Tyler Durden Posted December 14, 2005 Share Posted December 14, 2005 SAFARI NIGGA, SAFARI. Actually, Safari has its moments of suck, but I find the tabbed browsing in it slightly better than Firefox. Quote Link to comment Share on other sites More sharing options...
Mainter Posted December 14, 2005 Author Share Posted December 14, 2005 agree with geez post same with them MAC users (dumy) Hackers only go for the product that people who use most so they get fame from the underground why hack a Mac when noone uses them successfully reproduced this exploit on a fully patched XPSP2 installation and can verify that malware.htm is planted locally after which HTML Help is used to launch it and circumvent the XPSP2 browser security improvements, compromising the system. However, this exploit did not work on any systems with Qwik-Fix Pro installed, from Windows 95 to Windows XP Service Pack 2. A free Home edition and a trial Corporate edition is available for download at http://www.pivx.com/qwikfixDownload.asp Before you can successfully use any Drag'n'Drop technique or script shortcuts to plant a file on the local system you first need to be able to reference local content. If you cannot reference local contents or directories from the Internet zone then you cannot retrieve the window handle that is necessary for any Drag'n'Drop exploits or any cross-domain scripting exploits. IE6SP1 initially blocked all direct references to the FILE:// and RES:// protocols which I demonstrated how to circumvent through the OBJECT element. This was quickly patched in the next cumulative security update and thereby blocked the traditional cross-domain scripting exploits. XPSP2 went further and tightened down the Local Machine Zone with the recommendations PivX Labs made public in late 2003 so that even if you could find a way to reference local content and subsequently inject scripting through a cross-domain vulnerability you would not be able to accomplish anything. This LMZ lockdown has a per-process exception list in which HTML Help is included. When the LMZ is locked down attackers have to find alternative attack vectors, of which the Drag'n'Drop vulnerability is a prime example. When IE renders an IMG element it gives priority to the SRC attribute but when IE drops an IMG element on an arbitrary window it gives priority to the DYNSRC attribute. If you are able to reference any local content you can therefore drop the DYNSRC attribute of the IMG element on the window with local content and thereby plant a file on the file system in a known location. The browser security improvements in XPSP2 does not include further restrictions on referencing local content which is why the Drag'n'Drop exploits to this date affect fully patched XPSP2 systems. Qwik-Fix Pro restricts local content referencing through a number of means of which one is responsible for protecting against this exploit: In order for http-equiv's exploit to work the "ceegar.html" file uses the AnchorClick behavior to open "C:\WINDOWS\PCHealth\" in a named window which is then used as a drop target for the DYNSRC pointing to the "malwarez" file. When any behavior in IE tries to list a local directory it uses the Shell.Explorer ActiveX object, an object which has no justification of use inside the browser but which is heavily used by Windows Explorer itself. Setting the Kill Bit on the Shell.Explorer ActiveX object prevents IE from referencing local directories in a window object, whether it's through AnchorClick behavior or some other approach that we discover tomorrow. The GUID for Shell.Explorer is {8856F961-340A-11D0-A96B-00C04FD705A2} and Knowledge Base article 240797 (http://support.microsoft.com/?kbid=240797 ) explains how the process works. PivX Labs released a freely available registry fix that sets the Kill Bit on Shell.Explorer almost 2 months ago which can be downloaded from http://www.pivx.com/research/freefixes/neu...ellexplorer.reg For clarity, here are the file contents: === neutershellexplorer.reg === Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}] "Compatibility Flags"=dword:00000400 === neutershellexplorer.reg === PivX Labs has covered this topic several times before on the Unpatched mailing list which receives advance notification of our security research, including several Win95-XPSP2 vulnerabilities that will be released in the interim future. For more information or to subscribe you can visit http://unpatched.pivxlabs.com Quote Link to comment Share on other sites More sharing options...
wAndEreR Posted December 14, 2005 Share Posted December 14, 2005 i never did like internet explorer.. *exits room* Quote Link to comment Share on other sites More sharing options...
CACashRefund Posted December 14, 2005 Share Posted December 14, 2005 only newbs use IE Quote Link to comment Share on other sites More sharing options...
gasfacevictm Posted December 14, 2005 Share Posted December 14, 2005 FIREFOX Quote Link to comment Share on other sites More sharing options...
Future Droid Posted December 14, 2005 Share Posted December 14, 2005 if you keep I E updated its not that bad. the reason its so prone to HACKERS, is because they hate microsoft. actually some of the features on mozilla/firefox fuck up things for webmasters who arent trying to do devious stuff. so in all you may think you are more protected, and you may be, but at the same time it may be blocking you from pertenant info. Quote Link to comment Share on other sites More sharing options...
John Birch Posted December 14, 2005 Share Posted December 14, 2005 I use mozilla now, but after installing microsoft anti-spyware, all my problems with IE ended...but generally I don't use it anymore... Quote Link to comment Share on other sites More sharing options...
Guest Sparoism Posted December 14, 2005 Share Posted December 14, 2005 I have to keep IE around for certain things, but Opera is my weapon of choice. SO many features! Quote Link to comment Share on other sites More sharing options...
JUDONO? Posted December 14, 2005 Share Posted December 14, 2005 firefox homie. Quote Link to comment Share on other sites More sharing options...
mr.yuck Posted December 14, 2005 Share Posted December 14, 2005 I have been using IE since i have been using computers. No wonder every computer I ever get my hands on fucks up. Why has my shit slowed down to a crawl? It IE to blame for this. Why isnt this a sticky? Quote Link to comment Share on other sites More sharing options...
Herbivore Posted December 14, 2005 Share Posted December 14, 2005 Originally posted by Mr. ABC@Dec 13 2005, 09:19 PM i'm not emo, i'm the 15th element of hip hop Quoted post Ha. Is that before or after Beat Boxing? Quote Link to comment Share on other sites More sharing options...
Mainter Posted December 15, 2005 Author Share Posted December 15, 2005 hey for you windows users Quote Link to comment Share on other sites More sharing options...
Mainter Posted December 15, 2005 Author Share Posted December 15, 2005 theres been updates so if you do not have your autoupdates (which you should not) on well go to windows updates and grab the new updates and of course they got yet another security patch for IE Quote Link to comment Share on other sites More sharing options...
nozaki Posted December 15, 2005 Share Posted December 15, 2005 safari Quote Link to comment Share on other sites More sharing options...
Neskoner Posted December 15, 2005 Share Posted December 15, 2005 i use opera.and it works fine. Quote Link to comment Share on other sites More sharing options...
dumy Posted December 15, 2005 Share Posted December 15, 2005 fuck windows Quote Link to comment Share on other sites More sharing options...
richard_vagina Posted December 15, 2005 Share Posted December 15, 2005 damn mainter...you've stirred up the ie users. jeez, and all those hackable systems out there.... gone! Quote Link to comment Share on other sites More sharing options...
Future Droid Posted December 15, 2005 Share Posted December 15, 2005 Originally posted by richard_vagina@Dec 15 2005, 05:32 PM damn mainter...you've stirred up the ie users. jeez, and all those hackable systems out there.... gone! Quoted post u can breach any system Quote Link to comment Share on other sites More sharing options...
richard_vagina Posted December 15, 2005 Share Posted December 15, 2005 maybe Quote Link to comment Share on other sites More sharing options...
SteveAustin Posted December 15, 2005 Share Posted December 15, 2005 Originally posted by Shark Hammil+Dec 13 2005, 08:56 PM--><div class='quotetop'>QUOTE (Shark Hammil - Dec 13 2005, 08:56 PM)</div><div class='quotemain'>SAFARI NIGGA, SAFARI. Quoted post [/b] Originally posted by gasfacevictm@Dec 13 2005, 10:04 PM FIREFOX Quoted post Originally posted by JUDONO?@Dec 14 2005, 01:06 AM firefox homie. Quoted post <!--QuoteBegin-nozaki@Dec 15 2005, 11:25 AM safari Quoted post word. Quote Link to comment Share on other sites More sharing options...
Mainter Posted December 16, 2005 Author Share Posted December 16, 2005 get flock Quote Link to comment Share on other sites More sharing options...
Mainter Posted May 21, 2006 Author Share Posted May 21, 2006 i remember this................. Quote Link to comment Share on other sites More sharing options...
dirtydoses Posted May 21, 2006 Share Posted May 21, 2006 i didn't know anyone used it anymore, but then again i never touch a pc. Quote Link to comment Share on other sites More sharing options...
MAR Posted May 21, 2006 Share Posted May 21, 2006 i like explore. they key to not fucking up your computer is a good spyware cleaner, a good anti-virus, a good firewall, and chilling on the pr0n site usage. and also not having aol installed on your comp. it slows everything down like whoa. Quote Link to comment Share on other sites More sharing options...
Feel Good Lost Posted May 21, 2006 Share Posted May 21, 2006 People just don't know any better. I went to my moms house where she has broadband internet, but is paying 20 dollars a month for AOL. I use safari or firefox. No problems at all. Quote Link to comment Share on other sites More sharing options...
fermentor666 Posted May 21, 2006 Share Posted May 21, 2006 Re: STOP IE!!!!!!!!!!!!!!!!!!!! i like explore. they key to not fucking up your computer is a good spyware cleaner' date=' a good anti-virus, a good firewall, and chilling on the pr0n site usage. and also not having aol installed on your comp. it slows everything down like whoa.[/quote'] You wouldn't need to use all that shit all the time if you stopped using MSIE. I've had barely any problems since I moved to Netscape and then to Firefox, aside from Firefox inexplicably crashing on start-up sometimes. MSIE is for the dogs. It's Microsoft's tantrum in the face of international standards. If they can't control it and dictate it, then they won't support it. Quote Link to comment Share on other sites More sharing options...
MAR Posted May 21, 2006 Share Posted May 21, 2006 what using a different internet explorer is going to make me have less problems with virii and spam. please. all that stuff is nessisary. I like microsoft and I havent had any problems with them yet. macs on the otherhand.....this guy knowsclick me Quote Link to comment Share on other sites More sharing options...
fermentor666 Posted May 21, 2006 Share Posted May 21, 2006 No, using Firefox or even Netscape will stop you from having most problems that involve internet browsers. Especially Firefox, which is open source and coded well in terms of protection from outside threats. If you think that it won't make a difference then you are only fooling yourself and hey, it's your computer that will be trashed and your time that will be wasted, not mine. And one of the reasons why there are so few viruses and worms on Macs is because the very thing that draws so many people to the PC is the ability to go into the core of the OS and program or change configurations (MS-DOS, Linux, Unix), and in turn that is what makes it so easy to make a virus. It's the give and take. Do you want to have full control of your computer and the potential to make whatever you can dream of coding in turn for having a world full of hacks and exploits, or do you want the have a rigid structure with a few exceptionally nice programs and just about no way to make your own, but with no threats. The first part of the former is why PCs became so popular in the first place. Macs are great little boxes when they are at their prime. For certain people, being relatively problem and virus-free is a big draw, along with the fact that there's very few ways to screw things up (example: you don't have to worry about registry editing or deleting some extremely important .dll files or having to worry about drivers) and they are very straight-forward and easy to use. But for people who code, PCs are the only way. Because of that, there are more programs and more programs draws more customers. And then you have a very unsuspecting mass of people to fuck with. Quote Link to comment Share on other sites More sharing options...
MAR Posted May 21, 2006 Share Posted May 21, 2006 Re: STOP IE!!!!!!!!!!!!!!!!!!!! I used to crack back in the days of telnet, shell accounts, and pinging:). happy hacker (props for whoever know what im talking about). now its all downloaded programs. ie does what i need it too and frankly im not too concerned with outside threats. My computer is fairly well protected and im happy. Quote Link to comment Share on other sites More sharing options...
THANKYOU Posted May 21, 2006 Share Posted May 21, 2006 so what are the links to the other browers that are better? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.