Re: TXT or HTML? -- IE NEW BUG

[Trevor O'Donnal <todonnal () yahoo com>]

--- cr4zybird <cr4zybird () hotmail com> wrote:
> solutions:
> 1) download some antivirus softwares. and update 
> the virus datebase all the 
> time. and change the name of some 'dangerous' 
> programs  in your system, such 
> as format.exe deltree.exe etc. i.e change format.exe
>
> to format_0.com etc.
> 2) try, not to visit those so-
> called 'hacker'or'cracking'sites. most of the 
> time, you are the victim while you want to learn to 
> attack others.
> 3) if you have to go visit some site that you are
> not 
> quite sure if they are 
> safe. then check it here first: 
> http://crazybird.51.net/look.htm
>    or you can also save the source code of this page
>
> to your computer, then 
> save it as *.htm, so you can execute it on your own 
> comp. be aware if it 
> says "the web page contains some unsafe ActiveX" 
> or something like that,
>    then you'd better not to execute that ActiveX
> widget. 
> and i can't promise 
> that it can give you this kind of warn for any 
> aggressive files..
> 4) DO NOT open your attachment in IE!!!!!don't ever 
> open any type of file in 
> IE directly!!!BE AWARE!! you'd better use antivirus 
> to scan it before you 
> open it after you've download it to ur computer.
> 5) Update the system patch immediately if the patch 
> comes out.

I don't think many of these will help with this
vulnerability, however, there is a built in solution
in IE. Most of you probably know about it. It's called
Security Zones. I know somebody could probably write a
small book of instructions on this feature alone, but
used properly, it can really make IE the secure piece
of software it was meant to be. Here's a quick bit of
configuration you can do to protect yourself from this
vulnerability:

1 - Set the Internet Zone security slider to HIGH.
2 - Click on "Custom Level" and change the following
settings.
    a - "Script ActiveX controls marked 'safe for
scripting'" set to "Disable"
    b - "Allow per session cookies (not stored)" set
to Enable
    c - "File download" set to Enable
    d - "Active Scripting" set to Prompt

While this does result in lots of pop-ups while
browsing, it does protect you from the exploit in
question. If there is a site you trust that uses
active content and you don't want these pop-ups while
browsing that site, add it to your "Trusted Sites"
zone. 

This is just a quick overview of one way to set these
options to protect yourself. It is my understanding
thatOutlook also uses these settings, so you SHOULD be
safe there too. I recommend all of you research how to
use the security zones feature of IE if you haven't
already done so, if only so you can help others who
like to use it. 

I welcome all corrections and comments! :)

Oh, and by the way, Nice to meet you all!

-Trevor O'Donnal

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/