For Internet Explorer users, please note that there is a new exploit in the wild that is capable of compromising a fully patched and updated WinXP machine:

http://www.eweek.com/article2/0,1759,18917...3119TX1K0000594

Microsoft has not released a fix yet. From the article:


Firefox and other alternative web browsers are not affected. You would have to be tricked into going to a malicious website to have any chance of being affected by this one, so most folks are probably safe anyway, but I thought I would let everybody know.

For the curious, here's a proof of concept site that launches MScalculator when you visit their web page. Scary!

http://www.computerterrorism.com/research/ie/poc.htm

So does that mean to disable "javascript" if you are using IE? Or is Active Scripting different than js?

It really bothers me how Internet Explorer has so many flaws. I mean they should take time to test it before releasing it to the general public. Its insane how it has been out for a few years and people are still finding exploits.

Disabling active scripting will disable javascript. I'm not sure exactly what the difference is between the two. You can see the 'Active scripting' option in the 'custom level' area of the security tab in internet options:



It's the top one in this image. Just set it to 'Disable'



This post has been edited by BuffaloHELP: Nov 22 2005, 10:38 PM

This is really good information. Thank you.

I went to the ComputerTerrorism site and tried the test and yes it is scarey how well IE co-operates with the test. Not only that, it hung itself and stopped responding when I tried closing the test pop-up window. First I got the message that that program was not responding and then IE crashed.

I went into my security settings and disabled activeX scripting and ran the test again and.....nothing happened. Good!

However, ComputerTerrorists do go on to say that as long as you stay off potentially malicious websites, you won't have a problem. Yeah....right.

I forgot to add that my Calculator did not pop up. I was expecting it to.

Did I misunderstand?

Yeah, it's supposed to pop up calculator. It comes up after the pop up does it's thing, so if ie crashed in the middle of it that's probably why you didn't see it.

Nice thanks for that information. And the test like with an "javascript virus" is funny

lol tought that Internet Explorer was almost 100% safe, anyway its not any big problem its just an little exploit and microsoft will soon deliver an patch to fic that problem.

well heres a question if you disable the javascript through your browser are you not going to have problems loading sites and um using certain features like post (fast reply) and what not.

of course you would have to be stupid to be tricked into going to a phony website through your email.

but its simple delete/block junk email and your find and don't go to websites you don't know about without researching it first.

Well, here's another obvious reason why current IE users should switch to FireFox

I used to use IE a few months ago, but it just keeps getting more annoying everytime i use it. In the end, i decided to reformat my computer, forget about IE and use FireFox. And up till now, FireFox has served me well.