"Waitman C. Gobble" <waitmanat_private> wrote: <<snip>> > I sent emails to the IP block owners of both 030.com and the ip in the > hosts file, requesting that they investigate this matter and terminate > the activity. > > I could care less if the owner of the site sends a friendly email > instructing how to disable the thing. The hijacking should not have > happened in the first place. You almost certainly have two problems: 1. You/your users use IE to browse the web. Just say no. Get any other buggy browser. The minor inconveniences of having to occasionally do a shift-Reload to force a refresh because of local caching screwiness, or killing and occasionally restarting the browser because your system gets real slow and unresponsive and four web pages of basically plain text apaprently require 92MB of RAM to render, etc, etc far outweigh all the crap you face due to the bug du jour mess you face with IE. The point is, IE bugs are heinous _and_, because there are so many IE users, arseholes will exploit them for as "trivial" but annoying things as changing your home page, default browser search page and much worse. Mozilla, Opera, etc, etc are probably no less buggy, but any security flaws they have that are half as bad as most of IE's are not known and thus are not being widely exploited. 2. Most likely your IE users have default security zone settings. If you really "must" keep using IE (given its appalling security record no-one can really justify that, but I'll humour you and assume there is some extraordinarily wacky "business need" argument peculiar to your company that only the sheer idiocy of typical middle level management could possibly understand) then you have to disable all ActiveX (except supervisor-approved), all scripting and all anything else 'active' in the Internet zone then be very careful about which domains you put in the Trusted Sites zone. Of course, you then should review the Trusted Sites security settings, as the default Internet zone settings are really more appropriate. This will break a huge chunk of the Internet because far too much of it unnecessarily "requires" scripting, promptly returning us to the "have you considered using another browser?" option. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Nov 11 2002 - 13:26:12 PST