Profile

kyrielle: painterly drawing of a white woman with large dark-blue-framed glasses, hazel eyes, brown hair, and a suspicious lack of blemishes (Default)
Laura

Navigation

Most Popular Tags

Page Summary

Style Credit

Gee, there's a cheery thought.

kyrielle: painterly drawing of a white woman with large dark-blue-framed glasses, hazel eyes, brown hair, and a suspicious lack of blemishes (Default)
[personal profile] kyrielle
Tuesday, November 19th, 2002 08:53 am
Another vulnerability, courtesy of IE under Windows. 'Magine that.

http://www.wired.com/news/infostructure/0,1377,56463,00.html

This one's actually interesting enough to get me to fight with my security settings, even.
  • Current Mood: annoyed
Flat | Top-Level Comments Only

[identity profile] canyoncat.livejournal.com
Tuesday, November 19th, 2002 09:55 am (UTC)
Wow... that's a good one! I'm not really surprised though.

kyrielle: painterly drawing of a white woman with large dark-blue-framed glasses, hazel eyes, brown hair, and a suspicious lack of blemishes (Default)
[personal profile] kyrielle
Tuesday, November 19th, 2002 10:07 am (UTC)
I wish I were honestly surprised. Mostly just annoyed. I don't think I was vulnerable, anyway, with the settings I was at, but that exploit was enough to make me take the internet zone to high security.

I'll be paying for THAT for weeks, I imagine, sorting out the sites I want to have access to. Unless I don't leave it that way. I'm currently thinking that, when I have time, the firewall's a better choice for that. It's pretty savvy. :)

[identity profile] pheon.livejournal.com
Tuesday, November 19th, 2002 11:15 am (UTC)
I thought the workaround was to disable scripting in general, then turn it back on for those sites where you need it (and trust them). I don't see that as doable in a firewall. Or did I misread the article? See http://www.jmu.edu/computing/security/info/iehot.shtml

I could have missed something, since I didn't read it in great detail, since I don't run IE, Outlook or Outlook Express. Ever.

kyrielle: painterly drawing of a white woman with large dark-blue-framed glasses, hazel eyes, brown hair, and a suspicious lack of blemishes (Default)
[personal profile] kyrielle
Tuesday, November 19th, 2002 12:16 pm (UTC)
Yep, that was pretty much it. I took the hint, though, and took rather more draconian steps, since who knows what other areas have vulnerabilities they haven't found yet. It does interfere with quiz sites and the like, though.

I am trying to decide whether to leave that setting as-is or just have ZoneAlarm block things. IE has more direct content knowledge, but, I trust ZoneAlarm more and it's pretty good, plus, IE can't do what I really want.

Which is to leave internet on medium, put restricted on high, and have all sites go to restricted until I say otherwise. I don't WANT to put them all at the trusted level, just to give them scripting.

[identity profile] pheon.livejournal.com
Tuesday, November 19th, 2002 03:48 pm (UTC)
Yeah, but.... Unless you are running ZoneAlarm Pro and it does more things than I think it does, ZoneAlarm provides some inbound firewall protection, but for outbound control it does it by application. And you have to have IE in the accepted list which still allows the bad HTML and scripting to come in.

kyrielle: painterly drawing of a white woman with large dark-blue-framed glasses, hazel eyes, brown hair, and a suspicious lack of blemishes (Default)
[personal profile] kyrielle
Tuesday, November 19th, 2002 06:17 pm (UTC)
I'm running Pro, and it allows you to block/allow different types of cookies, and "Mobile Code", on a site-by-site basis. It looks like I can block it across the board, then let certain sites thru, from the firewall. Of course, I can also do so from IE, so....

Question of how I want to approach it.
Flat | Top-Level Comments Only