RE: Exchange nightmares
Should it show up as JS_CIDEXPLOIT.B virus? That's what my virus software detected. -Original Message- From: Rocky Stefano [mailto:[EMAIL PROTECTED]] Sent: Friday, 1 March 2002 4:28 AM To: Exchange Discussions Subject: RE: Exchange nightmares Scott that is not a vulnerability. Its called active scripting. If you turn it off then www.cnn.com won't load properly either. Its a common integration feature. If you want to disable it properly IE security should have been set-up properly to begin with. Change your internet zone security to HIGH and that page won't load jack other than fire off antivirus warning. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Williams Scott CTR Sent: Thursday, February 28, 2002 12:32 PM To: Exchange Discussions Subject: Exchange nightmares TECH BRIEFING Want To See Something Scary? I thought you might be interested in trying this and then see your hair stand out. When I tried it just now (Wednesday Feb 27, 11am) it still worked. It's real too, yikes. This web page opens up a DOS box on your computer. Someone really interested in destruction would be able to wreak havoc on everyone visiting them. Or, cracked sites might be equipped with this doozy on their home page and all their visitors just beheaded. I'm not sure how you could protect your users against this kind of attack. Suggestions anyone? http://www.w2knews.com/rd/rd.cfm?id=020228TB-Scary _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Exchange nightmares
Scott that is not a vulnerability. Its called active scripting. If you turn it off then www.cnn.com won't load properly either. Its a common integration feature. If you want to disable it properly IE security should have been set-up properly to begin with. Change your internet zone security to HIGH and that page won't load jack other than fire off antivirus warning. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Williams Scott CTR Sent: Thursday, February 28, 2002 12:32 PM To: Exchange Discussions Subject: Exchange nightmares TECH BRIEFING Want To See Something Scary? I thought you might be interested in trying this and then see your hair stand out. When I tried it just now (Wednesday Feb 27, 11am) it still worked. It's real too, yikes. This web page opens up a DOS box on your computer. Someone really interested in destruction would be able to wreak havoc on everyone visiting them. Or, cracked sites might be equipped with this doozy on their home page and all their visitors just beheaded. I'm not sure how you could protect your users against this kind of attack. Suggestions anyone? http://www.w2knews.com/rd/rd.cfm?id=020228TB-Scary _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Exchange nightmares
What does this have to do with Exchange, specifically? The HTML is calling a local program. For this exploit to work there has to be either a) a downloaded piece of malware to be called in this fashion or b) the called program has to accept command-line strings. For (a), there should be none on your Exchange server just by following normal security guidelines (i.e. don't log onto the console just for the heck of it, browse from a workstation not a server, etc). For (b) this is a bit easier but, again, why are you browsing from a server? - Original Message - From: Williams Scott CTR [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, February 28, 2002 11:32 AM Subject: Exchange nightmares TECH BRIEFING Want To See Something Scary? I thought you might be interested in trying this and then see your hair stand out. When I tried it just now (Wednesday Feb 27, 11am) it still worked. It's real too, yikes. This web page opens up a DOS box on your computer. Someone really interested in destruction would be able to wreak havoc on everyone visiting them. Or, cracked sites might be equipped with this doozy on their home page and all their visitors just beheaded. I'm not sure how you could protect your users against this kind of attack. Suggestions anyone? http://www.w2knews.com/rd/rd.cfm?id=020228TB-Scary _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Exchange nightmares
Yeah, but how many networks do you know that have custom IE security settings? Granted there are a few fixes for this, but to call exe's through java, you basically can do anything you want on that PC. I'm no code guru so I'm not aware of the capabilities, but it doesn't help with virus problems. -Original Message- From: Rocky Stefano [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 12:28 PM To: Exchange Discussions Subject: RE: Exchange nightmares Scott that is not a vulnerability. Its called active scripting. If you turn it off then www.cnn.com won't load properly either. Its a common integration feature. If you want to disable it properly IE security should have been set-up properly to begin with. Change your internet zone security to HIGH and that page won't load jack other than fire off antivirus warning. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Williams Scott CTR Sent: Thursday, February 28, 2002 12:32 PM To: Exchange Discussions Subject: Exchange nightmares TECH BRIEFING Want To See Something Scary? I thought you might be interested in trying this and then see your hair stand out. When I tried it just now (Wednesday Feb 27, 11am) it still worked. It's real too, yikes. This web page opens up a DOS box on your computer. Someone really interested in destruction would be able to wreak havoc on everyone visiting them. Or, cracked sites might be equipped with this doozy on their home page and all their visitors just beheaded. I'm not sure how you could protect your users against this kind of attack. Suggestions anyone? http://www.w2knews.com/rd/rd.cfm?id=020228TB-Scary _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Exchange nightmares
Well, I would think you could call different command line scripts, not sure of Outlook/OE, or any other e-mail application supports sending e-mail from a command line. It relates to Exchange because 98% of viruses are propagated by e-mail. -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 12:44 PM To: Exchange Discussions Subject: Re: Exchange nightmares What does this have to do with Exchange, specifically? The HTML is calling a local program. For this exploit to work there has to be either a) a downloaded piece of malware to be called in this fashion or b) the called program has to accept command-line strings. For (a), there should be none on your Exchange server just by following normal security guidelines (i.e. don't log onto the console just for the heck of it, browse from a workstation not a server, etc). For (b) this is a bit easier but, again, why are you browsing from a server? - Original Message - From: Williams Scott CTR [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Thursday, February 28, 2002 11:32 AM Subject: Exchange nightmares TECH BRIEFING Want To See Something Scary? I thought you might be interested in trying this and then see your hair stand out. When I tried it just now (Wednesday Feb 27, 11am) it still worked. It's real too, yikes. This web page opens up a DOS box on your computer. Someone really interested in destruction would be able to wreak havoc on everyone visiting them. Or, cracked sites might be equipped with this doozy on their home page and all their visitors just beheaded. I'm not sure how you could protect your users against this kind of attack. Suggestions anyone? http://www.w2knews.com/rd/rd.cfm?id=020228TB-Scary _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Exchange nightmares
Scott I didn't say customize the sec settings in IE I simply stated that setting them to HIGH (which what they should be for untrusted sites)would not enable that page to work. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Williams Scott CTR Sent: Thursday, February 28, 2002 12:44 PM To: Exchange Discussions Subject: RE: Exchange nightmares Yeah, but how many networks do you know that have custom IE security settings? Granted there are a few fixes for this, but to call exe's through java, you basically can do anything you want on that PC. I'm no code guru so I'm not aware of the capabilities, but it doesn't help with virus problems. -Original Message- From: Rocky Stefano [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 12:28 PM To: Exchange Discussions Subject: RE: Exchange nightmares Scott that is not a vulnerability. Its called active scripting. If you turn it off then www.cnn.com won't load properly either. Its a common integration feature. If you want to disable it properly IE security should have been set-up properly to begin with. Change your internet zone security to HIGH and that page won't load jack other than fire off antivirus warning. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Williams Scott CTR Sent: Thursday, February 28, 2002 12:32 PM To: Exchange Discussions Subject: Exchange nightmares TECH BRIEFING Want To See Something Scary? I thought you might be interested in trying this and then see your hair stand out. When I tried it just now (Wednesday Feb 27, 11am) it still worked. It's real too, yikes. This web page opens up a DOS box on your computer. Someone really interested in destruction would be able to wreak havoc on everyone visiting them. Or, cracked sites might be equipped with this doozy on their home page and all their visitors just beheaded. I'm not sure how you could protect your users against this kind of attack. Suggestions anyone? http://www.w2knews.com/rd/rd.cfm?id=020228TB-Scary _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]