Urgent warning

[ciphergoth]

Stop browsing the web NOW, or your computer will come under the control of the Bad Guys. Read this first.

Internet Explorer, the web browser that comes bundled with Windows and some Mac systems, has a serious security flaw. Just by viewing a web page you might compromise your machine. And thousands of web pages all over the Net contain the damaging code - because the machines hosting those pages have been compromised. This means that you will be attacked even if you stick to browsing sites that you trust.

There is no fix to Internet Explorer available, even though this flaw has been known about for some time. If you continue to use this browser, you are asking the bad guys to control your computer. They will use it for things like sending spam and compromising your bank details and personal information.

Currently the only fix is to install another browser. Even if Microsoft get around to fixing this problem, the history shows that there will be many others, and that your computer will be open to takeover by others for as long as you use Internet Explorer.

If your workplace forbid you from installing software on your machine, you have three choices:

1. Never browse the Web from your work computer - just don't start the browser at all, ever.
2. Disobey your work and install another browser.
3. Disobey your work and install a program for sending spam, involuntarily, courtesy of the Bad Guys.

Please don't choose option 3.

I recommend installing Mozilla Firefox right away. Others prefer other browsers - pretty much any alternative to Internet Explorer will be better.

More details in reddragdiva's journal. But maybe install a new browser first, and then go browsing later?

Comments

[ciphergoth.livejournal.com]

A quick PS to everyone who is already using a non-Microsoft browser or system - hooray to you for doing the right thing. You might even be the majority of my friends list. This post is worded to catch the attention of those who have not yet joined you, so please forgive me for not addressing you in the above.

[sbisson.livejournal.com]

Actually there is a fix - you are not at risk of you are using the updated version of IE that comes with Windows XP Service Pack 2. Ther eis a download of Relase candidate 2 for this on the Microsoft technet web site.

[babysimon]

Neat trick:

<!--[if IE]><h1>Big Warning</h1><![endif]-->

[kerrykat.livejournal.com]

Thanks for providing the information. It does really help techno-fuckwits like me :)

Firefox downloaded and me like! :)

thanks again
K xxxxxx

The Great Anti-virus Stop-Gap Solution (but it's better than nothing, right?)

[bondagewoodelf.livejournal.com]

I know it's a stop-gap. But fortunately there are several anti-virus companies that have already released an update to handle the thing that it on the loose on, alledgedly, all those web sites.

I just checked, and my own preference, Kaspersky AV has it in the 2004-06-25 update.

Of course this might only protect against this particular instance of the exploit and not against the vulnerability itself (or maybe it does? they might have added some generic fix for this particular one, although I doubt it since it's listed as 'Trojan.JS.Scob.a' which looks like a very specific detection.

Of course:

- I do most of my browsing with Opera anyway
- AV definitions at corporate sites are often horribly old

Other companies (Symantec, Computer Associates and F-Secure) appear to have AV definitions for this one already as well.

[trishpiglet.livejournal.com]

Using Firefox.
I have MIE on my computer, though. BS says it's hard to delete, so I'll settle for removing from desktop.

Mico$oft IE

[missedephemera.livejournal.com]

[Error: Irreparable invalid markup ('<tis'>') in entry. Owner must fix manually. Raw contents below.]

<tis' paul speaking> Needless to say, Mona and I have never, EVER, been in the nasty habit of using IE as our default web browser. We us an independent third party browser and for no better reason than Mona is Norwegian, we use a paid up version of Opera (http://www.opera.com/). Again, needless to say, Opera (IOMHO)is vastly superior to IE in functionality (blah, blah, etc... OperaRocksOK!). The only problem, and it is a biggie, seems to be that there are some web sites that seem to be configured in such a way that ONLY IE will function correctly accessing them. We suspect this to be a deliberate ploy by Micro$oft to ensure IE usage. To its credit, Opera can try to disguise itself as IE to get past these IE-only-acess-sites, but not yet 100% sucessfully.

[ruis.livejournal.com]

If your workplace forbid you from installing software on your machine, you have three choices:

Or there is a forth more responsible choice which is you talk to your IT person/dept and ask them if your computer is at risk from this exploit or if you are safe e.g. by using a proxy server that has suitable anti-virus and content filtering installed. If you are at risk ask your boss what you should do.

[lucybond.livejournal.com]

I've started using Mozilla Firefox, but it won't let me upload stuff to my personal webspace, while Internet Explorer does.

Any idea why that is? I am mostly using Mozilla Firefox now, so it won't be hard to avoid IE, apart from that one thing...

[envoy.livejournal.com]

Firefox is lovely. I'm off to SanFran! Whooot!

[booklectica]

I downloaded Mozilla at work (which I'd been meaning to do again anyway) and left a note for my employer telling her to do it too, with a printout of the CNN article. We use Mozilla at home anyway. Is Firefox a better version of Mozilla or something different altogether?

[thekumquat.livejournal.com]

Please see my recent post re Mozilla...

Work will jsut have to suffer, seeing as no-one can install software except the IT bods (and some of them are too ignorant). Fortunately the firewall/security IT bods out in a bunker somewhere are fairly competent - have had one virus in the last 2 years. Option 1 isn't an options as I need to browse for work.