Javascript & IE

[Rik]

If you use version 6 or 7 of Microsoft's Internet Explorer browser you should disable the JavaScript function immediately.

Security experts have warned anyone using Internet Explorer 6 or 7 on a Windows XP or Windows Vista PC to take immediate steps to ensure their security.

This is because an exploit for a previously unknown flaw in the browser has been spotted in circulation.

The flaw could enable a hacker to take over a computer if a surfer visited a compromised website using a vulnerable version of the IE browser.

Proof-of-concept code is already circulating on the web, with more exploit code likely to be on the way.

Security firm Symantec advised surfers to disable JavaScript in IE and to ensure their anti-virus definitions were up to date.

"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into sites, infecting potential visitors," Symantec said in a statement.

You can disable JavaScript in IE7 by going to Tools, Internet Options, click on the Security tab and then click on Custom Level. Scroll down until you find the entry for Scripting, then click on Disable.

In IE6, follow the same instructions, though you are looking for the entry for 'Active scripting' in the Custom Level dialogue box. You will also need to restart your browser for the fix to take effect.

Other versions of Internet Explorer and Windows could also be affected, Symantec warned.

Microsoft has not yet commented on the vulnerability.

[somanyholes]

shame they don't have no script On a more serious note turning off javascript is going to break a massive amount of sites, I can't believe they have recommended to turn it off. Web security would be so muc better if javascript didnt exist at all, it really is a big gaping hole in browser security.

[Glenn]

Do you have a link please Rik, I'll send it to my desktop admin team?

[Rik]

I don't, I stole it from elsewhere, So.

[Noreen]

Is it the one called "Scripting of Java Applets", Rik?

[Rik]

This is the best I could find:

http://voices.washingtonpost.com/securityfix/2009/11/new_attack_targets_weakness_in.html

[Rik]

Is it the one called "Scripting of Java Applets", Rik?

Possibly.

[Glenn]

http://news.softpedia.com/news/IE7-0-Day-Vulnerability-Published-in-the-Wild-127732.shtml

[Sebby]

Good old IE.

[Baz]

i dont use IE if I can help it  but for those that do and are not familiar with Javascript  how do you disable it Rik and how long to leave it disabled

[Rik]

You can disable JavaScript in IE7 by going to Tools, Internet Options, click on the Security tab and then click on Custom Level. Scroll down until you find the entry for Scripting, then click on Disable.

In IE6, follow the same instructions, though you are looking for the entry for 'Active scripting' in the Custom Level dialogue box. You will also need to restart your browser for the fix to take effect.

Baz. Not sure about IE8.

[Baz]

opps   sorry Rik didnt read it all 

[Rik]

  I know the feeling Baz, I do it all day.

[Baz]

what do they class as a compromised website or is there far too many to mention  

[Noreen]

I found this  http://www.technipages.com/internet-explorer-7-enabledisable-javascript.html

[Rik]

Thanks, Noreen.

[psp83]

Web security would be so muc better if javascript didnt exist at all, it really is a big gaping hole in browser security.

Web security would be better if IE didnt exist!

Its not javascript thats in the wrong, its the browser not coded correctly.

[somanyholes]

Web security would be better if IE didnt exist!

Its not javascript thats in the wrong, its the browser not coded correctly.

xss/csrf dont care what browser your using, javascript/actionscript all lead down the same path.

[Noreen]

I disabled it and found that I couldn't use smilies in posts so I've reset it again.

[Rik]

It would do that, and affect some other forum functions too.

[Noreen]

Possibly doesn't affect Vista, only XP. http://blogs.pcmag.com/securitywatch/2009/11/unpatched_vulnerability_and_ex.php

[Noreen]

Looks as though it does affect Vista. http://www.microsoft.com/technet/security/advisory/977981.mspx

[Rik]

Nice to see they're really going flat out to fix it, isn't it.

[Gary]

Nice to see they're really going flat out to fix it, isn't it.

Makes Windows 7 look tempting for those with XP and Vista, Rik.

[Rik]

Makes a Mac look even more tempting.

[Gary]

Makes a Mac look even more tempting.

I am cuddling mine as we speak, I was deprived today as we had carpets laid throughout the Bungalow so not internet till about an hour ago

[Rik]

I have a radiator valve to be replaced in here tomorrow, so I'm going to be cut off too...

[Gary]

I have a radiator valve to be replaced in here tomorrow, so I'm going to be cut off too...

Ouch  changing your name to Bobitt by any chance?

[Rik]

Not unless I stand too close.

[Gary]

Not unless I stand too close.

I will be offline again for a while, getting a new router, a Netgear DGN3300 So I can use the mac on the ratified 802.11n on the 5GHz frequency and my Playstation and iPhone on the 2.4ghz simultaneously if it all works correctly 

[Rik]

 

[Colin Burns]

i got board and just disabled everything in IE 

though i dont ever use it. Shame i cant completly kill it without hurting xp

[Gary]

Seems IE 8 is vulnerable, if its the same expolit, "IE8 flaw makes 'safe' sites unsafe. The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe.

The flaw in IE 8 can be exploited to introduce XSS, or cross-site scripting, errors on webpages that are otherwise safe, according to two Register sources, who discussed the bug on the condition they not be identified. Microsoft was notified of the vulnerability a few months ago, they said"

Nice of MS to keep on top of the patching again.

[Rik]

 

[Glenn]

News from MS http://www.microsoft.com/technet/security/advisory/977981.MSpx?pubDate=2009-11-25

[Gary]

News from MS http://www.microsoft.com/technet/security/advisory/977981.MSpx?pubDate=2009-11-25

This must be a different bug in IE8 http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/

[Sebby]

There are so many, it's easy to lose track.

[Den]

I promised not to come over to the Mac thread as long you refrained from having goes at Microsoft, your on thin ice 

[Gary]

I promised not to come over to the Mac thread as long you refrained from having goes at Microsoft, your on thin ice 

Considering that bug is Months old it damn poor that IE8 is Vulnerable, and we still have a Windows machine in the house  Microsoft need to patch faster, not sit on problems for so long 

[Den]

    I like IE8 and Windows 7   

[Gary]

  I like IE8 and Windows 7   

I am sure you do, I like Sencha tea 

[Den]

I don't like any kind of tea 

[Sebby]

I promised not to come over to the Mac thread as long you refrained from having goes at Microsoft, your on thin ice 

Not having a go, just stating a fact. Having a go would have been "I hate Microsoft".

[Ann]

Has anyone ever been caught by these so called vulnerabilities?  I never have.  In fact in all my years with computers, my computer has never been infected.  And I've always used IE.  At the moment I use IE mostly and Chrome for one particular forum.  That one's a bugger.  I don't know why but I can't keep logged in with IE and as I'm an admin I need to be logged in to deal with spammers.  But I digress.  MS is not so bad..

[Den]

I cant remember the last time I have picked up a virus or had any other problems and I have always used IE. I don't use it because it is put out by MS, I use it because I have never realy liked the alternatives and have yet to try one that can hold a candle to IE8.

[Simon]

I don't think IE is inherently bad - it's just not as good as Sea Monkey. 

[Gary]

I don't like any kind of tea 

Green tea is very different. 

[Den]

All tea makes me go   

[somanyholes]

Has anyone ever been caught by these so called vulnerabilities?  I never have.  In fact in all my years with computers, my computer has never been infected.  And I've always used IE.  At the moment I use IE mostly and Chrome for one particular forum.  That one's a bugger.  I don't know why but I can't keep logged in with IE and as I'm an admin I need to be logged in to deal with spammers.  But I digress.  MS is not so bad..

Ann this maybe of interest to you. http://download.cnet.com/AutoRefresher-for-IE/3000-12512_4-10062693.html. Just don't set the frequency to high.

[Gary]

All tea makes me go   

I am sure it does 

[Rik]

Just to broaden the debate, I don't like tea or coffee, in fact any hot drinks.

[Glenn]

I don't like coffee, but my tea I prefer to be very hot.

[Gary]

Just to broaden the debate, I don't like tea or coffee, in fact any hot drinks.

I don't drink caffeine of any sort, and I like my Sencha warm, although you make it just off the boil at 90c then leave for 5 mins, its a acquired taste I guess, but there are so many green teas that taste good, like Gunpowder, thats another one I like

[Rik]

I only ever drink cold drinks, have done since I was about 12, Gary.

[Gary]

I only ever drink cold drinks, have done since I was about 12, Gary.

Why is that, Rik?

[Rik]

I just went off tea, and have never been tempted back.

[Gary]

I just went off tea, and have never been tempted back.

Fair enough, I have to keep my liquids up anyway and Coffee and normal tea were not helping me, oddly I find it harder to sleep now that I don't take caffeine, and I have been off it for about 2 months

[Rik]

Lucky you, I have to keep them down.

[Lance]

I'm drinking a coffee now whilst reading this!

[Gary]

I'm drinking a coffee now whilst reading this!

I'm drinking a Camomile tea.....man 

[Sebby]

I love a cup of tea.

[Rik]

I wouldn't be allowed it now even if I did, no stimulating drinks. OTOH, alcohol is a depressant.