Support NeoGAF

[Fallopian Tube]

The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser.

On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of "significant vulnerabilities" in technologies embedded in IE.

"There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME-type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites," US-CERT noted in a vulnerability note.

http://www.internetnews.com/security/article.php/3374931

 

[Escape Goat]

FIREFOX!!!!

omgwtf!

 

[The Bookerman]

Firefox I luv you.

 

[pestul]

LMFAO

Of course.. 3 years from now when everyone's using Mozilla, the same advisory will come out.

 

[StrikerObi]

 

[Bregor]

CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack.

http://www.washingtonpost.com/wp-dyn/articles/A6746-2004Jun25.html

 

[xsarien]

Way ahead of the Government on this one...

 

[Mama Smurf]

I'm using Opera just because it's the only one I could remember when my IE kept sending me to porn sites when I clicked on normal links, but should I be using Firefox/Mozilla instead?

 

[pestul]

This is huge... man. I think we need some owned pics..

 

[Dujour]

/me lays firefox

 

[Bregor]

I'm using Opera just because it's the only one I could remember when my IE kept sending me to porn sites when I clicked on normal links, but should I be using Firefox/Mozilla instead?

If you mean is one of them more secure than the other? No. Both are superior to IE, however.

 

[Mama Smurf]

Speaking of Opera, is there anyway to make it remember websites I go to longer? What I mean is when you type the first few letters of a site into the address bar, the rest of the address pops upa nd you just have to click on it....but Opera seems to forget these sites after about a day of not going to them.

It really annoys me, IE seemed to remember them forever.

 

[Zaptruder]

File > Preferences > History and Cache

Typed in addresses... only goes upto 500. (probably default @ 200)

 

[Deg]

Speaking of Opera, is there anyway to make it remember websites I go to longer? What I mean is when you type the first few letters of a site into the address bar, the rest of the address pops upa nd you just have to click on it....but Opera seems to forget these sites after about a day of not going to them.

Check your settings. You might have set it on empty after exit or something.

 

[DarienA]

Way ahead of the Government on this one...

 

[Mama Smurf]

Cheers guys.

 

[Deg]

Click pic:



ftp://ftp.opera.com/pub/opera/win/751/en/java/ow32enen751j.exe

 

[Deg]

File > Preferences > History and Cache

Typed in addresses... only goes upto 500. (probably default @ 200)

500 is too much. I use 50 myself.

500 also slows down the browser on slower pc's as you fill it up.

 

[Suerte]

I'm sure there are just as many flaws in Firefox/Opera it's just that hackers and virus authors don't bother to find them since not as many people use them...

 

[Suikoguy]

*downloads oprah*

 

[Scalemail Ted]

So what's the best alternative browser to use???

Firefox? Opera? Get a Mac?

 

[Suikoguy]

I'm sure there are just as many flaws in Firefox/Opera it's just that hackers and virus authors don't bother to find them since not as many people use them...

Maybe, but I would not be surprised if there are considerably less flaws.

 

[Mashing]

Welp, I'm a firefox supporter all the way now... I love tabbed browsing and the download manager. Oh and no popups is a plus.

I converted just days before that malware was discovered.

 

[Bishman]

 

[Kon Tiki]

I'm sure there are just as many flaws in Firefox/Opera it's just that hackers and virus authors don't bother to find them since not as many people use them...

Well Opera/Firefox do not use Active-X nor are embedded to the OS. Whatever flaws FireFox/Opera do have will never amount to the seriousness of MSIE's flaws.

 

[Deg]

I'm sure there are just as many flaws in Firefox/Opera it's just that hackers and virus authors don't bother to find them since not as many people use them...

Occasionaly they do actually but IE is also just much worse for various reasons not just because its the most popular.

*downloads oprah*

Yeah spend some tinkering around when you first try it Mess around with the look and choose the features you want displayed. The deafult shows alot but you might want to get rid of or change some stuff around. You'll learn over time.

Some examples: You can get rid of the bars on the side.

Or go lean

 

[Matrix]

*hugs ibook*

 

[Fallopian Tube]

http://www.securityfocus.com/bid/title/

Known flaws in IE 6 SP1.

2004-06-24: Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass Vulnerability
2004-06-22: Multiple Browser URI Obfuscation Weakness
2004-06-21: Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability
2004-06-16: Microsoft Internet Explorer HREF Save As Denial of Service Vulnerability
2004-06-15: Microsoft Internet Explorer Wildcard DNS Cross-Site Scripting Vulnerability
2004-06-10: Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness
2004-06-10: Multiple Microsoft Internet Explorer Script Execution Vulnerabilities
2004-06-07: Microsoft Internet Explorer URL Local Resource Access Weakness
2004-06-04: Microsoft Internet Explorer ITS Protocol Zone Bypass Vulnerability
2004-05-25: Multiple Vendor URI Protocol Handler Arbitrary File Creation/Modification Vulnerability
2004-05-18: Microsoft Internet Explorer CSS Style Sheet Memory Corruption Vulnerability
2004-05-15: Microsoft Internet Explorer http-equiv Meta Tag Denial of Service Vulnerability
2004-05-14: Microsoft Internet Explorer Codebase Double Backslash Local Zone File Execution Weakness
2004-05-14: Microsoft Internet Explorer Double Backslash CHM File Execution Weakness
2004-05-14: Microsoft Internet Explorer Interface Spoofing Vulnerability
2004-05-11: Microsoft Internet Explorer Unconfirmed Memory Corruption Vulnerability
2004-05-10: Microsoft Internet Explorer Embedded Image URI Obfuscation Weakness
2004-04-30: Microsoft Internet Explorer Meta Data Foreign Domain Spoofing Vulnerability
2004-04-17: Microsoft Internet Explorer Object Element Data Denial Of Service Vulnerability
2004-04-12: Microsoft Internet Explorer Bitmap File Processing Denial of Service Vulnerability
2004-04-07: Microsoft Internet Explorer Remote IFRAME Denial Of Service Vulnerability
2004-04-06: Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
2004-04-06: Microsoft Internet Explorer MSWebDVD Object Denial of Service Vulnerability
2004-04-01: Microsoft Internet Explorer HTML Form Status Bar Misrepresentation Vulnerability
2004-03-29: Microsoft Internet Explorer Shell: IFrame Cross-Zone Scripting Vulnerability
2004-03-26: Multiple Vendor Internet Browser Cookie Path Argument Restriction Bypass Vulnerability
2004-03-08: Multiple Vendor HTTP Response Splitting Vulnerability
2004-03-04: Microsoft Internet Explorer Script URL Cross-Domain Access Violation Vulnerability
2004-03-04: Microsoft Internet Explorer window.open Search Pane Cross-Zone Scripting Vulnerability
2004-03-04: Microsoft Internet Explorer window.open Media Bar Cross-Zone Scripting Vulnerability
2004-02-27: Microsoft Internet Explorer Cross-Domain Event Leakage Vulnerability
2004-02-11: Microsoft Internet Explorer Unauthorized Clipboard Contents Disclosure Vulnerability
2004-02-10: Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability
2004-02-09: Microsoft Internet Explorer LoadPicture File Enumeration Weakness
2004-02-03: Microsoft Internet Explorer NavigateAndFind() Cross-Zone Policy Vulnerability
2004-02-02: Multiple Browser URI Display Obfuscation Weakness
2004-02-02: Microsoft Internet Explorer BackToFramedJPU Cross-Domain Policy Vulnerability
2004-02-02: Microsoft Internet Explorer Window.MoveBy/Method Caching Mouse Click Event Hijacking Vulnerability
2004-01-27: Microsoft Internet Explorer CLSID File Extension Misrepresentation Vulnerability
2004-01-02: Microsoft Internet Explorer Malicious Shortcut Self-Executing HTML Vulnerability
2003-12-30: Microsoft Internet Explorer HTTP Referer Information Disclosure Vulnerability
2003-12-30: Microsoft Internet Explorer showHelp CHM File Execution Weakness
2003-12-23: Microsoft Internet Explorer File Download Warning Bypass Vulnerability
2003-11-26: Microsoft Internet Explorer Invalid ContentType Cache Directory Location Disclosure Weakness
2003-11-26: Microsoft Internet Explorer Double Slash Cache Zone Bypass Vulnerability
2003-11-17: Microsoft Internet Explorer ExecCommand Cross-Domain Access Violation Vulnerability
2003-11-17: Microsoft Internet Explorer Function Pointer Override Cross-Domain Access Violation Vulnerability
2003-11-11: Microsoft Internet Explorer XML Object Zone Restriction Bypass Vulnerability
2003-11-11: Microsoft Internet Explorer DHTML Drag and Drop Local File Saving Vulnerability
2003-11-08: Microsoft Internet Explorer Self Executing HTML Arbitrary Code Execution Vulnerability
2003-11-05: Microsoft Internet Explorer Local Resource Reference Vulnerability
2003-10-22: Microsoft Internet Explorer Scrollbar-Base-Color Partial Denial Of Service Vulnerability
2003-10-09: Microsoft Windows Media Player IE Zone Access Control Bypass Vulnerability
2003-10-09: Microsoft Windows Media Player Automatic File Download and Execution Vulnerability
2003-10-08: Microsoft Internet Explorer XML Page Object Type Validation Vulnerability
2003-10-08: Microsoft Internet Explorer %USERPROFILE% File Execution Weakness
2003-10-04: Microsoft Internet Explorer Absolute Position Block Denial Of Service Vulnerability
2003-10-04: Microsoft Internet Explorer Browser Popup Window Object Type Validation Vulnerability
2003-09-02: Microsoft mshtml.dll Library GIF Image Handling Denial of Service Vulnerability
2003-09-02: Microsoft Internet Explorer Object Type Validation Vulnerability
2003-08-26: Microsoft Internet Explorer BR549.DLL ActiveX Control Buffer Overflow Vulnerability
2003-08-26: Microsoft Internet Explorer Zone Restriction Bypass Script Execution Vulnerability
2003-08-26: Microsoft Internet Explorer OBJECT Tag Buffer Overflow Vulnerability
2003-08-04: Microsoft Internet Explorer Self Executing HTML File Vulnerability
2003-07-29: Microsoft Internet Explorer CLASSID Variant Denial Of Service Vulnerability
2003-07-14: Microsoft Internet Explorer window.createPopup Interface Spoofing Vulnerability
2003-07-13: Microsoft Internet Explorer AutoScan Method Browser Security Policy Violation Weakness
2003-07-07: Microsoft Internet Explorer Custom HTTP Error HTML Injection Vulnerability
2003-07-02: Microsoft Internet Explorer Remote URLMON.DLL Buffer Overflow Vulnerability
2003-06-04: Microsoft Internet Explorer Classic Mode FTP Client Cross Domain Scripting Vulnerability
2003-06-04: Internet Explorer file:// Request Zone Bypass Vulnerability
2003-05-30: Microsoft Internet Explorer False URL Information Vulnerability
2003-05-27: Microsoft Internet Explorer Malformed JavaScript Denial of Service Vulnerability
2003-05-05: Microsoft Internet Explorer DHTML AnchorClick Partial Denial Of Service Vulnerability
2003-05-02: Microsoft Internet Explorer Plugin.OCX EnableFullPage Input Validation Vulnerability
2003-05-02: Microsoft Internet Explorer Plugin.OCX Load() Method Buffer Overflow Vulnerability
2003-04-23: Microsoft Internet Explorer dragDrop Method Local File Reading Vulnerability
2003-04-23: Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability
2003-04-21: Microsoft Internet Explorer Self-Referential Object Denial of Service Vulnerability
2003-03-12: Microsoft Internet Explorer .MHT File Buffer Overflow Vulnerability
2003-02-13: Microsoft Internet Explorer ShowHelp Arbitrary Command Execution Vulnerability
2003-02-13: Microsoft Internet Explorer Dialog Box Cross-Domain Violation Vulnerability
2002-12-26: Microsoft Internet Explorer Multimedia Page Cross-Site Scripting Vulnerability
2002-12-04: Multiple Microsoft Internet Explorer Cached Objects Zone Bypass Vulnerability
2002-11-22: Microsoft Data Access Components RDS Buffer Overflow Vulnerability
2002-11-21: Microsoft Internet Explorer HTML Same Origin Policy Violation Vulnerability
2002-11-19: Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability
2002-11-06: Microsoft Internet Explorer Document Reference Zone Bypass Vulnerability
2002-09-23: Microsoft Internet Explorer SSL Certificate Expiration Vulnerability
2002-09-17: Microsoft Internet Explorer URI Handler Restriction Circumvention Vulnerability
2001-04-18: MS Windows Explorer and Internet Explorer CLSID File Execution Vulnerability


Opera 7.51. (fixed in 7.52- internat beta test)

2004-06-22: Multiple Browser URI Obfuscation Weakness


Firefox 9rc. (not sure if its been fixed in the new version)

2004-06-14: Mozilla Browser URI Obfuscation Weakness

 

[Spiritreaver]

Haha, hilarious. Majority of people here have already gone away from IE though obviously. I'm one of the few Mozilla (suite) supporters.

 

[Kon Tiki]

Nice catch.

 

[xsarien]

You people and your "Opera."

Meh. This is the only way to travel the information superhighway:

 

[Deg]

You people and your "Opera."

Meh. This is the only way to travel the information superhighway:

Opera is just better, faster and more stable.

I was a firefox fan before. If you want to get more out of Firefox use Opera for a while and then download the relevant extensions in firefox.

 

[Fallopian Tube]

Fun page, every version of every browser ever made. http://browsers.evolt.org/

 

[Hitokage]

I'm sure there are just as many flaws in Firefox/Opera it's just that hackers and virus authors don't bother to find them since not as many people use them...

Nice handwaving. Anyway, Firefox, being open source, is all about hackers finding flaws and quick turnaround time... the hackers being the developers, that is.

 

[Vennt]

It's more than just handwaving Hito, it's inaccurate due to the different design philosophies between alternative browsers and "Internet Exploiter"

The alternatives have been designed from the ground up to be web-browsers, IE was designed to be an "application platform". it is the extra "functionality" (ha!) that is the cause of the majority of IE's flaws, The whole BHO model was destined to failure and insecurity, MS's whole "trusted zone/internet" confusing rubbish only compounds the problem for Mr Joe Average. (Stupid MS, stupid!).

I also feel slightly sorry for those that will read this advisory and think "great, I don't use IE, I'm safe" when in truth they may well be equally insecure due to reliance on either an embedded IE control in an application or one of the IE-based browsers such as Avant.

I'm a Mozilla suite person myself, I'll probably switch to Firefox & Thunderbird when they reach 1.0 (Sorry, I had too many bad experiences during the Mozilla pre1.0 betas to jump in early, and Moz is fine for now)


Freeburn

 

[Cauliflower of Love]

Microwned.








*sorry

 

[Thaedolus]

*closes IE
*Opens Firefox

No more ignoring elitist bastards because they're elitist bastards...

 

[MrPing1000]

Thats great Fallopian Tube btw your avatar scares the crap outta me

 

[Desperado]

I must be the only person on earth who uses netscape...meh its good enough for me. =P

 

[StrikerObi]

I must be the only person on earth who uses netscape...meh its good enough for me. =P

Netscape is just Mozilla... only fucked up.

 

[maharg]

Haha, hilarious. Majority of people here have already gone away from IE though obviously. I'm one of the few Mozilla (suite) supporters.

[mono]
Internet Explorer 56.71%
Mozilla 33.32%
Opera 5.90%
Netscape 2.27%
Safari 1.74%
Konquerer 0.04%
Galeon 0.02%
Mozilla Compat <0.01%
Unknown <0.01%
[/mono]

Personally, I really wish someone would make a *really* lightweight browser for Windows. Something more along the lines of Konquerer and Safari than the bloat of both IE and Mozilla derivatives (yes, including Firefox imo).

 

[Pattergen]

*hugs ibook*

 

[fart]

MICROSOFT: TOTALLY NOT A MONOPOLY.

 

[Phoenix]

This is huge... man. I think we need some owned pics..

 

[Kon Tiki]

Personally, I really wish someone would make a *really* lightweight browser for Windows. Something more along the lines of Konquerer and Safari than the bloat of both IE and Mozilla derivatives (yes, including Firefox imo).

4.1 MB is too much?

A friend of mine made a browser that was 24KB. :/

 

[maharg]

4.1 MB is too much?

A friend of mine made a browser that was 24KB. :/

Such focus on download size. Has nothing to do with it. I'm talking about the weight of the running application. How much of an impact running it has on your computer, in terms of memory and computational resources, and all the windows browsers fail this test imo.

 

[Phoenix]

I'm sure there are just as many flaws in Firefox/Opera it's just that hackers and virus authors don't bother to find them since not as many people use them...

This argument is about as tired as the hookers in vegas.

Hackers and virus writers usually aren't finding these exploits, security organizations and businesses are finding them and reporting them. Security organizations have a vested interest in finding exploits in operating systems and browsers and find them all the time in Linux, 'zilla browsers, and OSX. The difference is that this particular exploit was reported almost a year ago and Microsoft has yet to fix it whereas its rare for a critical exploit of this nature to survive more than a couple of weeks under even the harshest conditions in the later mentioned products.

Its not that the bugs aren't found, its what you do about them when the ARE found. In most cases these things are reported and then hackers, kiddies, and virus writers build exploits for them. The problem is that Microsoft has sucked at getting things fixed that people have ample time to build and exploit and put it into the wild long before Microsoft issues a fix.

 

[fart]

maharg: fuck it just use lynx

 

[Memles]

Trying Firefox now...is it anal to be annoyed by the littlest of things? I mean, the scroll speed is different, and the little blinking line showing my position in this message is more intrusive than usual.

 

[Kon Tiki]

Trying Firefox now...is it anal to be annoyed by the littlest of things? I mean, the scroll speed is different, and the little blinking line showing my position in this message is more intrusive than usual.

Welcome to the world of extentions.

http://update.mozilla.org/extensions/

You can fix the scroll speed.