Attention!: Major Flaw in Internet Explorer!

[f.montoya]

Major flaw revealed in Internet Explorer; users urged to switch : Christopher Null : Yahoo! Tech

This quite possibly could have something to do with the rash of attacks on OOTP leagues.

[Cooleyvol]

I don't understand the advice of switching browsers. How does my switching browsers stop someone from using IE to get the passwords?

[Alan T]

Quote:

Originally Posted by Cooleyvol

I don't understand the advice of switching browsers. How does my switching browsers stop someone from using IE to get the passwords?

Their point is if people change browsers and don't use Internet explorer, they have less risk of a site that contains an Internet explorer targeted exploit harming their computer.

I agree that not using Internet explorer except when absolutely necessary has been a decent rule of thumb for several years now, but their solution of simply switching browsers is fairly simplistic and not entirely effective. Simply going to firefox would still leave you wide open to many other sites that contain browser-indifferent infections on them.

The only way people will really be able to protect themselves from these types of attacks is to become smarter about their own web-surfing in general. Using various add-ons such as noscript the proper way will help you far more then just simply switching to firefox for instance.

[f.montoya]

Quote:

Originally Posted by Cooleyvol

I don't understand the advice of switching browsers. How does my switching browsers stop someone from using IE to get the passwords?

If you happen to visit a site that has an ****** embedded, and you visit that site with IE, your passwords stored IE could be at risk of being stolen via the ******. Currently, the attacks that we've experienced have involved placing iframes on our online league websites.

[Alan T]

Quote:

Originally Posted by f.montoya

If you happen to visit a site that has an ****** embedded, and you visit that site with IE, your passwords stored IE could be at risk of being stolen via the ******. Currently, the attacks that we've experienced have involved placing iframes on our online league websites.

The firefox browser as well as the google chrome browser is also at risk to ****** attacks. That is not just limited to Internet explorer. With Firefox, if you use noscript, the default behavior is to allow iframes as well. Anyone who uses firefox with noscript should go into the options and make sure to check the box to block iframes as well.

The attack of iframes being places on sites however is a very common attack that have hit hundreds of thousands of sites. Usually those iframes are placed on the server due to exploiting server scripts or applications and have less to do with the actual browser that people use. Once a server is infected however, someone using an insecure browser or a system not properly patched is at risk.

[f.montoya]

Quote:

Originally Posted by Alan T

...The only way people will really be able to protect themselves from these types of attacks is to become smarter about their own web-surfing in general.

True. Unfortunately, even the smart people can visit an infected OOTP online league site. The article suggests that gaming sites have been targeted. A gaming community we are.

Quote:

Originally Posted by Alan T

Using various add-ons such as noscript the proper way will help you far more then just simply switching to firefox for instance.

While true, most people have no idea what noscript is.

[Alan T]

Quote:

Originally Posted by f.montoya

True. Unfortunately, even the smart people can visit an infected OOTP online league site. The article suggests that gaming sites have been targeted. A gaming community we are.



While true, most people have no idea what noscript is.

While OOTP is a gaming community, I haven't seen any of these trojans ever specifically target ootp however. (it is obviously possible however).

When these reports say that the hackers are targeting gaming sites, what they mean are World of Warcraft of various other multiplayer online games like that. What the hackers are evidently doing is through keyloggers that are loaded on a user's computer thanks to this exploit, they then just sit and watch for a long list of multiplayer online games. Once the user logs in to the game it records their login information and sends it off to a "home site".

The hackers then are going and stealing people's accounts in these games and selling them online on various sites to new people for profit. I don't play in multiplayer online games like Word of Warcraft, but it is reportedly very widespread in them.

[f.montoya]

Quote:

Originally Posted by Alan T

While OOTP is a gaming community, I haven't seen any of these trojans ever specifically target ootp however. (it is obviously possible however).

When these reports say that the hackers are targeting gaming sites, what they mean are World of Warcraft of various other multiplayer online games like that. What the hackers are evidently doing is through keyloggers that are loaded on a user's computer thanks to this exploit, they then just sit and watch for a long list of multiplayer online games. Once the user logs in to the game it records their login information and sends it off to a "home site".

The hackers then are going and stealing people's accounts in these games and selling them online on various sites to new people for profit. I don't play in multiplayer online games like Word of Warcraft, but it is reportedly very widespread in them.

Would the hacker be able to, via an ****** on an ootp league site, be able to steal passwords used to login to a forum on the same site?

I'm also thinking that although we are not the same type of gaming community as, say, WoW, but the hacker does not know that, and thus, is attacking us anyway in case we are.

[Alan T]

Quote:

Originally Posted by f.montoya

Would the hacker be able to, via an ****** on an ootp league site, be able to steal passwords used to login to a forum on the same site?

I'm also thinking that although we are not the same type of gaming community as, say, WoW, but the hacker does not know that, and thus, is attacking us anyway in case we are.

In most cases that I have seen, all the ****** does is "trick" the browser to go to a different site without the user knowing it. From which site there is some code to try to exploit various applications in case the user does not keep their computer patched. Common exploited applications or functions are Internet explorer, Real player, Flash, Adobe Acrobat, Java, etc.

If it finds a computer that has not kept their system up to date on patches and are successful in infecting the computer, it usually loads a trojan on the system which starts various tasks among which is a keylogger that is instructed to capture various kinds of passwords. Forum passwords could be one of them I suppose.. realistically anything could be included when a keylogger is concerned. If you type it in, it will know that.

That isn't the only thing these trojans can do. There are thousands of variations all of which target or do different things.

[f.montoya]

Quote:

Originally Posted by Alan T

In most cases that I have seen, all the ****** does is "trick" the browser to go to a different site without the user knowing it. From which site there is some code to try to exploit various applications in case the user does not keep their computer patched. Common exploited applications or functions are Internet explorer, Real player, Flash, Adobe Acrobat, Java, etc.

If it finds a computer that has not kept their system up to date on patches and are successful in infecting the computer, it usually loads a trojan on the system which starts various tasks among which is a keylogger that is instructed to capture various kinds of passwords. Forum passwords could be one of them I suppose.. realistically anything could be included when a keylogger is concerned. If you type it in, it will know that.

That isn't the only thing these trojans can do. There are thousands of variations all of which target or do different things.

So you would recommend to all:

1. Keep your system updated
2. Don't put too much stock in the browser you use as long as you have anti-virus protection and set it to not allow iframes(currently a Firefox addon "noscript" can provide this protection. Are there options for those who use IE?)
3. Browse the internet intelligently

[Alan T]

Quote:

Originally Posted by f.montoya

So you would recommend to all:

1. Keep your system updated
2. Don't put too much stock in the browser you use as long as you have anti-virus protection and set it to not allow iframes(currently a Firefox addon "noscript" can provide this protection. Are there options for those who use IE?)
3. Browse the internet intelligently

#1 is the most important. Make sure your system gets regular updates.
#2 I personally don't use Internet explorer for anything unless I have specific work applications that require it. I personally find Firefox + noscript better to protect your computer then anything else out there for Windows as long as you have noscript configured correctly. (Many people install it and then hate how restrictive it is and then disable the pieces that protect you).
#2a: I do think it is important to have anti-virus protection (I do after all work for a large company that develops antivirus software among other various applications). However for these specific attacks, in my opinion most anti-virus software applications have been fairly ineffective in preventing them from occuring. I won't go into all of the reasons for that unless someone is dying to know.. but that doesn't mean anti-virus software is not important.. Just in this particular case, protecting yourself in other ways is more effective.
#2b: In addition there are other various applications you could choose to use to safeguard your computer to prevent various fundamental system changes without prompting you for special approval first. (Windows vista comes with alot of this built in, and is often listed as one of the annoying features of windows vista however)
#3 Yes, the best protection is learning how to view webpages in a way to better protect yourself. The problem is that you could be the smartest web viewer in the world, and if you hit a website that is infected, you are possibly in as much trouble as anyone else. Many mainstream webpages these days are infected with these type of attacks. Computer manufacturers, large online communities, etc.

[RchW]

Thanks for having this discussion. I installed no script onto Firefox and found it annoying. However I'm learning to be selective about what I allow, and it seems to be working well.

[TC Dale]

It would be a welcome addition if maybe some tips are posted here about Firefox as these security holes are very serious, and I am moving almost all of my work to FF until the fixes are complete and working for IE (versions 4 thru 7 at last time I checked).

Those FF gurus could do a great service if they could post some help and ideas about using the browser, for those that haven't used it much in the past.

[Alan T]

Quote:

Originally Posted by TC Dale

It would be a welcome addition if maybe some tips are posted here about Firefox as these security holes are very serious, and I am moving almost all of my work to FF until the fixes are complete and working for IE (versions 4 thru 7 at last time I checked).

Those FF gurus could do a great service if they could post some help and ideas about using the browser, for those that haven't used it much in the past.

I will try to give the basics as simplified as possible and then if people have questions they can ask for more specifics.

-Install Firefox (pretty self-explanatory)
-In Firefox go to: Tools -> Add-ons -> Get Add-ons -> Browse all Add-ons and search for an add-on called "Noscript"
-Choose to install noscript into your firefox (I believe this likely will cause you to restart firefox)
-Noscript will be loaded as you start Firefox, and by default it is more restrictive then many of you might be used to when browsing webpages and cause various things to not load like normal. I'll explain that in more detail later.


-The first time after you have installed noscript, you need to make one change to the options for noscript to make sure to block iframes as well. In the bottom right corner of your browser you will find a Small S (possibly with a Circle and line through it) Right click that S and then choose options
-In the options panel, go to the Plugins tab and find the checkbox labeled "Forbid ******" and make sure that it is checked. Once that is done, you can click ok and exit options.


At this point when browsing to random pages, anything that loads java, flash or other various scripts or iframes on any webpage that you visit will have all of that blocked by default. This may annoy many people or take getting used to, but it is also helping protect you from various attacks as well.

From here on out, it is simply a case of getting used to using noscript as part of your every day browsing. When you visit a trusted webpage that you want to run javascript on, you right click your little S in the bottom of the browser and find the option to either "Temporarily allow SITENAME" or "Allow SITENAME" which would then allow you to see the various scripts/applets on that site only.

Note, when you visit various webpages on the internet, and right click the no-script S, you may see all kinds of sites listed there. That probably is because that webpage has various advertisements or other scripts hosted from other locations on it. Only allow the things that you need. It never is good to allow access to scripts from sites that aren't needed.

If you ever visit a page that is infected with a various ****** vulnerability, and you right click your no-script S, you will see the option to allow the site you are visiting, as well as the other random site that the ****** is trying to access. By choosing to not allow any old thing on the list, you can help keep your system further protected.

Keep in mind this in no way means you shouldn't use anti-virus or shouldn't keep your computer patched.

[f.montoya]

IE hack patch is out: How to get it : Christopher Null : Yahoo! Tech

Seems Mr. Gates was paying attention.

[frankduffy]

I'll go back a few steps and declare a major ignorance...What's an ******?

[truthserum]

****** - Wikipedia, the free encyclopedia