internet.com
You are in the: Small Business Computing Channelarrow
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |Refer-It

WinPlanet Software Downloads and Reviews for Small Businesses
Search
Power Search | Tips
-
Navigate WinPlanet
WinPlanet Home Page

Software
Download Index
In-Depth Reviews
Tips & Tutorials
Updates
News

Software Categories
Browsers
Chat / Conferencing
Desktop Utilities
Development
Internet Apps
Multimedia
OS Service Packs
Productivity Tools

Software Glossary

WinPlanet Newsletter

internet.commerce
Partners & Affiliates

Small Business Computing
Small Business Computing
Ecommerce Guide
Webopedia
WinPlanet

WinPlanet / Tips & Tutorials

Download of the day
Internet Explorer 8

Most Popular Software Downloads
Mozilla Firefox 3.0
QuickTime for Windows
Adobe Flash Player
Winamp
Spybot Search and Destroy
Internet Explorer 7
Paint Shop Pro
AVG Anti-Virus Free
iTunes
Windows XP Service Pack 3

Most Popular Software Articles
Windows Vista Tips & Tricks, Part 1
Windows Vista: Worthy of the Hype?
Windows Wireless Zero Configuration: Five Steps to Sanity


Software Reviews

IE 5 Security Hole Found
Doozy of a Security Hole
Paul Jones

Bulgarian hacker Georgi Guninski, who claims to search for security holes for the intellectual challenge, has repeatedly exposed dangerous security holes in Microsoft products. And he's found a doozy in Microsoft Internet Explorer (IE) 5.

He found a security hole that allows anyone with a Web page to take over your computer system via a few simple lines of code within the HTML code that makes up the page. Just by visiting the page your machine may be subject to the exploit. And that's not all. Because so many email clients now support HTML-formatted email messages, malignant individuals can also include ill-meaning HTML with their email. Reading newsgroups with IE 5 can also leave your system vulnerable, since newsgroup messages may also include HTML code.

Guninski's discovery makes use of an ActiveX control that is designed to create "scriptlets" that run on a user's machine when he views a Web page or email message. This particular control, called "Object for constructing type libraries for scriptlets", has free run of the user's files and can easily be made to overwrite files, place hostile programs on the hard drive, and generally cause oodles of damage.

Windows 95, Windows 98 and Windows NT systems are all at risk, and the security hole allows anyone with a Web page to plant harmful programs on the system. Many computer security experts have warned that ActiveX lacks safeguards against abuse by destructive hackers.

To put things in perspective, one's chances of coming across an email message or Web page that exploits this hole are quite slim (or were until this story hit the Internet), but the possibility is there. And if you do come across malicious code it could do severe damage.

Typically, Microsoft posts patches for these types of security holes, but the patches themselves have flaws in some instances. If you don't want to wait for a patch, you can do this yourself by following all of these steps:

  1. Change the default security setting for the Active Desktop's "Internet Zone" from "medium" to "high"
  2. Disable the "Script ActiveX controls marked safe for scripting" option
  3. Disable the Active Scripting feature
  4. Disable all ActiveX controls and plugins

Do you plan to fix this yourself or wait for a patch? Vote in the poll below!

Contents:
1. Doozy of a Security Hole




JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers