| Events |
|
|
|
|
|
|
|
|
| Services |
|
|
|
|
| Interact |
|
|
|
|
|
|
| About Us |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reasons to Avoid Microsoft
![[Bug]](gfx/bug.gif "Bug")
![[Education]](gfx/edu.gif "Education")
![[Government]](gfx/fed.gif "Government")
![[Fear, Uncertainty, Doubt]](gfx/fud.gif "Fear, Uncertainty, Doubt")
![[Security Hole]](gfx/hole.gif "Security Hole")
![[MSN Hotmail]](gfx/hotmail.gif "MSN Hotmail")
![[MS Internet Explorer]](gfx/ie.gif "MS Internet Explorer")
![[MS IIS Webserver]](gfx/iis.gif "MS IIS Webserver")
![[MSN Instant Messenger]](gfx/im.gif "MSN Instant Messenger")
![[License]](gfx/lic.gif "License")
![[Linux/Open Source]](gfx/linux.gif "Linux/Open Source")
![[Monopoly]](gfx/monopoly.gif "Monopoly")
![[MS Outlook]](gfx/outlook.gif "MS Outlook")
![[Piracy]](gfx/piracy.gif "Piracy")
![[Privacy]](gfx/priv.gif "Privacy")
![[Virus/Worm]](gfx/virus.gif "Virus/Worm")
![[MS XBox]](gfx/xbox.gif "MS XBox")
![[MS Windows XP]](gfx/xp.gif "MS Windows XP")
![[WOW!]](gfx/wow.gif "WOW!")
Show All
MS Internet Explorer
These pages are a compilation of links and quotes to news articles and
others sources that might help convince you to switch to Linux.
Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38
- New, dangerous Microsoft JPEG exploit released
(InfoWorld,
2004.09.23)
New computer code that exploits a recently disclosed hole in Microsoft
Articles) Corp.'s Internet Explorer Web browser is circulating on
the Internet and could allow remote attackers to take full control
of vulnerable Windows machines, according to warnings from antivirus
companies and Internet security experts. ... The new exploits could be
spread by a virus in corrupted JPEG images sent as e-mail attachments
or served from Web sites.
- Microsoft to secure IE for XP only
(CNet News,
2004.09.23)
If you're one of about 200 million people using older versions of
Windows and you want the latest security enhancements to Internet
Explorer, get your credit card ready.
- Click here to become infected
(The Register,
2004.09.22)
A junk mail message doing the rounds today provides an even more
compelling reason [to not press the 'click here to remove' link on
spam messages]. ... 'Typically, your machine may be turned into an
open proxy, have passwords extracted, and keyloggers installed. So not
only do you confirm your email address to the spammers, you also get
to host their next spam run, and get your bank account cleaned out.'
- Winamp Skin File Arbitrary Code Execution Vulnerability
(Secunia,
2004.08.26)
A vulnerability has been reported in Winamp,
which can be exploited by malicious people to compromise a user's
system.
- Drag-and-drop flaw mars Microsoft's latest update
(ZDNet,
2004.08.20)
An Internet Explorer vulnerability could turn
drag-and-drop into drag-and-infect, even on computers updated with
Microsoft's latest security patch. ... Security information company
Secunia believes the program that takes advantage of the issue could
be simplified to only require a single click from the user. Secunia
rated the flaw as 'highly critical,' its second-highest rating of
vulnerability threats.
- Microsoft Internet Explorer Multiple Vulnerabilities
(Secunia,
2004.07.13)
[Vulnerabilities]
in Internet Explorer [allow] malicious people to bypass security
restrictions and potentially compromise a vulnerable system. ...
Successful exploitation allows execution of arbitrary script code in the
context of another website. This could potentially allow execution of
arbitrary code in other security zones too. ... Successful exploitation
may potentially cause users to open harmful files or do other harmful
actions without knowing it.
- Time to Find an IE Alternative?
(PC Magazine,
2004.07.09)
IE's slow rendering engine and dearth of privacy features
may plant the thought in some iconoclastic minds that it may not be
the best browser for everyone.
- U.S., citing security concerns, steers consumers away from IE
(EE Times,
2004.07.01)
The Department
of Homeland Security's U.S. Computer Emergency Readiness Team touched
off a storm this week when it recommended for security reasons using
browsers other than Microsoft Corp.'s Internet Explorer. ... The
particular virus initiated this week ... allows keystroke analysis of
user information. The target is believed to be credit card numbers. CERT
estimated that as many as tens of thousands of Web sites may [have been
infected with the malicious code, via a vulnerability in Microsoft's
'Internet Information Services' webserver software].
- Security Group Warns Of Newly Discovered IE Flaw
(InformationWeek,
2004.06.30)
Internet Explorer doesn't block
malicious Web sites from inserting 'arbitrary content' in an arbitrary
frame in a browser window ... [The] malicious content will appear
as if it originated from a trusted site, which is an attack commonly
known as spoofing.
- New scam targets bank customers
(SANS,
2004.06.29)
The victim of the attack found that a file ... been
loaded onto their machine. ... The second half of the file consists
of a ['Browser Helper Object', which Internet Explorer loads when
it starts up]. Created BHO's then have access to all the events and
properties of that browsing session. This particular BHO watches for
HTTPS (secure) access to URLs of several dozen banking and financial
sites in multiple countries. [The malicious code] grabs any outbound
POST/GET data from within IE before it is encrypted by SSL.
- Internet Explorer Is Just Too Risky
(BusinessWeek,
2004.06.29)
People who browsed there on Windows
computers got infected with malicious code without downloading
anything. ... The biggest security problem in IE, one that has plagued
Microsoft and its customers for at least four years and is at the
heart of the recent exploit, is a flaw that lets a Web site trick the
browser into running an alien program in violation of its own security
settings. In effect, an unknown program on a Web site is treated as
though it were a trusted program on your computer. Compromised Web
sites can covertly install programs ranging from nuisances that cause
ad pop-ups to real threats that record your keystrokes, allowing the
site to steal your passwords and account information.
- Web browser flaw prompts warning
(BBC News,
2004.06.26)
Users are being told to avoid using Internet Explorer
until Microsoft patches a serious security hole in it. The loophole
is being exploited to open a backdoor on a PC that could let criminals
take control of a machine. The threat of infection is so high because
the code created to exploit the loophole has somehow been placed on
many popular websites.
- Microsoft warns on IIS 5 and IE attack
(vnunet,
2004.06.25)
Sites are appending JavaScript to the bottom
of web pages that, when executed, attempts to access a file hosted
on another server. 'This file may contain malicious code that can
affect the end user's system. US-CERT is investigating the origin of
the IIS 5 compromises and the impact of the code that is downloaded
to end-user systems,' the organisation said.
- DoS Attack May Tap Web Graphics Flaw
(eWeek,
2004.06.24)
When visitors to a few particular Web sites-including
popular auction, shopping and price-comparison sites-request pages
that include the malicious graphics, the code automatically downloads
itself onto their machines. Once installed, the code unpacks itself
and loads a keystroke logger on the PC. NetSec officials said the
attack seems to exploit a vulnerability in Internet Explorer.
- Internet Explorer carved up by zero-day hole
(Computerworld,
2004.06.09)
Two new vulnerabilities have been
discovered in Internet Explorer which allow a complete bypass of
security and provide system access to a computer, including the
installation of files on someone's hard disk without their knowledge,
through a single click. Worse, the holes have been discovered from
analysis of an existing link on the Internet and a fully functional
demonstration of the exploit have been produced and been shown to affect
even fully patched versions of Explorer. ...finally [another part of
the attack takes advantage of] an exploit that Microsoft Corp. has
been aware of since August 2003 but hasn't patched.
- Browser Hijackers Ruining Lives
(Wired News,
2004.05.11)
Browser hijackers [-- malicious programs that change browser settings,
usually altering designated default start and search pages --] are doing
more than just changing homepages. They are also changing some peoples'
lives for the worse. [...] Traces of browsed sites can remain on computers,
and it's difficult to tell from those traces whether a user willingly or
mistakenly viewed a website. When those traces connect to borderline-criminal
websites, people may have a hard time believing that their employee or
significant other hasn't been spending an awful lot of time cruising adult
sites. [...] In one case a man claims that a browser hijacker sent him to
jail after compromising images of children were found on his work computer
by an employer, who then reported him to law enforcement authorities.
- Vulnerability in Internet Explorer ITS Protocol Handler
(US-CERT,
2004.04.08)
[A] vulnerability in Microsoft Internet Explorer (IE) could allow an
attacker to execute arbitrary code with the privileges of the user running
IE. The attacker could also read and manipulate data on web sites in other
domains or zones.
- The Bagle Virus' Nasty Turn
(The Motley Fool,
2004.03.19)
Even the most casual of home PC users now understand that it's dangerous
to open strange attachments they're not expecting, especially from strangers
or, sometimes, even from friends who have unknowingly sent a virus. This
new version of Bagle only requires a recipient to open the email or view it
within the Outlook preview frame, where some invisible HTML code downloads
and infects a PC through a known flaw in the Internet Explorer browser. ...
[It] could signal a new trend in viruses -- executing without attachments is
a smarter contagion indeed.
- E-Card Hijack Spam
(Aman Gupta's website,
2004.02.15)
The URL [victims are tricked into clicking on] does some really nasty stuff.
Using iframes, object tags and javascript, it opens up several other
files... The vbscript code contains strings which represent, in hex, the
binary contents of a certain executable which is saved as x.exe. Once saved,
this executable is launched with the url to a.exe as an argument. ...
'The file contains a number of very interesting strings, which make it
quite obvious that this program attempts to hijack the user's personal
login information as they log in to various popular Internet banking
services.' ... If you're still using Outlook and Internet Explorer, this
is a good time to find alternatives... Crackers and spammers are getting
more and more sophisticated, and are finding ways to fool even experienced
and skilled computer users.
- Microsoft Probes Flaw That Could Help Fraudsters Create Fake Web Sites
(InformationWeek,
2003.12.11)
The vulnerability lets attackers display any URL name they wish in the address and status bars of Internet Explorer, allowing them to collect sensitive information. ... This flaw would make it appear to Internet users that they're visiting a banking Web site, for example, when that site is actually a front for fraudsters attempting to collect sensitive financial information.
- Microsoft Probes Reports of New Holes in Explorer
(Yahoo! News,
2003.11.28)
Two [of the seven] holes are critical and could allow an attacker to run a
program that would delete files, crash the machine or take control of it
from a remote location...
- IE full of holes, unsafe: Security experts
(ZDNet Australia,
2003.10.09)
The comments come after a glut of critical vulnerabilities were discovered
in Internet Explorer and a delay of nearly four weeks between the very
public disclosure of a critical vulnerability in the browser and the
roll-out of a software patch. ... 'Recent exploits of Microsoft software has
made it unsafe to surf the Web... it will be very difficult for some users
to even know their computer is infected with a virus or otherwise
compromised'... 'Internet Explorer was a poorly thoughtout product.
In their effort to become the number one browser, by cramming every feature
possible, they have in essence forgotten about security and made a system so
flexible that its even flexible to hackers'...
- A Virus
(Personal web log,
2003.09.03)
[The] file appears to be an exploit directed at IE 5 (and possibly 6) and
Outlook Express (which uses an integrated IE component for displaying e-mail).
This exploit appears to allow the exploiter to execute arbitrary code ...
on the exploited machine.
- New BugBear worm still spreading
(MSNBC News,
2003.06.05)
Malicious program specifically targets financial institutions...
The new worm spread to 115 countries just hours after its release...
'[It] is likely to be more damaging than any virus seen so far this year...'
[It] uses a particularly nasty flaw in Microsoft's Internet Explorer program
and its implementation by Microsoft's Outlook e-mail reader that allows the
virus to infect machines whenever a victim simply previews an e-mail message
loaded with the program.
- Sneaky Toolbar Hijacks Browsers
(Wired,
2003.01.30)
Xupiter is an Internet Explorer toolbar program. Once active in a system,
it periodically changes users' designated homepages to xupiter.com,
redirects all searches to Xupiter's site, and blocks any attempts to
restore the original browser settings. ...
Several versions of Xupiter also appear to download other programs, such
as gambling games, which later appear in pop-up windows. Xupiter's site
claims the toolbar isn't installed without express permission, but many
insisted that they had not agreed to install the program.
Last 19 Articles
Collection originally created by, donated to LUGOD by,
and maintained by
Bill Kendrick.
Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are
trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.
|
|
