[CS-FSLUG] Windows in trouble for any html use!!!!!!!!!!

Fred Miller fmiller at lightlink.com
Tue Jul 13 15:53:09 CDT 2004 

The U.S. Department of Homeland Security has notified the world
to stop using the Web browser, and in fact generally stop using
Windows to view any HTML documents.

Hopefully, if you use MickySoft Internet Explorer or Microsoft
"Lookout" or "Lookout" Express, you know about this problem and have taken 
steps to guard your computer.  If not, it is time to panic and read this
now!!

If you are lucky (or wise) enough NOT to use the above (like Linux), this 
report is fascinating and worth taking time to read carefully.

See: http://www.kb.cert.org/vuls/id/713878

This warning is by US-CERT, the United States Computer Emergency
Readiness Team, part of the U.S. Department of Homeland
Security.

I'll attempt a short description:

   By convincing a victim to view an HTML document (web page,
   HTML email), an attacker could execute script in a different
   security domain than the one containing the attacker's
   document. By causing script to be run in the Local Machine
   Zone, the attacker could execute arbitrary code with the
   privileges of the user running IE.

   By redirecting to a local resource, controlling the timing of
   the redirect, and setting the frame's location to a
   javascript: protocol URI, an attacker can execute script in
   the security context of the Local Machine Zone.

   Functional exploit code is publicly available, and there are
   reports of incidents involving this vulnerability.

   Any program that hosts the WebBrowser ActiveX control or used
   the IE HTML rendering engine (MSHTML) may be affected by this
   vulnerability!!!

Seems to me, then, run any of the many Windows-based applications
that make use of the IE HTML rendering engine and you're running
down the street with no pants on. That INCLUDES HTML emails.

So, the answer is to follow no hot-links and view no email unless
you are sure of the source!!!

Are you sure this email does not contain HTML?

I again invite you to visit: http://www.kb.cert.org/vuls/id/713878

But, if you visited the above site, are you SURE that site is not a
fake and your computer may have been compromised. 

Are you sure this email was sent by Fred Miller?

Are you sure one of the HTML emails you read this week was not an
exploit?

I'm glad I use SUSE Linux and KMail!!!

Fred

-- 
"Ballmer is no more designed for the art of persuasion 
than the Abrams tank is for delivering meals on wheels."

More information about the Christiansource mailing list