Gloomy forecast for MyDoom fallout

TalkBack 34 of 77:: Next »; « Previous

Thread View
Flat View

Good idea! I'd take it a step further...: Anyone idiotic enough to get on the Web using Internet Explorer on Windows ought to be permanently banned from ever touching a computer again:

http://die.leox.com/ie_unpatched/index.html

And Microsoft oughta have their *sses sued Seven Ways to Sunday, as the very nastiest of these exploits involve ActiveX/ActiveScripting nonsense and security people have been b*tching at them to remove this functionality from IE since 1997. Now, there's security for you: Microsoft has known that ActiveScripting is infinitely exploitable for at least 6 years. Yet, they refuse to make the clean cure and possibly damage their bottom line. The Triumph of the Beancounters. Congratulations: Hungarian crackers just broke into your network thanks to the Accounting Department at Microsoft. The tragedy is that probably a sizeable percentage of the businesses here in the U.S. who've been exploited don't even realize it yet.

I'm dead serious about this: Internet Explorer is the greatest threat to U.S. corporate and U.S. national data security that has ever existed in the history of computing. It's nothing but a cracker's toolkit disguised as a Web browser. Go back and look at those coding samples on that exploit page--a ten-year-old could come up with a new crack just by using the same old techniques floating around since 1996 in new ways. Even an MSCE could do it.

The FCC (Federal Communications Commission, the folks who here in the U.S. regulate Internet and telephony issues, among other things) won't let you file reports through the submission forms area of their Website using IE. At least they wouldn't as recently as 18 months ago (last time I inquired about it), according to a client of mine who's in the telephony business. That ought to tell you all you need to know.

Oh...don't worry about having to click on an '.exe' attachment to get your virus. No need for something that crude. We'll just take a more elegant approach, like embedding executable code in an array in VBScript (ActiveScripting, again) loaded via HTML, which will then run in your Outlook/Outlook Express/Internet Explorer without you needing to do anything (nor being able to do anything, for that matter). Browse on down to "Self-Executing HTML Part III" and have fun. The only thing you can do to prevent this is to disable ActiveScripting completely. But then...guess what? Windows won't be able to do automatic updates over the Web and all those wonderful Websites coded-only-for-IE with all the bells and whistles won't work properly. Just thank the folks down in Accounting.

And, lastly:

http://www.megasecurity.org/Exploits/Outlook2002_JavaScript_HTML_email.txt

Do try to have a pleasant day now, won't you?; Posted by: Yen_z Posted on: 01/27/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

MS should apply antivirus thru patches dg mh | 01/27/04

Best plan ever Letophoro | 01/27/04

will m$ indemnify their customers? stephen732@... | 01/27/04

Sarcasm missed Letophoro | 01/27/04

no sarcasm intended stephen732@... | 01/27/04

virus should be named "m$doom" stephen732@... | 01/27/04

Thoughts gmyx | 01/27/04

Mostly a user problem not an OS problem scidhuv00 | 01/27/04

Not quite zen_dogen | 01/27/04

Actually.. d_jedi | 01/27/04

Re: Mostly a user problem not an OS problem issthatso | 01/27/04

Security was not designed into many products Sunny Jalolly | 01/27/04

Quick Fix nite_w0lf | 01/27/04

or perhaps... stephen732@... | 01/27/04

Fact, some users are as dumb as a rock. No_Ax_to_Grind | 01/27/04

You're right..look at how many run Windows SloooeShflu | 01/27/04

So, what you are suggesting is... vferrara | 01/27/04

Windows Users are dumb voska | 01/27/04

Rocket science Yagotta B. Kidding | 01/27/04

Can't help but wonder.... vferrara | 01/27/04

Only people who know how drive can drive voska | 01/27/04

Hey voska!! nite_w0lf | 01/27/04

Intelligence??? libertyaikido | 01/28/04

Good point bhanes@... | 02/03/04

We'll let you tell that to... BitTwiddler | 01/27/04

I do, CONSTANTLY! No_Ax_to_Grind | 01/27/04

Message has been deleted. SloooeShflu | 01/27/04

They do know better voska | 01/27/04

No internet no e-mail scidhuv00 | 01/28/04

re: No internet no e-mail Wolfie2K3 | 01/28/04

Correct, axe... mvaar | 01/27/04

To quote Einstein (of E=MC^2 fame) betelgeuse68 | 01/27/04

On Spam voska | 01/27/04

Good idea! I'd take it a step further... Yen_z | 01/27/04

Why not? Yagotta B. Kidding | 01/27/04

Actually it's more like saying voska | 01/27/04

Food poisoning Yagotta B. Kidding | 01/27/04

That's true. Immanuel Tranz-Mischen | 01/27/04

tens of thousands of computers remain infected Tammee | 01/27/04

psst... stephen732@... | 01/27/04

this is funny you should read mattfrand | 01/27/04

Wrong, Tammee Yen_z | 01/27/04

Exactly but... Tammee | 01/28/04

Naturally ... Microsoft will claim it's not their fault George Jay | 01/27/04

re XunilLinux | 01/27/04

XunilLinux!! nite_w0lf | 01/27/04

Windows Does that voska | 01/27/04

I didnt say This Might Be nite_w0lf | 01/27/04

why? stephen732@... | 01/27/04

Reply mattfrand | 01/27/04

Response ... George Jay | 01/28/04

Blame Game Aknot | 01/28/04

illogical and irrelevant Oakman7111 | 02/01/04

2000/05/28:Microsoft Applications Security David Mohring | 01/27/04

Lets remove the delete key then(nt) voska | 01/27/04

Why Isn't Microsoft responsible mattfrand | 01/27/04

Hmmmm quietLee | 01/28/04

Honestly mattfrand | 01/27/04

MS should be liable for gross negligance due to sheer number of virii ... Plain Logic | 01/27/04

Here's a clue Oakman7111 | 02/01/04

The spread of viral code directly damaging SCO. xbee | 01/27/04

viral code damage SCO??? thomasmac | 01/30/04

It's an ATTACHED EXECUTABLE John Carroll

| 01/28/04

Attached executable dnmott@... | 01/28/04

Don't TEND... John Carroll

| 01/28/04

"Average/normal" Windows users are incompetant? MarcB_z | 01/28/04

Most of them can spell incompetant Oakman7111 | 02/01/04

So, basically... Yen_z | 01/28/04

Wrong villain.... quietLee | 01/28/04

(NT) Lindows changed from 'everyone is root' some time ago :o) Jack-Booted EULA | 01/28/04

There are no costs associated with this outbreak. microsoft say so. jellyclock | 01/28/04

Info SCJames | 01/28/04

Ultimate Linux religious FUDster_prankster quietLee | 01/28/04

You got that right Oakman7111 | 02/01/04

mydoom and mac foxii2000 | 01/28/04

One good thing about MyDoom --- rbrucecarter | 01/28/04

free antivirus empty_z | 01/30/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Open Standards Technologies Provide the Ingredients for Delivering Security Across the Papa Gino's Enterprise Dell Papa Gino's Holdings Corporation founded by the entrepreneur operates one ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Enterprise Applications

Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!

New Online Dashboard

Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline

Read the original story

Gloomy forecast for MyDoom fallout

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Enterprise Applications

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads