interfaSys Posted June 25, 2003 Posted June 25, 2003 Continuing our discussion started in the thread annoncing MS2, here is a link with special coding that will crash most IE. http://www.make-everything.com/IEsucks/index.html No fix is available. windowsupdate won't save you ;) Affected browsers Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6 One could have done much worse with this hole like steal all your data, erase everything,etc, etc. IE is dangerous ;) Switch now ->Opera.com , Mozilla.org Olivier interfaSys s?rl ----------------------- You'll love to use our solutions! Rich Internet Applications and Usability
modding_GOD Posted June 25, 2003 Posted June 25, 2003 I would like to educate my customers not to use IE, but then I won't have anymore customers. And you can crash any ather browser too, if you know how. Hope you meant it as a joke, otherwise :lol: Have a nice day modding is the only way to make your PC more nice
interfaSys Posted June 25, 2003 Author Posted June 25, 2003 Yeah crashing is one thing and not too many apps are imune to buffer overflows, but stealing and taking control are other things and to my knowledge only IE manages to offer those wonderfull functionalities to the world of script kiddies. Olivier interfaSys s?rl ----------------------- You'll love to use our solutions! Rich Internet Applications and Usability
dreamscape Posted June 26, 2003 Posted June 26, 2003 I run IE 6.0.2800.116.xpsp2 and that page did nothing. The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke
ocularmagic Posted June 26, 2003 Posted June 26, 2003 I don't use IE usually but nothing happened to mine when I went to that page. My version is 6.0.2800.116. If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1????
interfaSys Posted June 26, 2003 Author Posted June 26, 2003 do you have active script disabled? Olivier interfaSys s?rl ----------------------- You'll love to use our solutions! Rich Internet Applications and Usability
interfaSys Posted June 26, 2003 Author Posted June 26, 2003 Or do you use a program that blocks popup. This example opens a new window first. Olivier interfaSys s?rl ----------------------- You'll love to use our solutions! Rich Internet Applications and Usability
ocularmagic Posted June 26, 2003 Posted June 26, 2003 Active scripting is enabled, allow paste operations via script is disabled, and scripting of Java applets is disabled. No program that blocks pop-ups. I saw that window pop-up and then it went away which I assumed was the intended function. If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1????
interfaSys Posted June 26, 2003 Author Posted June 26, 2003 "allow paste operations via script is disabled" prevents this buffer overflow to work ;) Olivier interfaSys s?rl ----------------------- You'll love to use our solutions! Rich Internet Applications and Usability
ocularmagic Posted June 26, 2003 Posted June 26, 2003 No fix is available. Oops, I guess it doesn't need to be "fixed" just need to change the settings. :wink: If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1????
interfaSys Posted June 26, 2003 Author Posted June 26, 2003 Exactly and how many users do have this setting disabled? =) It's just like some other hack that required to disable all plugins. How many users will do that? I find it easier to tell people to install an alternative and to update once in a while than to tell them to subscribe to security newsletters that they will have to watch weekly. Olivier interfaSys s?rl ----------------------- You'll love to use our solutions! Rich Internet Applications and Usability
dreamscape Posted June 26, 2003 Posted June 26, 2003 I have a popup blocker. you can exploit pretty much anything, so no sense worrying over it too much... and as IE is widely used, as web developers, we cannot abondone it either... I guess you could tell people visiting your website to change, but if I ever went to a site that told me I had to get such and such a browser, I'd be saying "bye bye" to that website. The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke
interfaSys Posted June 27, 2003 Author Posted June 27, 2003 I agree, you cannot really change the habits of your viewers and everything can be exploited, but IE makes it real easy as it both integrates so well with the OS and MS takes so long to patch things (and they often don't work right the first time). My point was about educating customers you work with if you install shops for them. They are the ones that will propably handle sensitive data and they should be aware of the risks that they take. They usually listen to you pretty well if you take time to explain the situation to them. Olivier interfaSys s?rl ----------------------- You'll love to use our solutions! Rich Internet Applications and Usability
♥monte22 Posted July 13, 2003 Posted July 13, 2003 If you want to go out of business you can try to get people to use something else. Would be like telling them to find a Mac to access your site. I'm a big fan of Mac, and not a big fan of Microsoft, but if you live in the real world you know that Microsoft is what people use. Just like ebay is where you go to list auctions. You can try Yahoo, but good like finding any bidders. The fact is no one osC shop is going to change the monopoly of Microsoft in the software world. The only thing you're going hurt is yourself.
Guest Posted July 13, 2003 Posted July 13, 2003 Continuing our discussion started in the thread annoncing MS2, here is a link with special coding that will crash most IE. http://www.make-everything.com/IEsucks/index.html No fix is available. windowsupdate won't save you ;) Affected browsers Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6 One could have done much worse with this hole like steal all your data, erase everything,etc, etc. IE is dangerous ;) Switch now ->Opera.com , Mozilla.org Why get them to switch? Are you using this on your website? Things like this smack of someone going out of their way to prove superiority because of biased and unsubstantiated hatred and jealousy of Microsoft and the people that work there.
judgej Posted July 14, 2003 Posted July 14, 2003 Exactly and how many users do have this setting disabled? How many users will do that? Well, you wanted to educate your users...
interfaSys Posted October 3, 2003 Author Posted October 3, 2003 Educate them by making them use a safe browser, not a crippled one. Here's the latest: http://securityresponse.symantec.com/avcen...jan.qhosts.html Have fun IE users... Olivier interfaSys s?rl ----------------------- You'll love to use our solutions! Rich Internet Applications and Usability
interfaSys Posted October 3, 2003 Author Posted October 3, 2003 Oh and if your users use Outlook, let them know how Valve has lost Half-Life 2's source code... ;) Olivier interfaSys s?rl ----------------------- You'll love to use our solutions! Rich Internet Applications and Usability
OldVolks Posted October 18, 2003 Posted October 18, 2003 yeah tell your customers they are stupid for using IE or better idea get them all to switch to some stran of unix weither its redhat or freebsd gentoo ect... then you wont have to worry so much (as a clikc add reply using windows xp pro ie 6.0xxxxxxxxxxxx (i also use redhat and freebsd as my servers and I own several macs)
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.