Re: U.S. Steers Consumers Away From IE
From: Zurab Davitiani (agt_at_mindless.com)
Date: 07/06/04
- Next message: Marek Kotowski: "Re: PHP scripts as EXE file?"
- Previous message: Geoff Berrow: "Re: Personality test using mySQL idea?"
- In reply to:(deleted message) Leythos: "Re: U.S. Steers Consumers Away From IE"
- Next in thread: Leythos: "Re: U.S. Steers Consumers Away From IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 06 Jul 2004 07:35:14 GMT
Leythos wrote:
> As they said, it's about Java Scripting - if you have it enabled then
> you are vulnerable. The key, even with IE, is to disable all scripting
> (java or ActiveX) in your IE Internet security zone, then set your IE
> Trusted Zone to Medium security. No pop-ups, nothing, works like a
> champ.
If you are referring to the recent execCommand flaw, then the problem is
ActiveX and the way Internet Explorer specifically fails to enforce the
security boundary between different domains. Check out the CERT description
of the vulnerability: http://www.kb.cert.org/vuls/id/326412
Disabling scripting in IE will render many websites useless or cripple them
in one way or another. Check out this article:
http://www.eweek.com/article2/0,1759,1619961,00.asp
> If you get to a site that doesn't work, because you disabled scripting,
> and it's a site you really want to trust, then add the site to your IE
> Trusted Zone - make sure you keep the Trusted Zone at MEDIUM, it
> defaults to LOW.
I don't have the IE handy to test this but wouldn't adding a site to trusted
zone and allowing scripting make that site vulnerable to the same
"injection?"
- Next message: Marek Kotowski: "Re: PHP scripts as EXE file?"
- Previous message: Geoff Berrow: "Re: Personality test using mySQL idea?"
- In reply to:(deleted message) Leythos: "Re: U.S. Steers Consumers Away From IE"
- Next in thread: Leythos: "Re: U.S. Steers Consumers Away From IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
