :confused:

    Seems to me that everything posted here went completely over your head. :rolleyes:
     
  24. young&wild

    young&wild TechSpot Chancellor Posts: 1,268

    Dude, i m just curious how do you know if a website is safe or not? We are talking about Java script here not like your ordinary virus attack that doesn't use Java script.

    I suggest you please READ Per's last post a few times thoroughly before posting ANY new comments.
     
  25. Rick

    Rick TechSpot Staff Posts: 6,304   +52 Staff Member

    I understand sticking with an argument.. That's what makes discussion fun. :)

    But there's a point where you have to throw in the towel. This point occurs when your argument is contested by fact.

    FACT: This exploit only affects IE users. Javascript can be run on most browsers. But this is an exploit which only takes advantage of IE's security flaws only. So other browsers are not susceptible (for the time being)

    FACT: A firewall does not stop javascript. That's up to you. However, a future security patch, disabling java script or an antivirus able to detect the exploit may prevent infection.

    FACT: You do not know all of the sites that are infected. The websites are bugged unknowingly by a hacker. Not even the web admin may know about the problem (otherwise it would probably be fixed...). So us individuals DEFINTELY don't know if a site has been compromised or not. Don't assume you do.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.