Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: 030.com
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 09 Nov 2002 09:19:31 +1200
"Waitman C. Gobble" <waitman () emkdesign com> wrote:

<<snip>>

I sent emails to the IP block owners of both 030.com and the ip in the
hosts file, requesting that they investigate this matter and terminate
the activity.

I could care less if the owner of the site sends a friendly email
instructing how to disable the thing. The hijacking should not have
happened in the first place.


You almost certainly have two problems:

1.  You/your users use IE to browse the web.  Just say no.  Get any 
other buggy browser.  The minor inconveniences of having to 
occasionally do a shift-Reload to force a refresh because of local 
caching screwiness, or killing and occasionally restarting the 
browser because your system gets real slow and unresponsive and four 
web pages of basically plain text apaprently require 92MB of RAM to 
render, etc, etc far outweigh all the crap you face due to the bug du 
jour mess you face with IE.  The point is, IE bugs are heinous _and_, 
because there are so many IE users, arseholes will exploit them for 
as "trivial" but annoying things as changing your home page, default 
browser search page and much worse.  Mozilla, Opera, etc, etc are 
probably no less buggy, but any security flaws they have that are 
half as bad as most of IE's are not known and thus are not being 
widely exploited.

2.  Most likely your IE users have default security zone settings.  
If you really "must" keep using IE (given its appalling security 
record no-one can really justify that, but I'll humour you and assume 
there is some extraordinarily wacky "business need" argument peculiar 
to your company that only the sheer idiocy of typical middle level 
management could possibly understand) then you have to disable all 
ActiveX (except supervisor-approved), all scripting and all anything 
else 'active' in the Internet zone then be very careful about which 
domains you put in the Trusted Sites zone.  Of course, you then 
should review the Trusted Sites security settings, as the default 
Internet zone settings are really more appropriate.  This will break 
a huge chunk of the Internet because far too much of it unnecessarily 
"requires" scripting, promptly returning us to the "have you 
considered using another browser?" option.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]