[LUG.ro] [OT ] Para reirse un rato de los agujeros de IE
Thu, 1 Jul 2004 16:23:19 -0300 (ART)
Hola a todos.
Perdonen el OT y disculpen si ofendi a alguien con el
asunto, ya que varios usamos todavia M$ window$
De tantos agujeros parece un colador
Aca el link
Aca la nota
June 29, 2004
US-CERT: Beware of IE
By Ryan Naraine
The U.S. government's Computer Emergency Readiness
Team (US-CERT) is warning Web surfers to stop using
Microsoft's Internet Explorer (IE) browser.
On the heels of last week's sophisticated malware
that targeted a known IE flaw, US-CERT updated an
advisory to recommend the use of alternative browsers
because of "significant vulnerabilities" in
technologies embedded in IE.
"There are a number of significant vulnerabilities in
relating to the IE domain/zone security model, the
model, MIME-type determination, and ActiveX. It is
reduce exposure to these vulnerabilities by using a
browser, especially when browsing untrusted sites,"
noted in a vulnerability note.
The latest US-CERT position comes at a crucial time
, which has invested heavily to add secure browsing
in the coming Windows XP Service Pack 2. The software
spent the last few months talking up the coming IE
improvements but the slow response to patching
-- and sometimes "critical" -- browser holes isn't
sitting well with
On discussion lists and message boards, security
spent a lot of time beating the "Dump IE" drum, and
notice is sure to lend credibility to the movement
away from the
world's most popular browser.
US-CERT is a non-profit partnership between the
Homeland Security (DHS) and the public and private
It was established in September 2003 to improve
preparedness and response to cyber attacks in the
It has been more than two weeks since Microsoft
confirmed the existence
on an "extremely critical" IE bug, which was being
used to load adware/spyware and malware on PCs without
user intervention but,
even though the company hinted it would go outside its
security update cycle to issue a fix, the flaw remains
US-CERT researchers say the IE browser does not
validate the security context of a frame that has been
by a Web server. It opens the door for an attacker to
flaw by executing script in different security
"By causing script to be evaluated in the Local
the attacker could execute arbitrary code with the
the user running IE," according to the advisory.
"Functional exploit code is publicly available, and
there are reports
of incidents involving this vulnerability."
To protect against the flaw, IE users are urged to
scripting and ActiveX controls in the Internet Zone
(or any zone
used by an attacker). Other temporary workarounds
application of the Outlook e-mail security update; the
plain-text e-mails and the use of anti-virus software.
Surfers must also get into the habit of not clicking
URLs from e-mail, instant messages, Web forums or
relay chat (IRC) sessions.
Internet gratis ¡y que funciona!
Tres nuevas ciudades con números locales:
Escobar, Zárate y Campana
¿Qué esperas para navegar bien y a bajo costo?