[DUG] Offtopic - but....

John Bird johnkbird at paradise.net.nz
Wed Jan 20 13:39:39 NZDT 2010 

Scaremongering?   Here is the Microsoft advisory link

http://www.microsoft.com/technet/security/advisory/979352.mspx

Some excerpts:

"Our investigation so far has shown that Internet Explorer 5.01 Service Pack 
4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that 
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, 
and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on 
supported editions of Windows XP, Windows Server 2003, Windows Vista, 
Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable."

"In a Web-based attack scenario, an attacker could host a Web site that 
contains a Web page that is used to exploit this vulnerability. In addition, 
compromised Web sites and Web sites that accept or host user-provided 
content or advertisements could contain specially crafted content that could 
exploit this vulnerability. In all cases, however, an attacker would have no 
way to force users to visit these Web sites. Instead, an attacker would have 
to convince users to visit the Web site, typically by getting them to click 
a link in an e-mail message or Instant Messenger message that takes users to 
the attacker's Web site."

An attacker who successfully exploited this vulnerability could gain the 
same user rights as the local user. Users whose accounts are configured to 
have fewer user rights on the system could be less affected than users who 
operate with administrative user rights.
"By default, all supported versions of Microsoft Outlook, Microsoft Outlook 
Express, and Windows Mail open HTML e-mail messages in the Restricted sites 
zone. The Restricted sites zone helps mitigate attacks that could try to 
exploit this vulnerability by preventing Active Scripting and ActiveX 
controls from being used when reading HTML e-mail messages. However, if a 
user clicks a link in an e-mail message, the user could still be vulnerable 
to exploitation of this vulnerability through the Web-based attack 
scenario."

Here is from that page the list of affected products:

This advisory discusses the following software.
Affected Software

Microsoft Windows 2000 Service Pack 4

Windows XP Service Pack 2 and Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 
2

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and 
Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit 
Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for 
x64-based Systems Service pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for 
Itanium-based Systems Service Pack 2

Windows 7

Windows 7 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for Itanium-based Systems

Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4

Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 
3, and Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 
2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition 
Service Pack 2

Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service 
Pack 3, and Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 
2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition 
Service Pack 2

Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows 
Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition 
Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows 
Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and 
Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows 
Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 8 for Windows XP Service Pack 2, Windows XP Service Pack 
3, and Windows XP Professional x64 Edition Service Pack 2

Internet Explorer 8 for Windows Server 2003 Service Pack 2, and Windows 
Server 2003 x64 Edition Service Pack 2

Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, Windows 
Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition 
Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows 
Server 2008 for 32-bit Systems Service Pack 2

Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows 
Server 2008 for x64-based Systems Service Pack 2

Internet Explorer 8 in Windows 7 for 32-bit Systems

Internet Explorer 8 in Windows 7 for x64-based Systems

Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems

Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems

Here is the list of Non-affected versions:
Non-Affected Software

Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service 
Pack 4

So you are safe if you are running IE5 on Windows 2000.

John Bird
JBCL
Contact:
johnkbird at paradise.net.nz
jbclnz at xtra.co.nz
027 4844528
http://jbclnz.googlepages.com
http://www.jbcl.co.nz
----- Original Message ----- 
From: "Jeremy North" <jeremy.north at gmail.com>
To: "NZ Borland Developers Group - Delphi List" <delphi at delphi.org.nz>
Sent: Wednesday, January 20, 2010 12:25 PM
Subject: Re: [DUG] Offtopic - but....


> while it affects IE6 on XP most no versions are immune.

Scaremongering much John?

On Wed, Jan 20, 2010 at 10:20 AM, John Bird <johnkbird at paradise.net.nz> 
wrote:
> In Chrome you can find out what is using CPU for each tab, there is a task
> manager.
>
> Try the Firefox 3.6 beta
>
> I really really would hesitate to use IE at the moment, seeing as all
> versions including IE8 on Windows 7 are vulnerable to the latest China
> exploit - while it affects IE6 on XP most no versions are immune.
> Especially if you are known to have access to any valuable intellectual
> property!
>
> Chrome UI is an acquired taste, personally I find Firefox Chrome and Opera
> all comparable in speed, Chrome and Opera are the speed freaks in most
> tests. Safari is also very fast but tends to have more security issues 
> than
> the others.
>
> >From what I have gathered, as details are deliberately a bit vague the
> "China attacks" worked like this:
>
> -They tried to hack into Gmail/Yahoo/Hotmaill accounts of known china
> activists and supporters. Gmail has now changed its default to https to
> make this harder - others are expected to follow.
>
> -Last year there were targeted emails sent to certain staff in the Dalai
> Lama's office, looking to be from someone the person knew with links to an
> innocuous web site, or attached photos/PDFs which had a malware dropper in
> it. Once loaded on the target PC, the Trojan started monitoring all email
> traffic and logins, and turned on web cams and microphones to monitor what
> was happening in the office around the PC, ie conversations nearby were 
> also
> being monitored.
>
> Once security specialists were called in, they found also a significant
> number of Asian embassies of various countries also had similar spyware
> installed - it was described as the most sophisticated and comprehensive
> spyware ever seen
>
> The traffic looked to being sent to a site in China and Taiwan physically
> close to the Chinese governments electronic monitoring site, however 
> no-one
> was sure of this as it could in theory have been going anywhere.
>
> -The Google and Adobe attacks this year look to be similar - There were
> targeted emails sent to staff deduced to have privileged access on 
> networks
> eg to source repositories. The emails apparently looked innocuous and from
> parties known to the receiver (this is the targeted part - the senders had
> done careful research). Once installed the malware started downloading the
> source it could locate to web sites that Google identified as being 
> Chinese.
> Google say up to 30 firms in California were targeted. The fact that they
> had publicly identified China as the offender implies they have done some
> thorough tracking of the destination of stolen data.
>
> This exploit is mainly in IE, and may also involve a PDF exploit as well.
> By all accounts Microsoft have conceded there is a problem in IE6 and do 
> not
> yet have a fix, and it is not certain it can be fixed. Turning the 
> security
> zone settings to High makes it less likely but is still not an absolute
> preventative. All versions of IE have this vulnerability.
>
> There was a similar serious problem with https in 2009 where a rogue web
> site could impersonate a legitimate site using a specially crafted digital
> certificate that had a binary null between the name of the impersonated 
> site
> and the false site name - this allowed the certificate to be verified but
> the impersonated name would be shown, not the true impersonating domain.
> This meant that a man-in-the-middle attack for https traffic to in
> particular bank web sites became possible with no warning in the browser 
> as
> the certificate looked to be verified (it was but for the malware domain).
> This vulnerability was fixed quite fast, but interestingly on Windows it
> affected IE, Chrome, Opera and Safari as they all used a Microsoft 
> component
> to verify digital certificates - Firefox was the only browser immune in 
> this
> case as it used its own component.
>
> Personally I prefer Firefox as its fast enough (close to if not fastest),
> best bookmarks search, and fastest consistently to fix security holes.
> However security is a constantly moving target and all software has its
> vulnerabilities.
>
> John
>
> From: "Jeremy North" <jeremy.north at gmail.com>
> To: "NZ Borland Developers Group - Delphi List" <delphi at delphi.org.nz>
> Sent: Wednesday, January 20, 2010 10:28 AM
> Subject: Re: [DUG] Offtopic - but....
>
>
> I'm sorry but I disagree. If all of those tabs are loaded then it
> shouldn't be using any CPU, or a very small amount.
>
> Firefox has security issues, just like IE.
>
> I use both but prefer IE, it handles flash a lot better than Firefox.
>
> Couldn't get into Chrome.
>
> I installed Firefox on the mac but it just seems out of place so
> generally use Safari - even though it is a pain to use. I don't browse
> often on the mac.
>
> On Tue, Jan 19, 2010 at 6:13 PM, John Bird <johnkbird at paradise.net.nz>
> wrote:
>> My Firefox (3.7) is using 12-13%cpu and 400MB with 88 tabs open at the
>> moment. Thats not too bad...
>>
>> John
>>
>> From: Sean Cross
>>
>> To: NZ Borland Developers Group - Delphi List
>> Sent: Tuesday, January 19, 2010 4:50 PM
>> Subject: Re: [DUG] Offtopic - but....
>>
>> Ram? I find processor usage is the problem. It can suck up 30% of my
>> processor for no apparent reason when it's just sitting in the 
>> background!
>>
>>
>>
>> Regards
>>
>>
>>
>> Sean Cross
>> CIO
>>
>>
>>
>> Catalyst Risk Management
>> PO Box 230
>> Napier 4140
>> DDI: 06-8340362
>> Mobile: 021270 3466
>>
>>
>>
>> Visit us at http://www.catalystrisk.co.nz
>>
>>
>>
>> Offices in Auckland, Hamilton, Napier, Wellington, Christchurch & Dunedin
>>
>>
>>
>> Disclaimer:
>> "The information contained in this document is confidential to the
>> addressee(s) and may be legally privileged. Any view or opinions 
>> expressed
>> are those of the author and may not be those of Catalyst Risk Management.
>> No
>> guarantee or representation is made that this communication is free of
>> errors, viruses or interference. If you have received this e-mail message
>> in
>> error please delete it and notify me. Thank you."
>>
>>
>>
>>
>>
>> From: delphi-bounces at delphi.org.nz [mailto:delphi-bounces at delphi.org.nz]
>> On
>> Behalf Of Jeremy Coulter
>> Sent: Tuesday, 19 January 2010 12:03 p.m.
>> To: NZ Borland Developers Group - Delphi List
>> Subject: [DUG] Offtopic - but....
>>
>>
>>
>> I know thi sis offtopic, but does anyone know WHY FireFox consumse SO 
>> MUCH
>> RAM ??
>> I have 8 tabs open and its usign over 400MB !! Its complete madness ! I
>> have started going off Firefox lately. On ym Vista 64bit install at home,
>> I
>> cant do an F5 to refresh, I have to do a CTRL+F5 ..... grrr
>>
>>
>> Jeremy
>>
>> ________________________________
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at delphi.org.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>> unsubscribe
>>
>> ________________________________
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at delphi.org.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>> unsubscribe
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at delphi.org.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>> unsubscribe
>>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at delphi.org.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
> unsubscribe
>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at delphi.org.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject: 
> unsubscribe
>

_______________________________________________
NZ Borland Developers Group - Delphi mailing list
Post: delphi at delphi.org.nz
Admin: http://delphi.org.nz/mailman/listinfo/delphi
Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject: 
unsubscribe

More information about the Delphi mailing list