Feb 15th: New year new bugs

GEC: Discuss gaming, computers and electronics and venture into the bizarre world of STGODs.

Moderator: Thanas

User avatar
Crayz9000
Sith Apprentice
Posts: 7328
Joined: 2002-07-03 06:39pm
Location: Improbably superpositioned
Contact:

Post by Crayz9000 » 2004-10-30 03:37pm

Yo, somebody update the thread title PLEASE.

New Spoofing Flaw found in Internet Explorer, pre IE6 SP2
A new spoofing flaw in Microsoft's Internet Explorer browser allows an improperly coded web link to send users to a diffferent URL than the one displayed in the status bar.

The flaw, which was posted to the Bugtraq mailing list by Benjamin Franz, is exploited by placing two URLs and a table within a single HTML href tag, producing a link that looks like this:
http://www.microsoft.com
displaying http://www.microsoft.com in the browser, but sending the user to Google. Franz says the exploit works in fully-patched versions of Internet Explorer and Outlook Express, meaning the HTML code can be used to create spoofed URLs in webpages and HTML e-mails.

The technique, which can be executed by anyone with basic knowledge of HTML, can be used to construct convicing fake URLs for use in phishing scams. The flaw is possible because Internet Explorer has difficulty processing improperly formed HTML. The attack opens one href tag, and then leaves that tag open while enclosing a second URL within a table. The browser displays the first URL in the status bar, but sends users to the second URL.

The flaw affects versions of IE up to 6.0.2800.1106 - which includes systems that haven't yet installed Windows XP SP2, but are current on all other critical updates from Windows Update - as well as the Safari browser for Macs. Users running Windows XP SP2 (IE version 6.0.2900) and the open source Firefox and Mozilla browsers are not affected.
As of now, the only solution is to upgrade to Windows XP SP2 if you haven't done so already (impossible to do so if you run Windows 2000 or before), or don't use IE and Outlook Express. As usual.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2004-12-02 02:43am

New Cumulative patch for MS IE

Info Here
Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should install the update immediately.
Windows XP SP2 is NOT affected.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

User avatar
Jade Falcon
Jedi Council Member
Posts: 1705
Joined: 2004-07-27 06:22pm
Location: Jade Falcon HQ, Ayr, Scotland, UK
Contact:

Post by Jade Falcon » 2004-12-02 11:08am

I'm getting a prompt for that update. First off, I'm using Mozilla Firefox, and secondly I have Service Pack 2 installed anyway. Is there any way to basically just tell the upgrade program that I don't wish to install it.
Don't Move you're surrounded by Armed Bastards - Gene Hunt's attempt at Diplomacy

I will not make any deals with you. I've resigned. I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own - Number 6

The very existence of flame-throwers proves that some time, somewhere, someone said to themselves, You know, I want to set those people over there on fire, but I'm just not close enough to get the job done.

User avatar
Crayz9000
Sith Apprentice
Posts: 7328
Joined: 2002-07-03 06:39pm
Location: Improbably superpositioned
Contact:

Post by Crayz9000 » 2004-12-02 02:22pm

You could turn off Automatic Updating, since it's generally an annoyance, but in that case you should regularly check Windows Update.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF

User avatar
Ace Pace
Hardware Lover
Posts: 8349
Joined: 2002-07-07 03:04am
Location: Wasting time instead of money
Contact:

Post by Ace Pace » 2004-12-02 02:30pm

Crayz9000 wrote:You could turn off Automatic Updating, since it's generally an annoyance, but in that case you should regularly check Windows Update.
Automatic updates could also happen at the weirdest times, such as in the middle of a gaming tourney match.
Brotherhood of the Bear | HAB | Mess | SDnet archivist |

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2004-12-09 02:59am

New Browser Hi-Jack, all browsers are at risk.

Demo

Scary stuff this!
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

User avatar
Jade Falcon
Jedi Council Member
Posts: 1705
Joined: 2004-07-27 06:22pm
Location: Jade Falcon HQ, Ayr, Scotland, UK
Contact:

Post by Jade Falcon » 2004-12-09 12:23pm

Seems that I'm okay.
Don't Move you're surrounded by Armed Bastards - Gene Hunt's attempt at Diplomacy

I will not make any deals with you. I've resigned. I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own - Number 6

The very existence of flame-throwers proves that some time, somewhere, someone said to themselves, You know, I want to set those people over there on fire, but I'm just not close enough to get the job done.

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2004-12-14 03:03pm

Some security updates from Microsoft.

Summary for December

Critical flaw in MSIE

Wordpad is a risk!

A bunch of other updates at the first link but those shold not affect a home user.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2004-12-16 04:46am

Adobe Acrobat critical flaw:
TITLE:
Adobe Reader / Adobe Acrobat Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA13471

VERIFY ADVISORY:
http://secunia.com/advisories/13471/

CRITICAL:
Highly critical

IMPACT:
Exposure of sensitive information, System access

WHERE:
From remote

SOFTWARE:
Adobe Reader 6.x
http://secunia.com/product/1810/
Adobe Acrobat 6.x
http://secunia.com/product/1809/

DESCRIPTION:
Some vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose sensitive information or compromise a user's system.

1) A format string error within the eBook plug-in when parsing ".etd" files can be exploited to execute arbitrary code via a specially crafted eBook containing format specifiers in the "title" and "baseurl" fields.

2) Multiple vulnerabilities in libpng have been acknowledged, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA12219

3) An error within the handling of Flash files embedded in PDF documents can be exploited to read the content of files on a user's system.

For more information:
SA12809

The vulnerabilities have been reported in versions 6.0.0 through 6.0.2.

SOLUTION:
Update to version 6.0.3.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

User avatar
Darth Wong
Sith Lord
Sith Lord
Posts: 70027
Joined: 2002-07-03 12:25am
Location: Toronto, Canada
Contact:

Post by Darth Wong » 2004-12-16 10:28am

The KDE team has already patched the Window Injection Vulnerability in Konqueror. I just tested the patched version.
Image
"It's not evil for God to do it. Or for someone to do it at God's command."- Jonathan Boyd on baby-killing

"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC

"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness

"Viagra commercials appear to save lives" - tharkûn on US health care.

http://www.stardestroyer.net/Mike/RantMode/Blurbs.html

User avatar
Crayz9000
Sith Apprentice
Posts: 7328
Joined: 2002-07-03 06:39pm
Location: Improbably superpositioned
Contact:

Post by Crayz9000 » 2004-12-16 04:58pm

Darth Wong wrote:The KDE team has already patched the Window Injection Vulnerability in Konqueror. I just tested the patched version.
If that's the case, Safari should have a similar fix coming up soon, seeing as it's built on KHTML.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2004-12-27 05:36am

A christmas gift from Microsoft in the form of a critical bug

http://secunia.com/advisories/13645/
Microsoft Windows Multiple Vulnerabilities

Secunia Advisory: SA13645 Print Advisory
Release Date: 2004-12-25

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Unpatched

OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millenium
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows NT 4.0 Workstation
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference: CAN-2004-1305
CAN-2004-1306

Description:
Flashsky has reported some vulnerabilities in Microsoft Windows, allowing malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).

1) The vulnerability is caused due to an integer overflow in the LoadImage API which can be exploited to cause a heap based buffer overflow. This can be exploited through a website by using maliciously crafted icon, cursor, animated cursor, or bitmap files.

Successful exploitation allows execution of arbitrary code.

2) Some errors in the Windows Kernel when parsing ANI files may cause the system to crash. This can be exploited through specially crafted ANI files.

3) The vulnerabilities is caused due to a heap overflow and an integer overflow in "winhlp32.exe" when handling HLP files. This can be exploited through specially crafted HLP files.

Reportedly, all versions of Microsoft Windows are affected.

Issue 1 has been confirmed on a not fully updated Windows XP SP1 system. It has not been possible to confirm the vulnerability on a fully patched Windows XP SP1 system.

Solution:
Reportedly, Microsoft Windows XP with SP2 isn't vulnerable.

Do not visit untrusted websites and don't open documents from untrusted sources.
Just what I needed...

I don't have any demos of this exploit yet but it might be bad
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

Pcm979
Rabid Monkey
Posts: 4092
Joined: 2002-10-26 12:45am

Post by Pcm979 » 2004-12-27 06:20am

As a Mac OSX user, I proceed to laugh and thumb my noses at the MS-users. This takes a long time, what with the 5 billion-plus Windows users. My nose also starts to hurt.

Ah, what trials and tribulations await the unwary Mac user. :D

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2004-12-27 07:08am

Pcm979 wrote:As a Mac OSX user, I proceed to laugh and thumb my noses at the MS-users. This takes a long time, what with the 5 billion-plus Windows users. My nose also starts to hurt.

Ah, what trials and tribulations await the unwary Mac user. :D
Like This?
Secunia Advisory: SA13362 Print Advisory
Release Date: 2004-12-03

Critical:
Highly critical
Impact: Security Bypass
Spoofing
Exposure of sensitive information
Privilege escalation
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Apple Macintosh OS X
http://secunia.com/advisories/13362/

No os is bug free!
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

Pcm979
Rabid Monkey
Posts: 4092
Joined: 2002-10-26 12:45am

Post by Pcm979 » 2004-12-27 07:14am

I know no OS is bug free, but you can't sit there and type that OSX has anything like as many bugs as Windows with a straight face. Not if you're sane, anyway.

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2005-01-09 01:43am

A brand "new" IE Exploit is out.

Exploit Demo

This one uses ActiveX exploits.

Read all about it here:
http://secunia.com/advisories/12889/
Secunia Advisory: SA12889
Release Date: 2004-10-20
Last Update: 2005-01-07


Critical:
Extremely critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Unpatched
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2005-01-13 04:38am

Faram wrote:A brand "new" IE Exploit is out.

Exploit Demo

This one uses ActiveX exploits.

Read all about it here:
http://secunia.com/advisories/12889/
Secunia Advisory: SA12889
Release Date: 2004-10-20
Last Update: 2005-01-07


Critical:
Extremely critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Unpatched
A bunch of updates released last Tusday

Microsoft.com

Fixes some of this active-x mess 2 of 3...

Get them from windowsupdate.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2005-02-04 02:48am

Advance Notification

Get ready for a shitload load of patches Feb 8

• 9 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart.

• 1 Microsoft Security Bulletin affecting Microsoft SharePoint Services and Office. The greatest aggregate, maximum severity rating for this security bulletin is Moderate. These updates may or may not require a restart.

• 1 Microsoft Security Bulletin affecting Microsoft .NET Framework. The greatest aggregate, maximum severity rating for this security bulletin is Important. This update will require a restart.

• 1 Microsoft Security Bulletin affecting Microsoft Office and Visual Studio. The greatest aggregate, maximum severity rating for this security bulletin is Critical. These updates will require a restart.

• 1 Microsoft Security Bulletin affecting Microsoft Windows, Windows Media Player, and MSN Messenger. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates will require a restart.

No additional details about bulletin severities or vulnerabilities will be made available until February 8, 2005.

Guess I have some overtime soon...

And thank you Bill Gate$, don't release the patches ASAP no let the sysadmins worry about the systems for a week.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

User avatar
Ace Pace
Hardware Lover
Posts: 8349
Joined: 2002-07-07 03:04am
Location: Wasting time instead of money
Contact:

Post by Ace Pace » 2005-02-04 03:44am

Argh, okey, stupid question: Could I install everything at once? or will I have to install first some stuff, restart, install other stuff, restart, install final?
Brotherhood of the Bear | HAB | Mess | SDnet archivist |

Psycho Smiley
Keeper of the Lore
Posts: 833
Joined: 2002-09-08 01:27pm
Location: Soviet Canuckistan

Post by Psycho Smiley » 2005-02-04 05:24am

Usually you need to reboot each time. Bad enough for you and me, but pisses off the sysadmins to no end.
An Erisian Hymn:
Onward Christian Soldiers, / Onward Buddhist Priests.
Onward, Fruits of Islam, / Fight 'till you're deceased.
Fight your little battles, / Join in thickest fray;
For the Greater Glory / of Dis-cord-i-a!
Yah, yah, yah, / Yah-yah-yah-yah plfffffffft!

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2005-02-04 08:47am

Psycho Smiley wrote:Usually you need to reboot each time. Bad enough for you and me, but pisses off the sysadmins to no end.
Well this thread is getting spammy.

But anyways qchain.exe is the tool of choise for multiple installations of hotfixes.

qchain.exe info

And also qfecheck.exe is a great timesaver

qfecheck.exe Info

If anyone wants a quik tutorial in the use of those tools pm me.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

User avatar
Xon
Sith Acolyte
Posts: 6206
Joined: 2002-07-16 06:12am
Location: Western Australia

Post by Xon » 2005-02-04 09:13am

Ace Pace wrote:Argh, okey, stupid question: Could I install everything at once? or will I have to install first some stuff, restart, install other stuff, restart, install final?
All of these patches can be DLed and installed all at once via the Windows Updates website.

There are very few updates which require to be installed by themselves. DirectX 9c is the only one I can remember recently.
Psycho Smiley wrote:Usually you need to reboot each time. Bad enough for you and me, but pisses off the sysadmins to no end.
Not really. Queue all the patches to be downloaded & installed roughly at the same time overnight/early morning and the machine is backup before anyone is in.

You can use wake-on-lan + scheduled jobs to wake computers which are off.

Any distributed programming should be able to handle a node going down, and no one should expect 100% update for desktops, if nothing else having lots of people working around them can cause stuff to break.

As for servers, if you really need the update do it when there is no one around or have multipule redundant servers.
"Okay, I'll have the truth with a side order of clarity." ~ Dr. Daniel Jackson.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2005-02-08 01:46pm

Latest Security Bulletins - Released on February 8, 2005

MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
MS05-014: Cumulative Security Update for Internet Explorer (867282)
MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834)
MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302)
MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)
MS05-005: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
MS05-004: ASP.NET Path Validation Vulnerability (887219)
http://www.microsoft.com/technet/Security/default.mspx

Do the update dance.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

User avatar
Crayz9000
Sith Apprentice
Posts: 7328
Joined: 2002-07-03 06:39pm
Location: Improbably superpositioned
Contact:

Post by Crayz9000 » 2005-03-14 07:08pm

There's a new exploit spreading that uses Java to get around the alternative browser protection of MSIE. It affects every single browser that runs Java: see The Register, and the VitalSecurity report.

The solution for this is to CLICK NO IF YOU ARE PROMPTED. The Java sandbox mechanism is working just fine in this case, and prompting the user before the sandbox is breached. So if you deny it access, you will not be infected.

So, happy browsing. Oh, yeah, and this doesn't affect non-Win32 platforms because the Java installer does nothing besides download a Windows EXE.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF

User avatar
Faram
Bastard Operator from Hell
Posts: 5270
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram » 2005-04-12 02:47pm

[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius

Post Reply