0 Members and 1 Guest are viewing this topic.
someone tech told me its was your birthday today (9/24/06)have a good one my friend
You could use the linkchecker, but I think the DrWeb av hyperlink-checker is also good, and the GeoTrust, because the latter is live.
The VML exploit may have turned up on a web page linked to by the BBC. A page mentioned by the BBC's ClickOnline Webscape page is infected with the exploit according to Exploit Prevention Labs Link Scanner.
AFAIK It doesn't effect IE7.
IE7 in Windows Vista incorporates additional security measures, most significantly "Protected Mode", whereby the browser runs in a sandbox with even lower rights than a limited user account. As such, it can write to only the Temporary Internet Files folder and cannot install start-up programs or change any configuration of the operating system without communicating through a broker process. This is expected to increase the security of the system considerably.[5] The Windows XP version of Internet Explorer 7 will not include "Protected Mode" operation. It also supports the Parental Controls and Network Diagnostics features which are unique to Vista.
We are starting to see mass mailing lures for websites that are hosting VML exploit code. Most of the sites are using updated Web-Attacker code. A recent example that came to us from Message Labs appears to lure users to the site by claiming they have received a Yahoo! Greeting Card. The site downloads and installs an Internet Explorer Browser Helper Object that directs all HTTP posts from forms to a third party, and then collects information on end-users.
Windows VML Vulnerability - Frequently Asked Questionshttp://blogs.securiteam.com/?p=640
Q: What Internet Explorer browser versions are affected?A: The following Internet Explorer (IE) versions are affected:Internet Explorer 5.01 Service Pack 4Internet Explorer 6 Service Pack 1Internet Explorer 6 installed to Windows XP Service Pack 2
Q: Why this vulnerability is related only to Microsoft Internet Explorer (aka MSIE)?A: Other Internet browsers, like Mozilla Firefox, Netscape and Opera use a different technique known as Scalable Vector Graphics (SVG).
Watch out for fake greetings cards:QuoteWe are starting to see mass mailing lures for websites that are hosting VML exploit code. Most of the sites are using updated Web-Attacker code. A recent example that came to us from Message Labs appears to lure users to the site by claiming they have received a Yahoo! Greeting Card. The site downloads and installs an Internet Explorer Browser Helper Object that directs all HTTP posts from forms to a third party, and then collects information on end-users.
However, really, is IE7 that safe, using totally different structure from previous IEs?
Will IE7 improve this spotty record? Perhaps. According to Microsoft’s Tony Chor, a Group Program Manager on the Internet Explorer team, part of the problem was old, sloppy code. “Over time, IE had developed 13 or 14 different places in the code where we place URLs. Inconsistent results allowed us to get beat. This is where we rearchitected a big part of IE so that one routine evaluates the URL.” Microsoft is betting that the new URL parser will make it easier for developers to avoid vulnerabilities in the first place and to fix them more quickly when they do appear. But only time will tell whether that effort will pay off as expected.