|
|
|
Internet Explorer Is Too Dangerous to Keep Using
By: Steven Vaughan-Nichols
2004-06-28
Article Rating:  / 3
There are 0 user comments on this Linux & Open Source story.
Internet Explorer Is Too Dangerous to Keep Using (
Page 1 of 2 ) Opinion: Although Linux & Open Source Editor Steven J. Vaughan-Nichols once used IE on his Windows machines, he now finds Microsoft's browser seriously insecure and endorses open-source ones instead.OK, I confess it: Ive used Internet Explorer a lot. After being a die-hard Netscape user, I finally got fed up with the sheer bulk of that browser and started using Internet Explorer on my Windows machines.
As time went on and open-source Mozilla matured, I started using Mozilla as my main Linux Web browser and as my secondary Windows browser. This past Friday, though, I started installing Firefox, the browser-only side of Mozilla, on every one of my production Windows machines.
Why? Because Internet Explorer, like Outlook, has finally become, to my mind, a permanent security hole that masquerades as a useful application.
Strong words? Have you really thought about this latest exploit? It could hit every Internet Explorer (IE) browser that merely visited any page served by an infected Microsoft IIS (Internet Information Server).
No anti-virus program would stop it, no firewall would slow it down and no shipping IE security patch would even notice it. Visit the page, get the infection. It was that simple.
Oh, but the few thousand people running Release Candidate 2 of Windows XP Service Pack 2 were not vulnerable to the client-side attack. And if you were one of the very few people who had all of the current critical patches installed and were running IE with its security settings at "high," youd be OK. That leaves, oh, say, 95 percent of all IE users wide open to this attack. I feel so much better now.
And just how bad was this attack? Boys and girls, let me tell you, this was the worst security violation I have ever seen. But dont take my word for it.
Johannes Ullrich, a handler at the Internet Storm Center at The SANS Institute in Bethesda, Md., wrote, "A large number of Web sites, some of them quite popular, were compromised earlier this week to distribute malicious code.
"The attacker uploaded a small file with JavaScript to infected Web sites and altered the Web server configuration to append the script to all files served by the Web server (IIS). The Storm Center and others are still investigating the method used to compromise the servers. Several server administrators reported that they were fully patched."
What sites were spreading the infections? We still dont know. Neither the security companies nor the businesses running the infected sites are talking. Since theyre not being any help, I can only suggest that you update your anti-viral software and run it—now.
The only other thing I can say is that sites running IIS 5, which hadnt been patched up to Aprils MS04-011, were the ones targeted by this exploit. But, Im sorry to say, its still not clear that even sites that had been patched with MS04-011 were safe. There are reports that even patched IIS servers were infected.
What happened next was that after simply visiting what looked like a perfectly ordinary page, the JavaScript hidden with the page would direct your browser to quietly download and install one of several different programs from a Russian Web site. "These Trojan horse programs include keystroke loggers, proxy servers and other back doors providing full access to the infected system," Ullrich said.
Next page: It gets worse, much worse.
|
|
�������x}v㶲s{�̎�Sj^-۶-u;(
�S$7IV'Ʃ�n|>Nږ�*T�
B
?J�9wiȅ3Zd'ΠSãw&D;;o
>�ߛ`\˨�;ހz!�,
�}w [Ȯe�j����;#|�$Jw *s=NN��K�VkNFZV6'2z9�\�3�Ѣi�3\O�d{=B �~�w�f�e�(CJ��}֥q�O�} c* [t�V�:v �*UN�8�p{#f_ʞ0�IAI�M"p8$j�>vn[�0��Ba50vˁ黖>;$}1nCU�Vek햡�l<�v�y!e23�#�g�ݻ�H2匜(Cd`jI:4G
"04��}�C1+k8J9R>1-O|ݖ|CXult̀� �Y3Eu��_FBS I]���78���V`~e6��S�>�Ҁ��chG�PAnLaF3,Ӹ4
붪VQj\(�(Nr7s[=}0q*sܜL�͇:JI4E9\ή2$�(^[m�mIu]k�0��v}%Or~@α�{A~�$Fj;�}�&*�DET竓$�_��c�::-gVy��j�] tx�[�n9(�5Ejy�٥R5,f3}��+i3*�,GQD~64/VI㳣V�;l,a�\4�2V(],ȏwAuyҾ59i~j�7;
GO��0\6:֪o~=�Wc�߮C"wA�pHJ@R3�~�IF,tOȯgs�`HmDm[ܼ̐LR9�k�a(�7s`aM�|�怒m�ȄS�Hu��t���~mI'ԃ�6kiL�
�9B�:%yW��7�.hr�
Ae)#8?c݃I��hJq�䰉3ذ�1�"%�w5/%�,)|�U��>hI"A[8
.*J�!"xN3� �BDԑ?C:C���0&pt/ݜ�~��_5�\{G.כEsL��t];�x�aZPp�x=6�ݏ�ҹj_v47aUb}Phv�ZM]�qsuTStʥt�=J�j�*��J���G�f[Ԗ-Pò˔��t}x7
&=���aO>q|B�tR붝x�>:AGA�ticŦh@7&�h`CZ]Ҏ:L��g_`;^h.[ pŀ00'wk��LP#AтMx>tw�&>��l�d�$4(s�w[LL ρ�.
K}�ˋ�0���P�}�� �2/?>�a�xs�ԧP�}M�rA=�9;ݴiǀxt05(�.�%Ϸ2R}g9>�] CRW>#��hI#r�����
Bг�,`@o!`�`P�� a�B
.�<���B�ICvn<���){T�Kh!+�K@fsfh(4{~2�cbB�|#'b�z�(0��Vn)grGֶLo� �E j�J}:
%�r%�
5kb�$T`CY3�j-y�s�p
dO,s1r@i_Sr�,H1,g0dz�w�Lz7v&�m/n$)L`�V|�\t�k--%ւeۏRue"$l�}ooaXZ
@-ſE�i-d[�|aa2E]�Q\BKHD@CR)Ե�
a��^`(yt�MȆТA҆�=T=�Ss�
��
XTMΫr_
�}d2*EM�ګY3l�d �tA�qF�A2`�LAE}a�&�ʤ
ëi�;v\�cO�zOnz��`r��Φ��G �cǏipBa1e ֤ԊLM>kQ@�/�ı``�{�s7s�9pJ.��k6qMݞ_�v��⺰-]69�'uI8`
;D>Ӝh2�F��áiHuߴf�qFʫEU�&-JRQɫjLY#l
�ԑq,�Y�X�Tб,~=aDm6#(
EZ$�=
�G4UD85[.OAY-��4$qx�?7u?_R��F<�[?\{wSzAm�`+z\sg�I��оGhʰeh8`ZzqF�$KD!(�Oܧx&\3atS3יmE4`D� ڸ�/�)apG,�^
�\�~<>�B
SK@'�R*c`EL�s�ǖ�YCǖbTۄЂ��r[|T�=ߤe�K&��C�pӞ�rFVyQB?M=~Tʕ|R=N
re߬�7sCSO@H.5�Ǟ3��cY�翜;vts�g�jAAPz6gn-!WG�ש%XTe���1�0+��fW��#S@)�WHF(`�0](
h3�s�T͜Z�/YQS�mfc�a
��"8&��7>jV�j8v��7dݤ/Hɘ-qV}Y=��w7䊢-?݀ޭ�l�F���'F�� �i���vo�c�(0f�4sB[�
P}IMzO!"���ڟqkh豸2]
QB3Z0d&Q�abX[�⚪�*y}���{oB64F�(dyD4@/=q8bk
�NU|�8�ʳ�%�[t#8tM�G9�Fi$�]+|[P rfɍ>N6霎Yc~
006y�-0P>O\մb�/s�9�W�|6�u8W]?`L's��+`p1�\An#>ҍ۩+j*r��6~�:&zi�1bNw)n<0{�L3gB�=6
Phn�h`$dmh��AI�K-g}X%2␜���TJ0�$�JQ)`zVDZ1~��HǞ1L}]��4|YzΘƱz>JkxG�2edA�J�hU�m{\ c4�g�4<�]b>�_&I|SeQȣ얯�)K�i�+TP* 7�3pa-W*jj��&R�rMu�E�;�ŏ�[o(�rfٍG>tQ*~�PՅGIur`�ZT�<*�l5r�Ok�XD+(++i-^2�۹q�m.E�)[��4˷�ʨK �3["X.DД�7Ϩ��d�Rb�u�
kQh-Bwyr�`��1W?�4$َc�qDc?ԁ�h)03?0R�ٸUrJ0i�IWZy��̡}2b{#�і�$¾��.뤵'sSs]����`aOn�;ܝ�=`>L;K�@k b#0��0���:���J�O��ɂ�'
WJ%?(]QM3A��z��
"vB�s=Q<��C�p3{ ,f�d�P�@�/I�K.:;Ղ_��c3axք�-䤔�Iԕº켹it�I^cاˮtڸh>#@�W~_HUڗuz֍�B�xY�Ժֈd�Ȱ��V �J_ĥ}}Ҽ̂qs՜$�"J��ON3dn,JQ]Fp6YTïU��2kn��!���ʕ+tR@�T���5 �KLG:Wщ�{ntE
����bT1J/ԟRJ�MQV�=#�ijq�QAS�):�*9Q;ߚa$kѷo)Aߐ>O1Okw��tE�h[(+��hL�udsJ; Yc~:)}@MN9˙���_%i^�3
�Í7���"HtSOkԛC26��jG��\ <��?m[ħ{�,�/䎡�=�;SH�&Q(�4iQE�%e9rs:)!O�ϕp��|N(k+'I^VR6T$��4%!44ALNbC]B+#7g�ҹj\nNpV�H�po6_xvImKd
��Ζ�&"�̗4.נ�y8��V�#�"|�G)-&GX!*VZRZz*$'?v�Ӓ3tH1��?��%ݞf0>iF�X4�b`'a�wʜW#�SLaZ��?�Y�.�/=v{6g>&k��?gdN-Ƙ��`ֳ�s8CϝO(|i@�c
��V"?_BWc#ZT=�9b6PMk,�@ڷeFo{��ЋN+c؛y.);-�6%#95al`�Mi?Q�M�'JT2ϟ�}��]]�5jȃ,�#�8]o�ta�S@
ɉN(o����'WG.t�_mrL\PHS{�@K�OvZ�y��pz�If�q'KMlN�e3&0%KR${]qB#q{�/.)q�=XfN%�`j�
Ń8}`91-8'�_�Ӵʼm�ɽ[MxE+�:Xz��A9��y|�!!`eݢ^3}s=%K�
b��
VL�V8o2�mO�Fಠ܀CG ��Xj� tˁUgcA=ݮ5Uђ;4m]��~2Rb��zH�ye.V}Iƨ�/h,3pڑ�.hC1�֡2�kJ�pP�?"@}ӊe{D7nQ�6K�%q�vB7*%U>S��q�<��-�anZO^.6}\�1��I�8 �l
ٞD3^~nʣQ斕tP @f&N�a��[\/��O/VJ�`]×!$��!1�1M0��#Ƹ7%KRg
�+�e�Pq"�~w~w~w~w[rwƺ%#i&/7��L},��:/]Ol%99q�uԼZ(ͻ-)^�pH��gc��8l͆#2
Y8qbFC_=z LMnϧW 6dL�S++�.fRk@u�G]\!B'�3F8f�5�/_�n~j5oأN�V��!ŵ�:G,3$�+h��d i�3bl9C�'ӈh`-�)l"k�0Ь"`6d2ipd�0��HLr)?sˇEtbs\T*,�$�����XS�l@��i�|:}B<$!G�_S\R���
1e:j��e��r렎e�(f9� ��BFzA@c�!�מ6=B{S\.6ZL-£B@5d�H�/�/3c�C7AAwޭ�jN(N3#_?X$H�AQdz>=Z��A����1*J
וSЍ1&�&+g`xW%.GL�L篜w�b�_ۋP�~vRgLvFߙ��ag9�@��YpaTmCn~}+�Ja^xAL2r}esr�__\nkOmw#{�X�B�DzO"r`_*
es�^j7>kE_A-δjgϡ`a�A| ��ךLǤiHsC(u[12]=k'o:aS�06${U"�/?fi@)1�[�(o�C�u&/[z�O;mX'? KY*㇝.�9q�/Nx[G)LI|+A$㷈��DCঀ8~�x�Uܲ;@�=e�l#�AI1ZSʉmOUUx9LY��qma�cM[ŕ�p}BYW�P68!#�9pyl�i9F?P9x[Nt�ѧ�GD2`7�%�0-Sɱ+A#샒�=�%h�?? ,q'Ds�1(?
CuXYRSo-��Z��o�[+U#r�d! `,%7�%sZk�^�Yb+Ȉz~l�]!1c⥮TA9i�AKu�.G�*Z!ѤI=)ޓHQ5rGqbfģ
Zk�ah;Xy�cj=!vqc` J�.қncr(dH�'2t=jh�DͤJd�i�[%_.OU+ETT�.sW4U
p@ae�/Һ0G|z`BOs.�kXGl;�1#�Z!_)0o59#�qX* E�L>iuIלPF�,g+G� �&��|aZ2� h�\�z1�W-vᮤq�_A/m�8�$h�Y�п���{{i/1�~H+6&K̎sNW�D�]%F�b1�t)6AP��ׯ0OļP\sn?Ha.=x\XYrV7<-^a�9EU-'d[h4s;'¨ӔAJ�a�3rۺm�6A�聎�Dqa8TJ�_[E�x}#r��bF�q{Zad�R>dD9m�o�ix���F(<�d
� )DŽ�):6$Ae�u߃5T?�0:k{n#nK�ZEU�[�Y��_D��_�t�f `�;�]�MM
�
.�yeTW��F/�|�T�1/b-�0#��>x #b2z�ސ�G7�#XH�BW7��}�D['鍀�Czhb#3���F��NPXʺzhM6;a�H�z3E}m"��L�<�y�]+�hb�4��c�3ی�x�l��0W r��
�[zpe�x.�h�czS@�!ᘭ#!K^�bΑ&z,ݭQk|(�J�![kOЧ�枩ŠUH2TdL4B&(qTiK$n]11FqŷN(�l�;b21C\.Gc��;\�D:�d[t]\T�P�*@H��>S�|�??%~�B(�NbJ ͍$�u�~+̦V�K
�X`�,2E<�CezX<>qA~2?5:��m���;5Kq��:r�tT++ʾ��|{�}a�>�c�e�[7��Υi8ERx|L�
]ǒ�4�B1h 2}@20=ce?ݱi2���{�=�bRQJ1|���<3ʰ�LXU����%eu|s=M蕴B9^��eȐq�/Yw40
}:>�1vǺ}�1So\]&k &|<�_%9jo�o*[u}}uټn]v3SӃ��Sf&�R0mw�5e)š��G\�«�.W�}QtX�m�SIﶺPJTٌ/!j�bTթ��`b_8)o\7;�m=Z��A��N|vuIcgFE@ЦmtuR��Ljs�@8���SDNy%f�n�|M�(7(mM5_.?n�6֔�9�hp\S~�ǫO>k�~MZYkuy$So)�35֚d�:k?C�|
|�k�X�X��{�@5�/�y?/?/'�/?A5gP~�P5�P~�r^\K�5׆
FA+5q�_y�z
t��;g
]�
忮.�q
}O�Ok�~7P~�f
@7kڿ�YɹNCPX#g+\8=b��)/fGkX�}2ӺrXB])?5@�~v_KZCR>S�K@�y/�>{+sg#�q$��^a芪[k�/Y�ݴV�q`
M� {}�y�s/-#yioRY0� �AQܠIxEó#�"�h��toĶ.�p��&}:=Wvl+Jy.)ܼ�}:QO+XE)9s8G#�n1'O\�st��|,y�
|ޭq'�1 }^-c�#]n�L(!�^�~��n=�7�}z»�n�_�x�`
~iMnڧGp~k;ُϋGkw�ե� |3b
)&OxV&;v{>�y�Y�-xLԸ�GpoѺD�);F�9k@�YMgvЍ1��衔~3d]No4pG3n �?ͼ=}3,�Gj$NRi��RX.e?'Hdr
s>�q(/#&T$`r�X���erF(�RB�4|GӤW)M7��y�VI8a�sn%[���"z��~L@L�D
y�_Ƥm\^P��սD<�gU~ o2P�e ��S���"�";Tx`LմJh �o.q~)-|LZA'aoa�J+�#`�[;mWL<1G ?n
3Δ@��
ئGФS#�&?=P3�l1@�Љ
zu�S �9�oސ_�� ΅*˖ bXV1W$��k`T{irۄ-�#6O,���?�rނw2${H�;]�I_ȁL=u{Ȫ�4ypa�w��./f
C?y%
��o�as���(I2,c��mV�i��`ƨg=^|k,c%ff�&]3 a('Vzgi�lv,{��;Kh6EK`b?94Ǟ"0Հħ�%N@bX�vud$�}9= �zl{j-P%n2!�%؉GGCױiB�.�~Y`7,/F����|m)ݺb,ӥ�uǎ�'uE:5��~Pq<��6LG�3
(r�1�)ϐ�O�/,�Mav
ă�v,='�IDπl���eMf@g^l(VxNLN���3zlo%()%�y+L8(ن�W�xZ*HԴGx&e�DY;D$5Rb2(�=��z��k|F
�9&cǂ!0͕͒DM1F(M',1&�.� Ax��=`#hxl�96:|���,�]ebV�S"N֊2I-�9�폭)N*HX6�aw�f����@ýŵ]�^g*!��RW0xq�~�sa��ʩȩ(|�m_|J�Ѭoe�;j�+S�ʧ=UxKKGS�ɻ�1/Cޱܚt�WxħGyc�n
^A9���'qw
��l�/#e�~U�b�`i5R �NY��?wP�e��E`�!/��pE%@5V_��g�*ǑC~�� ASo��^3AWRc�@ߪ��9�f`7["XӬ)U7r\x,�c��pv
\\z`W٫ղ$k0]�'o�hlT�#ǎ{V#��L=;6 � pԲ����T�RTU+fS?H4���wVXb512iˆy�dεޱ+�+�KA5/啲�\�"p,ZLtX�+ /T�TӍ�S2�)~N|K|�b��ĥ2r(`VwHl�UEQ;"9���x%Wr�34-P `"c}W�*�OVK'3\C)'PTY`ӱS�|}bZk~�h5mq~UbWm@K}$9ظ 0~�ח
[xqWºVM��MuiǓUܠ�Dv/�3� 뛝G���ԳPADUV@(#\Z�]1�,mYfp^1
`��T�Ӡ�b?u�;w`$����M�$��Q�*-~�98=�?x�n1�@pL]|?E%�-2h�dv�R�_�o<�/ B`�с&�2�_aex�k0՛>A,_:jr}�/.DOoFiB$lbŞDPA)M~.C(��Kj/hYf�lYX`CM`�m^<9d7��ul�I��J�1.0�}Wa7j�cx��W?���Yf�@��LG
�|�5;na;ew�f�rqG>w�asapCe�qcSnX6i�C&}w9'6hc�B�
MĂQq��B>FDŽW�j_�=�P+ڙ�}�lD?�T�lX�zPH;pbGt�P�i>0I�܇wˇS*c�N�P?Z%+( w�dɟ; )Pt~!Y�I�W�ER�V"s?s}ٍ^�L�{a$R*ބ}Kv�%<=d+4ax��{GOsrꞅD@ /?'��L#�ևx3wCXޑw��V�9RF�[\�. Yku];lmRiyǠ$vB��9��3<�E^[&+}aė�y.px�7ss�r)rS^0[�ITԤ{�P-h1�z,^~+*$7=a�u/ι$c0f��.ᯏ4N���ǝ7>�厫ֲ�n�� ϋ
�?572w/�&G,o~q"�F%i:D-�|F'IJB>�XxMzC�Np�C7<*�w�Tnv1q6>J[��4P9,'3z쨭$sC��qḓ;rX=z @ο'}`ʀɗ���ŐT/R�]�ځVɗҁ�w�8*ᰈ;#Ռ�q"�qp����a.WuD -ǧ%�Lc숡/�LCE�\<.LCV��݇-}~>o.q
݀�Nۗ]q:|(h)t%4xV0W5~y��%D!6�;fYpIq}}w�?�5?n<��Ӿ>iA0�OXI}"ށ�j̺_&{�b&�6���%C�t F*3]BU+iDB��;߷�Y3����c�0|@)T`eN�mľ^f6A_Uf̷��\SK7�++E۔G(swD�3Kq�ƗD�Oe��V&ކeً/a?t2�=��
|
Linux & Open Source 
