Bob Lawrence
From:
Beaver Bank, Nova Scotia, Canada
|
Posted 10 Jan 2005 11:08 am |
|
Millions of Internet Explorer 6 users are at risk from three "extremely critical" security holes that give hackers open access to PCs running the browser -- even if Windows XP Service Pack Two has been installed.
The first issue centers on the browser's drag-and-drop capability, which does not validate new files correctly.
This means that, potentially, a document downloaded from a Web page using drag and drop may contain malicious code.
The other problems affect all Windows systems, including those protected by Local Computer zone lockdown, which comes with SP2.
The first allows specially designed (.hhk) files to be used to include malicious code on systems, and the second stems from a zone restriction error that could allow code to be downloaded form Web sites involuntarily.
At least one of the flaws was reported to Microsoft (Nasdaq: MSFT) last year, but no patches have so far been made available.
Security firm Secunia has released an advisory warning that the holes are "extremely critical" and recommends users dump IE and use an alternative browser.
"Although hundreds of millions of dollars have been spent on securing SP2, perfection is impossible. Through the joint effort of Michael Evanchik and Paul from Greyhats Security a very critical vulnerability has been developed that can compromise a user's system without the need for user interaction besides visiting the malicious page," Secunia warned in a statement.
© 2004 VNU Business Online Limited (UK). All rights reserved.
© 2004 ECT News Network. All rights reserved.
E-Mail Article Print Version Talkback Related Stories
Full Story: http://www.technewsworld.com/story/39528.html
===========================================
I have been working as a qualified computer tech since 1990 (I switched to the software and mangement side about 4 years ago) It is my personal view that there is no way to prevent security breaches 100 % and we may never see it in our life time. Many of you are not computer savy so I offer you a few tips:
1. Everyone should get their anti virus data files updated at lease once a week. The data files describe all of the known viruses. New viruss are developed and released every day. Having anti virus software on your PC is pointless unless you update the data files so that it knows about the new viruses.
2.You should run a program such as Microsoft® Windows AntiSpyware program weekly to check for spyware. Spyware can take control of your PC, collect passwords, collect info on you and your Internet usage. crash your system, etc....
You can read about the Microsoft® Windows AntiSpyware here:
http://steelguitarforum.com/Forum12/HTML/002202.html
3. You should change passwords often. Use a combination of letters and numbers. Don't use guessable passwords. Internet banking users should change their passwords everytime they encounter a security breach (Microsoft patch) or at least once a month or more often.
Firefox is another browser (there are others as well) that you could consider. It's not full proof either but has better performance and ** far fewer ** security issues than Microsoft IE.
Get it here: http://www.mozilla.org/products/firefox/
4. If you have any important data on your PC then back it up. You can use floppies, CDR's CDRW's DVD's, tape drives, USB Thumb drives. Email it to another account such as google(1 gb) etc... The question to ask yourself is not if you are going to loose data but when. So, Bakup often and you will be very happy that you did 
5. What if you have some info on your PC that could embarrase you or cause any type of financial loss or personal grief. Can't you just delete it? You can but unless you know the extra steps to take, an expert can retreive it. Don't ever put that type of info on a computer of any type. There is no 100% fullproof way to protect and it's difficult to get rid of it 100%. Quite often when data is deleted it can fully recovered by an expert with the right tools and it could come back to haunt you.
6. There are software and hardware devices that companies (as well as public PC's) use that track every move that you make on that PC. Be aware.
7. When you log into any chat systems as userName: xxx99eee or what ever cool name you use, you can still be tracked and identified.
Bob |
|
Gary Ulinskas
From:
San Diego, California, USA
|
Posted 12 Jan 2005 7:48 pm
|
|
Hi Bob;
I've lost 2 hard drives (and their attached computers) to viruses over the past 3 years so I got spooked. When I got my new XP, I signed up for a service called mailshell.com and anonymizer.com. I heard about these from the computer guru of a Los Angeles radio station KNX.
Essentially, what happens is that you no longer read e-mails or surf the web on your own computer. Once you log on, you do all that business on THEIR servers, which are kept up to date with the latest virus, spam and sypware stoppers. They also claim that since you are using THEIR server, noboby can trace your footsteps, etc. I know it works on e-mail because I have got e-mails with attachments that could not be opened because they contained something harmful.
The web surfing is a different story. At many times of the day, I would be surfing along and click on a link or bookmark and get a blank page with the comment; "Sorry, but our servers are too busy to handle your request at this time. Please try later." This happened so often, I have practically given up on anonymizer.com, but the mail service seems fine. |
|
