kyrielle: Middle-aged woman in profile, black and white, looking left, with a scarf around her neck and a white background (Default)
Laura ([personal profile] kyrielle) wrote2002-11-19 08:53 am
  • Add Memory
  • Share This Entry
  • Current Mood: annoyed

Gee, there's a cheery thought.

Another vulnerability, courtesy of IE under Windows. 'Magine that.

http://www.wired.com/news/infostructure/0,1377,56463,00.html

This one's actually interesting enough to get me to fight with my security settings, even.
Flat | Top-Level Comments Only

[identity profile] canyoncat.livejournal.com 2002-11-19 09:55 am (UTC)(link)
Wow... that's a good one! I'm not really surprised though.
kyrielle: Middle-aged woman in profile, black and white, looking left, with a scarf around her neck and a white background (Default)

[personal profile] kyrielle 2002-11-19 10:07 am (UTC)(link)
I wish I were honestly surprised. Mostly just annoyed. I don't think I was vulnerable, anyway, with the settings I was at, but that exploit was enough to make me take the internet zone to high security.

I'll be paying for THAT for weeks, I imagine, sorting out the sites I want to have access to. Unless I don't leave it that way. I'm currently thinking that, when I have time, the firewall's a better choice for that. It's pretty savvy. :)

[identity profile] pheon.livejournal.com 2002-11-19 11:15 am (UTC)(link)
I thought the workaround was to disable scripting in general, then turn it back on for those sites where you need it (and trust them). I don't see that as doable in a firewall. Or did I misread the article? See http://www.jmu.edu/computing/security/info/iehot.shtml

I could have missed something, since I didn't read it in great detail, since I don't run IE, Outlook or Outlook Express. Ever.
kyrielle: Middle-aged woman in profile, black and white, looking left, with a scarf around her neck and a white background (Default)

[personal profile] kyrielle 2002-11-19 12:16 pm (UTC)(link)
Yep, that was pretty much it. I took the hint, though, and took rather more draconian steps, since who knows what other areas have vulnerabilities they haven't found yet. It does interfere with quiz sites and the like, though.

I am trying to decide whether to leave that setting as-is or just have ZoneAlarm block things. IE has more direct content knowledge, but, I trust ZoneAlarm more and it's pretty good, plus, IE can't do what I really want.

Which is to leave internet on medium, put restricted on high, and have all sites go to restricted until I say otherwise. I don't WANT to put them all at the trusted level, just to give them scripting.

[identity profile] pheon.livejournal.com 2002-11-19 03:48 pm (UTC)(link)
Yeah, but.... Unless you are running ZoneAlarm Pro and it does more things than I think it does, ZoneAlarm provides some inbound firewall protection, but for outbound control it does it by application. And you have to have IE in the accepted list which still allows the bad HTML and scripting to come in.
kyrielle: Middle-aged woman in profile, black and white, looking left, with a scarf around her neck and a white background (Default)

[personal profile] kyrielle 2002-11-19 06:17 pm (UTC)(link)
I'm running Pro, and it allows you to block/allow different types of cookies, and "Mobile Code", on a site-by-site basis. It looks like I can block it across the board, then let certain sites thru, from the firewall. Of course, I can also do so from IE, so....

Question of how I want to approach it.
Flat | Top-Level Comments Only