A new Internet virus has surfaced that allows hackers to steal passwords, credit card numbers and other personal information when someone merely visits an infected Web site, government computer security experts warned this week.
Hundreds of Web sites have been targeted by the virus, which exploits flaws in Microsoft Corp.'s Windows Internet software, according to an alert issued Thursday by the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.
Infected sites were programmed to connect people using the Microsoft Internet Explorer browser to a Web site that contains code allowing hackers to record what users type, such as passwords and credit card and Social Security numbers. The code then e-mails that information to the anonymous attackers.
The attack takes advantage of several recently discovered security flaws in Microsoft’s Internet browser and Internet Information Services Web software. Microsoft released a patch in April to fix one security hole in its Internet browser; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago.
CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser’s security settings to “high,” but that can impair some browsing functions.
Oh bite me, you oversensitive whiny puss! I snicker because of the incredibly long “Firefox” thread and how this points to the validity of many of the arguments therein. :lol:
How about the validity of the argument that IE is just as safe as Firefox if you just turn off ActiveX? Seriously, I don’t get what the big deal is here. People are willing to use a browser that requires them to go hunting for a dozen different extensions to get it to work the way they want, but god forbid if you have to open the “internet options” window and click on a checkbox in IE. Too hard!
CERT’s recommended security measure is a set of instructions for deactivating ActiveX, so I assumed that was the culprit. If it’s a Java thing, how does using Firefox help? Firefox runs Javascript, yes?
How is finding and installing Avant, MyIE2, etc… any different from finding and installing extensions?
Additionally, most non-obsessive users don’t need a dozen extentions, the stock browser is as usable, if not moreso, as IE. I run stock Firefox with one “needed” extension (ad blocker) and one “frill” extension (RSS reader). However, unlike IE, most extensions are easily findable via the application’s home page.
I agree. My comment was not so much intended to imply that installing and configuring Firefox is hard, but rather to say that turning off ActiveX in IE is equally simple.
Simply turning off ActiveX won’t protect you from the exploit in question, you need to turn off Active Scripting (Javascript in IE) which will make most interactive websites, such as Google’s Gmail innaccessible to you.
Simply turning off ActiveX won’t protect you from the exploit in question, you need to turn off Active Scripting (Javascript in IE) which will make most interactive websites, such as Google’s Gmail innaccessible to you.[/quote]M$ RELEASES NEW WORM TO BREAK GMAIL!
