-Caveat Lector- -------- Original Message -------- Subject: [Spy News] A dangerous security hole has been discovered in MS Internet Explorer. Date: Fri, 30 Mar 2001 16:25:03 EST From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IE Hole Surrenders Your Computer http://www.wired.com/news/technology/0,1282,42750,00.html?tw=wn20010330 by Michelle Delio 8:00 a.m. Mar. 30, 2001 PST A dangerous security hole has been discovered in Microsoft's Internet Explorer. Spanish security expert Juan Carlos Cuartango discovered the hole, which allows attackers complete access and control over any computer running any version of the Windows operating system and Internet Explorer Versions 5 and 5.5. An attacker can gain control of another user's machine using an HTML-formatted e-mail with an attachment that contains a small remote-control program. The e-mail can be sent directly to the victim, or can be placed on a website. Unlike previous e-mail-activated attacks, the victim of this attack does not have to download the e-mail or click on the attachment for it to work. If a malicious user sends an affected HTML e-mail or hosts an affected e-mail on a website, and a user opens the e-mail or visits the website, Internet Explorer automatically runs the excecutable program on the user's computer. Typically, attackers will exploit the hole by sending a provocative e-mail to prospective victims in an attempt to lure them to the malicious website. Once a computer has been compromised, the attacker -- working from a remote location -- can do anything the computer's owner could do on the machine. "This is the biggest Microsoft Internet Explorer vulnerability I have ever discovered," said Cuartango, who details the hole and its ramifications for Windows computer users on his Spanish-language website. Microsoft was not immediately available for comment, but has released a "critical" security alert as well as a patch to fix the hole. Microsoft strongly advises "all customers using Microsoft Internet Explorer to install the patch immediately." The company says full documentation of the problem will be posted by Saturday. Cuartango said he alerted Microsoft to the problem on Feb. 14. "Microsoft responded immediately and their security team also started working immediately to produce a fix," he said. ------------------------ Yahoo! Groups Sponsor ---------------------~-~> Make good on the promise you made at graduation to keep in touch. Classmates.com has over 14 million registered high school alumni--chances are you'll find your friends! http://us.click.yahoo.com/03IJGA/DMUCAA/4ihDAA/TFOWlB/TM ---------------------------------------------------------------------_-> ============================================== SPY NEWS is OSINT newsletter and discussion list associated to Mario's Cyberspace Station http://mprofaca.cro.net/mainmenu.html ============================================== *** NOTICE: In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to SPYNEWS eGroup members who have expressed a prior interest in receiving the included information for non-profit research and educational purposes only. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml ---------------------------------------------- To subscribe SPYNEWS send a blank message: mailto:[EMAIL PROTECTED] To change your subscription mode to Daily Digest (one message a day) send a blank message: mailto:[EMAIL PROTECTED] To unsubscribe SPYNEWS send a blank message: mailto:[EMAIL PROTECTED] Mario Profaca, independent journalist, SPY NEWS eGroup list owner, editor & moderator, is a member of of the Committee of Concerned Journalists, an initiative administered through the offices of the Project for Excellence in Journalism in Washington, D.C. mailto:[EMAIL PROTECTED] SPY NEWS home page: http://groups.yahoo.com/group/spynews Spy books, handbooks and manuals: http://mprofaca.cro.net/manuals.html ============================================= Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om