[Eagle9]

US-CERT Vulnerability Note #416092

(excerpt)

III. Solution

We are currently unaware of a practical solution to this problem. Until a patch or update is available consider the following workarounds:

Refer to the following workarounds listed in Microsoft Security Advisory (925568):

• Un-register Vgx.dll on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1

• Modify the Access Control List on Vgx.dll to be more restrictive
• Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone

Do not follow unsolicited links

In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.

______________________________________________________________________

I choose to use an alternative solution: Firefox or Opera as my browser.

[IncPen]

So... you wanna ping Bush2k?

: )

[bigdcaldavis]

Only idiots or masochists still use IE. Smart, sane people use Firefox, Mozilla/Seamonkey, and/or Opera 9.

[Wuli]

I'm with you. Not only is Firefox minus the MS security bugs, it was faster than IE from the first day. Now, I have converted many friends and relatives to Mozilla's browser and their Email client (Thundebird) as well. And, the Mozilla community has new extension and plug-ins for both apps all th e time.

[MineralMan]

"So far, said Eric Sites, vice president of research and development at Sunbelt, the exploit has shown up on hardcore porn sites, which are serving a buffet of badware to users who visit those sites. "

Oh, well. I guess I'm safe then, since I never go to porn sites. Porn sites have had nasty adware on them for years.

[Principled]

Firefox. It's better anyway IMO. Lots better.

[mattdono]

Clearly...George Bush's fault.

[dyed_in_the_wool]

I'm sorry, but I can't reproduce the bug in Firefox on my MEPIS box.

Doesn't work on my Mac mini either.

Can someone verify this is a real issue, please?

[VanDeKoik]

Wouldnt a simple solution be to not go to porn sites?

(ducking)

[bws53]

If I site requires me to use IE, I will generally email the contact people listed in the WHOIS record and then stop using the site. Since I use Linux as my desktop OS, using IE is not an option and I couldn't be happier. Again, I simply stop using that site if I have to use IE. The trick is not to use IE in the first place; and I never have. I've transitioned from Netscape -> Mozilla -> Firefox and never took that poison pill that is the blue e.

Secondly, IE is years behind in features. I cannot browse the web without tabs and the RSS/live bookmarks in Firefox. IE 6 with SP2, for example, finally included an integrated a pop-up blocker. Opera and the Mozilla browsers had them since at least 2002. Tabs? Again, Opera has had them since the late 90's and Mozilla-based browsers since '02 or so. IE7 will have tabs, only a few years behind. RSS? Yup. For a couple of years now feeds can be incorporated into Firefox. IE7 will have them.

The development team for IE7 was given one directive: "copy Firefox."

If you don't ditch IE for security, least you can do is it ditch it for its dearth of features.

By the way, IE is also a piece of junk.

[ShadowAce]

[Echo Talon]

the exploit has shown up on hardcore porn sites, which are serving a buffet of badware to users who visit those sites.

stop looking at porn and you dont have anything to worry about. :)

[bitt]

save yourselves - ping!

[OrangeDaisy]

A website about drugs (legal OTC and prescription stuff) that was the top result on Google recently downloaded a trojan on my computer. The stupid thing would show as infecting my computer everytime I rebooted even after the anti-virus said it cleaned it. It took several hours of running several online AV scans, deleting, rebooting and deleting system restores to get the stupid thing clean.

[mysterio]

Another great commercial for firefox.

[KoRn]

To really make these alerts effective they should post very detailed information on how to use the exploits.

That would really light a fire under their asses!

[philetus]

III. Solution:XPLite

[FastCoyote]

"I choose to use an alternative solution: Firefox or Opera as my browser."

Ditto, at least for anything other than a bank site. I hope the financial industry starts supporting Firefox better. The handwriting is on the wall.

[DocRock]

bookmark

[Mr. Silverback]

OK, I'm getting Firefox tomorrow. Freakin Microsoft.

[Mr. Silverback]

Hmmm...I posted that before I noticed that most of the users encountering this problem are getting it at porn sites. I WILL NOT have that problem...but i'm still changing to firefox.