On Jul 11, 2004, at 11:57 PM, Jerry Yeager wrote: > This might be enough. CERT issued a very serious recommendation that > windoze users change from using IE to some other browser, dang near > any other browser beside IE. It seems that the viruses attacked the M$ > IIS servers (apparently some big web-sites use them -- including some > financial institutions), visitors that surfed in using IE on windoze > got hijacked, maimed, folded, spindled, mutilated, etc. and their > computers sent all kinds of private data to servers in Russia among > other places (it has been surmised that the servers were being run by > members of organized crime in Russia).
Most people haven't heard of CERT. I wish they'd call it by its umbrella name: The Department of Homeland Security. Here's a report on what they said, copied from Yahoo news. <copy http://story.news.yahoo.com/news?tmpl=story&cid=74&e=3&u=/cmp/20040702/ tc_cmp/22103407> The Department of Homeland Security's U.S. Computer Emergency Readiness Team (CERT) touched off a storm this week when it recommended for security reasons using browsers other than Microsoft Corp.'s Internet Explorer. The Microsoft browser, the government warned, cannot protect against vulnerabilities in its Internet Information Services (IIS) 5 server programs, which a team of hackers allegedly based in Russia has exploited with a Java script that is appended to Web sites. The particular virus initiated this week inserts Java script into certain Web sites. When users visit those sites, it initiates pop-up ads on home and office computers, and allows keystroke analysis of user information. The target is believed to be credit card numbers. CERT estimated that as many as tens of thousands of Web sites may be affected. CERT said vulnerabilities in IIS and IE could include MIME-type determination, the DHTML object model, the IE domain/zone security model and ActiveX scripts. Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines. The only defense may be completely disabling scripting and ActiveX controls. </copy> | The next meeting of the Louisville Computer Society will | be July 27. The LCS Web page is <http://www.kymac.org>. | List posting address: <mailto:macgroup at erdos.math.louisville.edu> | List Web page: <http://erdos.math.louisville.edu/macgroup>
