Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New Explorer hole could be devastating
Infoworld ^ | 01/28/04 | Kieren McCarthy

Posted on 01/28/2004 1:10:12 PM PST by Salo

New Explorer hole could be devastating Browser users could be fooled into downloading executable files

By Kieren McCarthy, Techworld.com January 28, 2004

A security hole in Microsoft Corp.’s Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables.

A demonstration of the hole is currently on security company Secunia’s website and demonstrates that if you click on a link, and select “Open” it purports to be downloading a pdf file whereas in fact it is an HTML executable file.

It is therefore only a matter of imagination in getting people to freely download what could be an extremely dangerous worm -- like, for instance, the Doom worm currently reeking havoc across the globe.

However what is more worrying is that this hole could easily be combined with another Explorer spoofing problem discovered in December.

The previous spoofing problem allowed Explorer users to think they were visiting one site when in fact they were visiting somewhere entirely different. The implications are not only troublesome, but Microsoft’s failure to include a fix for the problem in its January patches has led many to believe it cannot be prevented.

If the same is true for this spoofing issue, then it will only be a matter of time before someone who thinks they are visiting one website and downloading one file will in fact be visiting somewhere entirely different and downloading whatever that site’s owner decides.

We also have reason to believe there is no fix. It may be that today’s flaw is identical to one found nearly three years ago by Georgi Guninski in which double-clicking a link in Explorer led you to believe you were downloading a text file but were in fact downloading a .hta file.

In both cases, the con is created by embedding a CLSID into a file name. CLSID is a long numerical string that relates to a particular COM (Component Object Model) object. COM objects are what Microsoft uses to build applications on the Internet. By doing so, any type of file can be made to look like a “trusted” file type i.e. text or pdf.

Guninski informed Microsoft in April 2001. The fact that the issue has been born afresh suggests rather heavily that the software giant has no way of preventing this from happening.

So how bad could it get? Just off the top of our heads -- suppose someone set up a fake Hutton Inquiry site today with a link to the report’s summaries -- how many people across the U.K. would download a worm this afternoon? And imagine the computers it would end up on.

The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer’s viability as a browser.

The advice is to avoid this latest hole is always save files to a folder and then look at them. On your hard drive, the file’s true nature is revealed. But this advice is nearly as practical as Microsoft telling users not to click on links to avoid being caught out by the previous spoof problem.

All in all, it does not look good. Not good at all.


TOPICS: Business/Economy; Extended News; Technical
KEYWORDS: ie; lowqualitycrap; microsoft; ms; security; windows
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 241-250 next last
To: Principled

Mozilla Firebird

Mozilla Firebird is a free, open-source and cross-platform web browser for Windows, Linux, MacOS X and other operating systems. It is small, fast and easy to use, and offers many advantages over other web browsers, such as the tabbed browsing and the ability to block pop-up windows. Read the full feature list or download Mozilla Firebird 0.7 now.

Find out why people everywhere are switching to Mozilla Firebird. Be sure not to miss the great Introduction to Mozilla Firebird.

61 posted on 01/28/2004 6:32:28 PM PST by mhking
[ Post Reply | Private Reply | To 38 | View Replies]

To: Salo
It is time to start wasting hackers as the terrorists that they are.
62 posted on 01/28/2004 6:41:39 PM PST by Righty1 (N)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Oh, puh-lease. This so-called "exploit" is hardly "devastating" or "unfixable".

I see you are loading your petard again.

Has your rear end healed from the last time you were hoist on it?

63 posted on 01/28/2004 6:43:04 PM PST by Swordmaker (This tagline shut down for renovations and repairs. Re-open June of 2001.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: aruanan
You see, that's only because it's a popular widespread OS, not because there's anything inherently wrong with it.

Good one, Aruanan!

"Can fifty million Frenchmen (Windows users) be wrong?"

You bet your bippy they can!

Just because something is popular does not mean it is the best... or even good.

64 posted on 01/28/2004 6:46:59 PM PST by Swordmaker (This tagline shut down for renovations and repairs. Re-open June of 2001.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Redcloak
Where do you want to be taken today?

Shouldn't that be how do you want to be taken today? ; )

65 posted on 01/28/2004 6:47:51 PM PST by TigersEye (Regime change in the courts. Impeach activist judges!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: .30Carbine
Thirty, please look at post #61. It might be good for us to get and use another browser. It might mean an end to the daily suicide missions of Internet Exploder.
66 posted on 01/28/2004 6:52:13 PM PST by TigersEye (Regime change in the courts. Impeach activist judges!)
[ Post Reply | Private Reply | To 65 | View Replies]

To: antiRepublicrat
Oh, I figured it out. MS wanted to have that patch-free month, so they just decided not to release patches for known security flaws.

Do you remember Bush2000's horror (read glee!) at Apple not immediately releasing a patch for a minor, non-exploited security hole in OSX?

Strange, here it is Windows with the problem and here he is dancin' and dodgin' again.

This is really funny.

67 posted on 01/28/2004 6:53:29 PM PST by Swordmaker (This tagline shut down for renovations and repairs. Re-open June of 2001.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: Golden Eagle
You do realize that this latest worm creaming MS sets up a spam server farm out of infected machines? There's your vector.

a single serverhost attack is never going to infect millions of systems

68 posted on 01/28/2004 7:05:53 PM PST by Salo (You have the right to free speech - as long as you are not dumb enough to actually try it.)
[ Post Reply | Private Reply | To 51 | View Replies]

To: Salo
"many to believe it cannot be prevented. "

http://www.grisoft.com/us/us_dwnl_free.php

AVG is free and caught 4 emails with it yesterday. Very impressive and free.
69 posted on 01/28/2004 7:19:07 PM PST by JSteff
[ Post Reply | Private Reply | To 1 | View Replies]

To: JSteff
They are talking about the browser's vulnerabilties, not a virus.
70 posted on 01/28/2004 7:39:20 PM PST by Salo (You have the right to free speech - as long as you are not dumb enough to actually try it.)
[ Post Reply | Private Reply | To 69 | View Replies]

To: adam_az
So you are saying that a federal program is better than the free market? Can I quote you?

When dealing with crime, absolutely yes. And computer piracy is a crime, that should be dealt with by the government.

You anarchists prefer vigilante style justice, something "the mob" can control. Forget it, the only way to root out the criminals from crime detection and prevention is to give it to the government. One of the very few things we need them for.

71 posted on 01/28/2004 7:39:38 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 56 | View Replies]

To: Prime Choice
Yep. During the last major blow-up thanks to Microsoft's lousy security, they blamed administrators and users alike for not upgrading their systems.

Strange, I get a couple of messages from them every day, and I've never once seen them blame me for hacker attacks on me or on them.

72 posted on 01/28/2004 7:41:07 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 58 | View Replies]

To: Golden Eagle
I disagree with anyone who supports publicly releasing exploits much less open source code of viral technology before vendor notification

The law of unintended consequences could affect your argument.

Specifically, this would encourage software vendors to write sloppy code because they can always fix it later.

73 posted on 01/28/2004 7:47:17 PM PST by staytrue
[ Post Reply | Private Reply | To 49 | View Replies]

To: Golden Eagle
Oddly enough, I usually know about security holes before our FBI guy notifies us. The private sector is much better at finding/fixing/preventing these problems - the government is only needed once a crime has actually occured. This is why relying on 911 to keep you safe is a poor choice compared to personal gun ownership.

Forget it, the only way to root out the criminals from crime detection and prevention is to give it to the government

74 posted on 01/28/2004 7:47:39 PM PST by Salo (You have the right to free speech - as long as you are not dumb enough to actually try it.)
[ Post Reply | Private Reply | To 71 | View Replies]

To: Salo
You do realize that this latest worm creaming MS sets up a spam server farm out of infected machines? There's your vector.

Not following you there about "spam servers", this is the IE hole thread so you need a malware host, and I also don't know what "worm creaming MS" is right now either, there is a "virus" out there that attacks SCO but the worms are all mostly under control by the commercial sites.

75 posted on 01/28/2004 7:48:39 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 68 | View Replies]

To: staytrue
It would certainly remove much of the pressure that motivates vendors to fix problems: their paying customers won't know there is a problem to fix.

Specifically, this would encourage software vendors to write sloppy code because they can always fix it later.

76 posted on 01/28/2004 7:49:47 PM PST by Salo (You have the right to free speech - as long as you are not dumb enough to actually try it.)
[ Post Reply | Private Reply | To 73 | View Replies]

To: staytrue
Specifically, this would encourage software vendors to write sloppy code because they can always fix it later.

To make a better case for you, some would argue giant corporations wouldn't fix the holes reported to them, but would rather "sit" on them.

I really don't see the benefit of not letting them sit on them, in fact it's much more likely the attack will never be used that if someone who commonly does this like "Chinese X Factor" when they release the malware code itself right on the internet. Ideally they would fix it, but if they didn't, say in the cases of obscure holes, like I said above it probably would never be used, but if it ever was there would be little doubt that "black hatters" released it, because the "white hatters" always notified the vendors first. Now there is too much blurring of the lines.

77 posted on 01/28/2004 7:54:44 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 73 | View Replies]

To: zeugma
It's simply force of habit and not wanting to put the time into finding a better alternative. So I'll ask you since you already know, what's a better alternative to IE?
78 posted on 01/28/2004 7:54:56 PM PST by defenderSD (Contrary to rumors circulating on the web, I am not Silvio Berlusconi.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Golden Eagle
Much speculation that this was done by spammers to have a drone army to spam with.

aka mydoom.

++++++

From Symantec:

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004. These two events will only occur if the worm is run between or after those dates. While the worm will stop spreading on February 12, 2004, the backdoor component will continue to function after this date.

79 posted on 01/28/2004 7:56:28 PM PST by Salo (You have the right to free speech - as long as you are not dumb enough to actually try it.)
[ Post Reply | Private Reply | To 75 | View Replies]

To: Salo
The private sector is much better at finding/fixing/preventing these problems - the government is only needed once a crime has actually occured.

The private sector certainly has it's role, just as the hospitals help the homicide detectives. But the ultimate responsibility for identifying and bringing these criminals to justice must be the responsibility of government. Vigilante style justice will never go away, but it is a violation of the law as well.

80 posted on 01/28/2004 7:57:33 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 74 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 241-250 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson