Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: Jimbob on 16 December 2008, 11:07:39
-
http://news.bbc.co.uk/1/hi/technology/7784908.stm
-
IE7, that's what i use. Time to blow the dust off FF3.
Thank you JimBob for the warning :y :y :y :y
-
Thanks for the heads-up Jimbob.
-
Firefox is totally new to me. Being an old fogey, this will take time.
-
That's not good!!! :o :o :o
Luckily I use FF3 anyway ;D ;D
-
so how do i change my browser then????????
-
to tell the truth all internet browser tools are unsafe!!
when you enable add-ons ,activex and other script dependent tools ,
your machine can be hacked..
and if you disable those features you will have a text only stupid
browser ;D ;D
the main reason lying behind is client side scripting..
-
so how do i change my browser then????????
Go here:
http://en-us.www.mozilla.com/en-US/firefox/security/
Download it, then make it your default browser. You can still keep IE on your desktop. :y
-
so how do i change my browser then????????
Go here:
http://en-us.www.mozilla.com/en-US/firefox/security/
Download it, then make it your default browser. You can still keep IE on your desktop. :y
Thanks Jimbob for the warning and Nickbat for the download advice which I have now done!! 8-) 8-) 8-) :y
Thank God some of you know about all this kind of thing as I wouldn't have a clue!! ::) ::) ::)
-
TheBoy is being unusually silent!!
Told you so! ;) ;D
-
TheBoy is being unusually silent!!
Told you so! ;) ;D
You're just asking to lose your post count :o
-
:y :y :y
-
i cant use the alt+s now :( :(
-
i cant use the alt+s now :( :(
why did you use it anyway?? have just pressed it and it did nowt?
-
i cant use the alt+s now :( :(
why did you use it anyway?? have just pressed it and it did nowt?
when you compose a message to send, you press alt+s to send it, its a shortcut if you look under the message box. now i have to slide me arrow to scroll the page down to send
-
ah mai oui
Well i have also installed this fireofx thingy but i still have my email through ie7 and dont know how to change that does anyone else???
-
Cheers Jimbob.
Allthough I must admit since using firefox I have not ventured back to IE.
-
I know everyone loves a scare story, but the article by the Beeb is a bit OTT.
Here is The Register's version.
http://www.theregister.co.uk/2008/12/15/ie7_exploits/
As it stands, about 500 people worldwide have been affected. And the exploit will only nick online gaming passwords if you are unlucky enough to be affected.
IMO, Firefox (pre 3.0.4) and Safari are less secure even with this vulnerability in IE.
There are some workarounds for IE here:
http://www.kb.cert.org/vuls/id/493881
-
I know everyone loves a scare story, but the article by the Beeb is a bit OTT.
Here is The Register's version.
http://www.theregister.co.uk/2008/12/15/ie7_exploits/
As it stands, about 500 people worldwide have been affected. And the exploit will only nick online gaming passwords if you are unlucky enough to be affected.
IMO, Firefox (pre 3.0.4) and Safari are less secure even with this vulnerability in IE.
There are some workarounds for IE here:
http://www.kb.cert.org/vuls/id/493881
One in 500
-
Would you want to be one of those 1 in 500? or even one of the 500?
My mate haad £8000 lifted out of his account, aster he got it back he had £4000 lifted out of annother account with the same building society.
Is that a building society blunder or interent banking, we will never know as they admit nothing.
-
I know everyone loves a scare story, but the article by the Beeb is a bit OTT.
Here is The Register's version.
http://www.theregister.co.uk/2008/12/15/ie7_exploits/
As it stands, about 500 people worldwide have been affected. And the exploit will only nick online gaming passwords if you are unlucky enough to be affected.
IMO, Firefox (pre 3.0.4) and Safari are less secure even with this vulnerability in IE.
There are some workarounds for IE here:
http://www.kb.cert.org/vuls/id/493881
One in 500
That is a hell of a lot of people out of the world's six billion population! :o :o :o ;D ;D ;D ;)
-
Would you want to be one of those 1 in 500?
I dont know which is greater, 500 or 1 in 500 :D
-
Would you want to be one of those 1 in 500?
I dont know which is greater, 500 or 1 in 500 :D
1 in 500 if it is of the whole population that uses the internet. :D ;)
-
Would you want to be one of those 1 in 500?
I dont know which is greater, 500 or 1 in 500 :D
Re read the edited post, either way its still too many.
I would go with Lizzies post. 1 in 500 of 6 billion people is a lot.
-
i cant use the alt+s now :( :(
why did you use it anyway?? have just pressed it and it did nowt?
when you compose a message to send, you press alt+s to send it, its a shortcut if you look under the message box. now i have to slide me arrow to scroll the page down to send
Just press TAB then Return... :-?
-
This has kept me busy today!
The beeb, as normal, have blown it all out of proportion from what little I can glean.
Been on the blower to Microsoft, they are unsure of the exact ramifications, and what the worse case is. They seem unsure of what browsers are affected - we run IE6 on some of the Citrix servers I look after, and I wanted to know if they were vulnerable. Additionally, not entirely sure if its an IE issue, a database dll issue, or blended vulnerability - MS are hinting at blended. They are also unsure if non-IE browsers could be affected. Sounds like they either do not yet fully understand the attack, or are unable to reliably repeat it to debug whats happening.
But at least they were more helpful that Firefox, who do not offer any proper support. So who knows. At this stage, I am unable to work out if FF will do similar if feed the same page - probably depends on the XML decoder installed on the PC to be honest.
As always, not logging on to Windows as an Administrator will cure most of these type attacks, but many users consider administritive rights as some kind of penile extension, so I guess that falls on deaf ears.
Whatever browser is used, I would recommend disabling the dll thats used in the attack if you don't need it.
-
TheBoy is being unusually silent!!
Thats because rather than spreading rumours and half truths, some of us have been busy all day phoning the various vendors to try to find out more ;)
-
TheBoy is being unusually silent!!
Thats because rather than spreading rumours and half truths, some of us have been busy all day phoning the various vendors to try to find out more ;)
Oooh handbags at dawn! ;)
-
TheBoy is being unusually silent!!
Thats because rather than spreading rumours and half truths, some of us have been busy all day phoning the various vendors to try to find out more ;)
Sorry, no time for that...
;D
PANIC!
-
TheBoy is being unusually silent!!
Thats because rather than spreading rumours and half truths, some of us have been busy all day phoning the various vendors to try to find out more ;)
Sorry, no time for that...
;D
PANIC!
Mind you, it highlighted the fact one of our Citrix servers was running IE5 :o
-
Whatever browser is used, I would recommend disabling the dll thats used in the attack if you don't need it.
Only for those that are comfortable editing the registry...
This from CERT:
The most effective way of mitigating this vulnerability appears to be to disable the Microsoft OLE DB Row Position Library COM object. As outlined in the Microsoft Security Advisory, delete the following registry key:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}]
Note that once this change is made, all ADO (ActiveX Data Objects applications that use the RowPosition property and related information and all OLE DB applications that use the OLE DB Row Position Library will not function properly.
Do you have a better way to disable the dll TB?
-
Whatever browser is used, I would recommend disabling the dll thats used in the attack if you don't need it.
Only for those that are comfortable editing the registry...
This from CERT:
The most effective way of mitigating this vulnerability appears to be to disable the Microsoft OLE DB Row Position Library COM object. As outlined in the Microsoft Security Advisory, delete the following registry key:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}]
Note that once this change is made, all ADO (ActiveX Data Objects applications that use the RowPosition property and related information and all OLE DB applications that use the OLE DB Row Position Library will not function properly.
Do you have a better way to disable the dll TB?
Yes, unregister it. Much quicker than poking in registry, and easier to put back when fixed.
Downside, that will stop all OLEDB functions though!
-
This has kept me busy today!
The beeb, as normal, have blown it all out of proportion from what little I can glean.
Been on the blower to Microsoft, they are unsure of the exact ramifications, and what the worse case is. They seem unsure of what browsers are affected - we run IE6 on some of the Citrix servers I look after, and I wanted to know if they were vulnerable. Additionally, not entirely sure if its an IE issue, a database dll issue, or blended vulnerability - MS are hinting at blended. They are also unsure if non-IE browsers could be affected. Sounds like they either do not yet fully understand the attack, or are unable to reliably repeat it to debug whats happening.
But at least they were more helpful that Firefox, who do not offer any proper support. So who knows. At this stage, I am unable to work out if FF will do similar if feed the same page - probably depends on the XML decoder installed on the PC to be honest.
As always, not logging on to Windows as an Administrator will cure most of these type attacks, but many users consider administritive rights as some kind of penile extension, so I guess that falls on deaf ears.
Whatever browser is used, I would recommend disabling the dll thats used in the attack if you don't need it.
:y :y
-
I have to say this again :
Although Microsoft tried to classify Activex controls, internet sites and
many other ready objects etc there will never ever be a complete
solution to those safety problems caused by the nature of pc
systems.. unless you use a DUMMY
terminal ;D ;D
actually the virus scanner softwares, op.system update softwares are
real bomb shells inside pc systems..
-
Yes, unregister it. Much quicker than poking in registry, and easier to put back when fixed.
Downside, that will stop all OLEDB functions though!
Assume the way to do this is to do the following
Start
Run
type (or copy and paste)
regsvr32 /u OLEDB32.dll
It says "Module could not be found" on my system.
-
Yes, unregister it. Much quicker than poking in registry, and easier to put back when fixed.
Downside, that will stop all OLEDB functions though!
Assume the way to do this is to do the following
Start
Run
type (or copy and paste)
regsvr32 /u OLEDB32.dll
It says "Module could not be found" on my system.
if you dont use database client softwares its normal you dont have
that dll.. thats mostly found on servers and clients that need to
connect various DBs.
-
Yes, unregister it. Much quicker than poking in registry, and easier to put back when fixed.
Downside, that will stop all OLEDB functions though!
Assume the way to do this is to do the following
Start
Run
type (or copy and paste)
regsvr32 /u OLEDB32.dll
It says "Module could not be found" on my system.
if you dont use database client softwares its normal you dont have
that dll.. thats mostly found on servers and clients that need to
connect various DBs.
If that is so, why are the Beeb and the Daily Mail making such a rather meal of this?
On second thoughts, don't bother. I already know. Sh*t stirring bastards....IMO
http://www.dailymail.co.uk/news/article-1095266/Millions-warned-use-Internet-Explorer-Chinese-fraudsters-use-security-flaw-hijack-computers.html
-
Yes, unregister it. Much quicker than poking in registry, and easier to put back when fixed.
Downside, that will stop all OLEDB functions though!
Assume the way to do this is to do the following
Start
Run
type (or copy and paste)
regsvr32 /u OLEDB32.dll
It says "Module could not be found" on my system.
if you dont use database client softwares its normal you dont have
that dll.. thats mostly found on servers and clients that need to
connect various DBs.
If that is so, why are the Beeb and the Daily Mail making such a rather meal of this?
On second thoughts, don't bother. I already know. Sh*t stirring bastards....IMO
http://www.dailymail.co.uk/news/article-1095266/Millions-warned-use-Internet-Explorer-Chinese-fraudsters-use-security-flaw-hijack-computers.html
not sure though but that component can be loaded if you install microsoft office with full option..
but very sure if you install Microsoft SQL client you will absolutely have this like me ;D
-
So where is 'run' hiding in Vista??
-
Yes, unregister it. Much quicker than poking in registry, and easier to put back when fixed.
Downside, that will stop all OLEDB functions though!
Assume the way to do this is to do the following
Start
Run
type (or copy and paste)
regsvr32 /u OLEDB32.dll
It says "Module could not be found" on my system.
if you dont use database client softwares its normal you dont have
that dll.. thats mostly found on servers and clients that need to
connect various DBs.
If that is so, why are the Beeb and the Daily Mail making such a rather meal of this?
On second thoughts, don't bother. I already know. Sh*t stirring bastards....IMO
http://www.dailymail.co.uk/news/article-1095266/Millions-warned-use-Internet-Explorer-Chinese-fraudsters-use-security-flaw-hijack-computers.html
not sure though but that component can be loaded if you install microsoft office with full option..
but very sure if you install Microsoft SQL client you will absolutely have this like me ;D
Got full Office Pro on here and dll not loaded. But I haven't used this PC to connect to DBs.
Work laptop will definately have it as I regularly use Excel to mine SQL DBs.
-
ISC/SANS says MS will patch tomorrow.
http://isc.sans.org/diary.html?storyid=5497
More work for TB validating before it goes out I guess...
-
This is all very well but what about the poor bastards that dont have a clue....like me?
-
Yes, unregister it. Much quicker than poking in registry, and easier to put back when fixed.
Downside, that will stop all OLEDB functions though!
Assume the way to do this is to do the following
Start
Run
type (or copy and paste)
regsvr32 /u OLEDB32.dll
It says "Module could not be found" on my system.
if you dont use database client softwares its normal you dont have
that dll.. thats mostly found on servers and clients that need to
connect various DBs.
If that is so, why are the Beeb and the Daily Mail making such a rather meal of this?
On second thoughts, don't bother. I already know. Sh*t stirring bastards....IMO
http://www.dailymail.co.uk/news/article-1095266/Millions-warned-use-Internet-Explorer-Chinese-fraudsters-use-security-flaw-hijack-computers.html
not sure though but that component can be loaded if you install microsoft office with full option..
but very sure if you install Microsoft SQL client you will absolutely have this like me ;D
Got full Office Pro on here and dll not loaded. But I haven't used this PC to connect to DBs.
Work laptop will definately have it as I regularly use Excel to mine SQL DBs.
I was suspicious about that..
ok then..no worries for ms office users.. :y
-
This is all very well but what about the poor bastards that dont have a clue....like me?
search that oledb32.dll in your system..I think you dont have.. :y
-
This is all very well but what about the poor bastards that dont have a clue....like me?
Don't panic.
Don't surf p*rn or warez sites tonight.
Windows Update tomorrow.
JD :y
-
This is all very well but what about the poor bastards that dont have a clue....like me?
Your doomed man, doomed..... ;)
-
This is all very well but what about the poor bastards that dont have a clue....like me?
search that oledb32.dll in your system..I think you dont have.. :y
Found this:
oledb32.dll C:\WINDOWS\Service Pack Files\i386
oledb32.dll C:\Program Files\Common Files\System\Ole DB
?????????????????????
-
This is all very well but what about the poor bastards that dont have a clue....like me?
search that oledb32.dll in your system..I think you dont have.. :y
Found this:
oledb32.dll C:\WINDOWS\Service Pack Files\i386
oledb32.dll C:\Program Files\Common Files\System\Ole DB
?????????????????????
better sleep early tonight ;D
-
This is all very well but what about the poor bastards that dont have a clue....like me?
search that oledb32.dll in your system..I think you dont have.. :y
Found this:
oledb32.dll C:\WINDOWS\Service Pack Files\i386
oledb32.dll C:\Program Files\Common Files\System\Ole DB
?????????????????????
better sleep early tonight ;D
Very helpful Cem. I'm going to eat your country for christmas. ;D
-
This is all very well but what about the poor bastards that dont have a clue....like me?
search that oledb32.dll in your system..I think you dont have.. :y
Found this:
oledb32.dll C:\WINDOWS\Service Pack Files\i386
oledb32.dll C:\Program Files\Common Files\System\Ole DB
?????????????????????
better sleep early tonight ;D
Very helpful Cem. I'm going to eat your country for christmas. ;D
dont forget to add sauce ;D ;D :y
-
This is all very well but what about the poor bastards that dont have a clue....like me?
search that oledb32.dll in your system..I think you dont have.. :y
Found this:
oledb32.dll C:\WINDOWS\Service Pack Files\i386
oledb32.dll C:\Program Files\Common Files\System\Ole DB
?????????????????????
better sleep early tonight ;D
Very helpful Cem. I'm going to eat your country for christmas. ;D
dont forget to add sauce ;D ;D :y
I'll give it a good stuffing first ;D ;D
-
seriously tomorrow or next day microsoft site will have the patch..
search for the new one and download..you will be safe again..or for
few days you can use firefox.. :y
-
seriously tomorrow or next day microsoft site will have the patch..
search for the new one and download..you will be safe again..or for
few days you can use firefox.. :y
I am doing mate :y
-
seriously tomorrow or next day microsoft site will have the patch..
search for the new one and download..you will be safe again..or for
few days you can use firefox.. :y
I am doing mate :y
need to go and finish many pages..time to log off ..good night :y
-
So where is 'run' hiding in Vista??
in this case:
Press Windows key (between CNTRL and ALT), and type cmd and press enter. This will give command prompt window, then follow unregister instructions.
It would appear the default install of Vista is less prone to this issue though.
-
This is all very well but what about the poor bastards that dont have a clue....like me?
search that oledb32.dll in your system..I think you dont have.. :y
Found this:
oledb32.dll C:\WINDOWS\Service Pack Files\i386
oledb32.dll C:\Program Files\Common Files\System\Ole DB
?????????????????????
better sleep early tonight ;D
Very helpful Cem. I'm going to eat your country for christmas. ;D
Nearly wet myself, i laughed that much! :y
-
wet myself, i laughed that much! :y
Thats attractive... ...NOT! ;D
-
I have downloaded IE8!
Paul :y
-
I have downloaded IE8!
Paul :y
"At first it was reckoned that only IE 7 users were affected, but further analysis suggests that versions 5.01, 6, and 8 of the browser are also vulnerable" :o :o
Don't panic!!!!!!!!! ;D
-
My problem now is, since converting to Firefox yesterday, that a very few avatars are over-lapping the text; i.e. Jereboams and Tyreburner.
I seem to remember this was a problem when the OOF system was changed recently and before I deleted FF on TB's advice! ::) ::) ::) ::) ::)
;) ;)
-
Lol, theres still a few big ones out there, but I disable them all anyway.
Patch due tonight to fix IE anyway, so back to normal soon ;)
-
Lol, theres still a few big ones out there, but I disable them all anyway.
Patch due tonight to fix IE anyway, so back to normal soon ;)
How do you do that Jimbob? :-? Seems like a good idea. ;D ;D ;)
-
Lol, theres still a few big ones out there, but I disable them all anyway.
Patch due tonight to fix IE anyway, so back to normal soon ;)
How do you do that Jimbob? :-? Seems like a good idea. ;D ;D ;)
I Use a firefox addon called adblock plus, took some doing initially to build a blocklist, but very little work now.
I'll happily mail anyone my blocklist that wants it.
Very handy of you are on limited bandwidth, or have a low bandwidth browsing requirement.
-
Lol, theres still a few big ones out there, but I disable them all anyway.
Patch due tonight to fix IE anyway, so back to normal soon ;)
Patched mine. 2.4MB for IE7, restart required.
-
Lol, theres still a few big ones out there, but I disable them all anyway.
Patch due tonight to fix IE anyway, so back to normal soon ;)
How do you do that Jimbob? :-? Seems like a good idea. ;D ;D ;)
I Use a firefox addon called adblock plus, took some doing initially to build a blocklist, but very little work now.
I'll happily mail anyone my blocklist that wants it.
Very handy of you are on limited bandwidth, or have a low bandwidth browsing requirement.
to save me installing the add-on, if you blocked mine, is it just that images, or all images/files on theboy.omegaowners.com/oofpics/whatever?
-
Lol, theres still a few big ones out there, but I disable them all anyway.
Patch due tonight to fix IE anyway, so back to normal soon ;)
How do you do that Jimbob? :-? Seems like a good idea. ;D ;D ;)
I Use a firefox addon called adblock plus, took some doing initially to build a blocklist, but very little work now.
I'll happily mail anyone my blocklist that wants it.
Very handy of you are on limited bandwidth, or have a low bandwidth browsing requirement.
to save me installing the add-on, if you blocked mine, is it just that images, or all images/files on theboy.omegaowners.com/oofpics/whatever?
If I right click on your pic (in FF) I get a context menu that includes
"Block all images from". It blocks from theboy.omegaowners.com.
That's without Adblock.
-
Lol, theres still a few big ones out there, but I disable them all anyway.
Patch due tonight to fix IE anyway, so back to normal soon ;)
How do you do that Jimbob? :-? Seems like a good idea. ;D ;D ;)
I Use a firefox addon called adblock plus, took some doing initially to build a blocklist, but very little work now.
I'll happily mail anyone my blocklist that wants it.
Very handy of you are on limited bandwidth, or have a low bandwidth browsing requirement.
to save me installing the add-on, if you blocked mine, is it just that images, or all images/files on theboy.omegaowners.com/oofpics/whatever?
If I right click on your pic (in FF) I get a context menu that includes
"Block all images from". It blocks from theboy.omegaowners.com.
That's without Adblock.
Thats what worries me - I guess I'm not alone in using the same hosting account (website) for my avatars and for my photos that got in my posts, eg Maint Guides etc
-
Thats what worries me - I guess I'm not alone in using the same hosting account (website) for my avatars and for my photos that got in my posts, eg Maint Guides etc
I haven't used Adblock so I don't know if it gives better precision.
But blocking a whole domain is a blunt tool and not worth having IMO.
-
Lol, theres still a few big ones out there, but I disable them all anyway.
Patch due tonight to fix IE anyway, so back to normal soon ;)
How do you do that Jimbob? :-? Seems like a good idea. ;D ;D ;)
I Use a firefox addon called adblock plus, took some doing initially to build a blocklist, but very little work now.
I'll happily mail anyone my blocklist that wants it.
Very handy of you are on limited bandwidth, or have a low bandwidth browsing requirement.
to save me installing the add-on, if you blocked mine, is it just that images, or all images/files on theboy.omegaowners.com/oofpics/whatever?
If I right click on your pic (in FF) I get a context menu that includes
"Block all images from". It blocks from theboy.omegaowners.com.
That's without Adblock.
Thanks Bandit and Jimbob for your earlier post on blocking! :y
I have now used it on Taxi Drivers avatar (no offence intended!) that was too large and it has worked; avatar gone! :D ;)
-
Thats what worries me - I guess I'm not alone in using the same hosting account (website) for my avatars and for my photos that got in my posts, eg Maint Guides etc
I haven't used Adblock so I don't know if it gives better precision.
But blocking a whole domain is a blunt tool and not worth having IMO.
PER IMAGE blocking :)
you can use wild cards for domains etc ;)