http://www.washingtonpost.com/wp-dyn/articles/A6746-2004Jun25.html
Virus Designed to Steal Windows Users' DataHundreds of Web Sites Targeted By Brian KrebsSpecial to The Washington PostSaturday, June 26, 2004; Page A01A new Internet virus has surfaced that allows hackers to steal passwords, credit card numbers and other personal information when someone merely visits an infected Web site, government computer security experts warned this week.Hundreds of Web sites have been targeted by the virus, which exploits flaws in Microsoft Corp.'s Windows Internet software, according to an alert issued Thursday by the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.Infected sites were programmed to connect people using the Microsoft Internet Explorer browser to a Web site that contains code allowing hackers to record what users type, such as passwords and credit card and Social Security numbers. The code then e-mails that information to the anonymous attackers.Government officials would not identify the infected sites; computer security vendors said many have taken steps to fix the problem. In addition, most large Internet service providers have stopped forwarding Web traffic to the Russian Web site that apparently hosts the software that records what is typed, minimizing the theft of data, officials said.Among the several Web sites hit by the virus, dubbed "js.scob.trojan" by one antivirus vendor, were the Web sites of the Kelley Blue Book automobile pricing guide and MinervaHealth Inc., a Jackson, Wyo., company that provides online financial services for hospitals and health care businesses.Robyn Eckard, a spokeswoman for the Irvine, Calif.-based Kelley Blue Book, said the company learned about the problem late Wednesday after Web site visitors said their antivirus software tipped them off to the code. Eckard said Kelly Blue Book removed the malicious code from its site by late Thursday afternoon.Jennifer Scharff, vice president of marketing for MinervaHealth, said some of the company's clients reported the problem on Thursday. The company has since fixed its site, she said. Scharff said no more than 50 visitors browsed the Web site during the time it was serving up the hostile code.Stephen Toulouse, a security program manager at Microsoft, said the company does not believe the attack is widespread. "Nonetheless, we view this as a very real threat, with serious significance in terms of the potential impact on our customers," he said.Toulouse said the company is gathering information on the attack and will hand it over to the FBI.FBI spokesman Joe Parris declined to say whether the FBI is investigating the attack. "These types of Trojan horse attacks are not that uncommon, and we work closely with Microsoft in investigating matters of this type and always follow up on any information provided by industry," he said.Security experts said the attack represents the latest variation on "phishing" scams, a form of fraud designed to trick people into giving personal data to criminals who have designed Web sites to look like those of respectable companies.Ken Dunham, malicious code manager for iDefense Inc., a Reston-based computer security company, said he expects this kind of attack to become more widespread in coming weeks and months."These guys have the tools, techniques and motivation to launch highly sophisticated attacks that are very difficult for consumers to protect themselves against," he said. "Whoever is responsible has just seen how well this attack works, and other [hacker groups] are almost surely going to take notice."Computers experts urged Internet users to install firewalls and antivirus software and to download the latest updates. A CERT alert said Explorer users also can protect themselves by turning off the JavaScript function in their browsers. That change, however, can impair Internet browsing since JavaScript is a programming language used to add interactive functions to many Web sites.The attack takes advantage of several recently discovered security flaws in Microsoft's Internet browser and Internet Information Services Web software. Microsoft released a patch in April to fix one security hole in its Internet browser; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago.CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser's security settings to "high," but that can impair some browsing functions.Krebs is a staff writer for washingtonpost.com. Staff writer Michael Musgrove contributed to this report.
By Brian KrebsSpecial to The Washington PostSaturday, June 26, 2004; Page A01
A new Internet virus has surfaced that allows hackers to steal passwords, credit card numbers and other personal information when someone merely visits an infected Web site, government computer security experts warned this week.
Hundreds of Web sites have been targeted by the virus, which exploits flaws in Microsoft Corp.'s Windows Internet software, according to an alert issued Thursday by the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.
Infected sites were programmed to connect people using the Microsoft Internet Explorer browser to a Web site that contains code allowing hackers to record what users type, such as passwords and credit card and Social Security numbers. The code then e-mails that information to the anonymous attackers.
Government officials would not identify the infected sites; computer security vendors said many have taken steps to fix the problem. In addition, most large Internet service providers have stopped forwarding Web traffic to the Russian Web site that apparently hosts the software that records what is typed, minimizing the theft of data, officials said.
Among the several Web sites hit by the virus, dubbed "js.scob.trojan" by one antivirus vendor, were the Web sites of the Kelley Blue Book automobile pricing guide and MinervaHealth Inc., a Jackson, Wyo., company that provides online financial services for hospitals and health care businesses.
Robyn Eckard, a spokeswoman for the Irvine, Calif.-based Kelley Blue Book, said the company learned about the problem late Wednesday after Web site visitors said their antivirus software tipped them off to the code. Eckard said Kelly Blue Book removed the malicious code from its site by late Thursday afternoon.
Jennifer Scharff, vice president of marketing for MinervaHealth, said some of the company's clients reported the problem on Thursday. The company has since fixed its site, she said. Scharff said no more than 50 visitors browsed the Web site during the time it was serving up the hostile code.
Stephen Toulouse, a security program manager at Microsoft, said the company does not believe the attack is widespread. "Nonetheless, we view this as a very real threat, with serious significance in terms of the potential impact on our customers," he said.
Toulouse said the company is gathering information on the attack and will hand it over to the FBI.
FBI spokesman Joe Parris declined to say whether the FBI is investigating the attack. "These types of Trojan horse attacks are not that uncommon, and we work closely with Microsoft in investigating matters of this type and always follow up on any information provided by industry," he said.
Security experts said the attack represents the latest variation on "phishing" scams, a form of fraud designed to trick people into giving personal data to criminals who have designed Web sites to look like those of respectable companies.
Ken Dunham, malicious code manager for iDefense Inc., a Reston-based computer security company, said he expects this kind of attack to become more widespread in coming weeks and months.
"These guys have the tools, techniques and motivation to launch highly sophisticated attacks that are very difficult for consumers to protect themselves against," he said. "Whoever is responsible has just seen how well this attack works, and other [hacker groups] are almost surely going to take notice."
Computers experts urged Internet users to install firewalls and antivirus software and to download the latest updates. A CERT alert said Explorer users also can protect themselves by turning off the JavaScript function in their browsers. That change, however, can impair Internet browsing since JavaScript is a programming language used to add interactive functions to many Web sites.
The attack takes advantage of several recently discovered security flaws in Microsoft's Internet browser and Internet Information Services Web software. Microsoft released a patch in April to fix one security hole in its Internet browser; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago.
CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser's security settings to "high," but that can impair some browsing functions.
Krebs is a staff writer for washingtonpost.com. Staff writer Michael Musgrove contributed to this report.
― People love Gravity and Ebullition! (ex machina), Sunday, 27 June 2004 17:42 (twenty-one years ago)
― teeny (teeny), Sunday, 27 June 2004 18:27 (twenty-one years ago)
― People love Gravity and Ebullition! (ex machina), Sunday, 27 June 2004 18:27 (twenty-one years ago)
lalalalala, I love my powerbook.
― AaronHz (AaronHz), Sunday, 27 June 2004 19:10 (twenty-one years ago)
― People love Gravity and Ebullition! (ex machina), Sunday, 27 June 2004 19:13 (twenty-one years ago)
― AaronHz (AaronHz), Sunday, 27 June 2004 19:22 (twenty-one years ago)
LASER!!!
― People love Gravity and Ebullition! (ex machina), Sunday, 27 June 2004 19:30 (twenty-one years ago)
― Markelby (Mark C), Sunday, 27 June 2004 19:38 (twenty-one years ago)
Microsoft users: live by the turd, die by the turd.
― Rock Hardy (Rock Hardy), Sunday, 27 June 2004 20:15 (twenty-one years ago)
― Jordan (Jordan), Sunday, 27 June 2004 22:04 (twenty-one years ago)
Anyhoo, my point. IE is all we're allowed to use at my work, ha har. If these machines all get infected I'll be amused, tho we run such tight firewall security its possibly unlikely but still. I must make a note not to do any online banking from work in the meantime I guess.
― Trayce (trayce), Sunday, 27 June 2004 23:34 (twenty-one years ago)
― j.lu (j.lu), Monday, 28 June 2004 00:32 (twenty-one years ago)
ALSO: VIRUSES COME OVER THE FUCKING HTTP CONECTTIONSSNO
― People love Gravity and Ebullition! (ex machina), Monday, 28 June 2004 01:47 (twenty-one years ago)
― Trayce (trayce), Monday, 28 June 2004 02:17 (twenty-one years ago)
― People love Gravity and Ebullition! (ex machina), Monday, 28 June 2004 02:27 (twenty-one years ago)
― ¥¤±²£¢Ð¼æ®ª«¶Þ÷³¹ß½Øש§¾¿¥¤±²£¢Ð¼æ®ª«¶Þ÷³¹ß½Øש§¾¿¥¤±²£¢Ð¼æ®ª«¶Þ÷³¹ß½Øש§¾¿ (ex , Tuesday, 29 June 2004 19:20 (twenty-one years ago)
I've written an extension for Mozilla Firefox that, when installed, alters the display and functionality of allmusic.com. Specifically, it does the following:
It cleans up the horrible JavaScript-only links sitewide, thus enabling 21st-century browsing techniques such as tabbed browsing and opening links in new windows.
It hides the annoying Flash spinner thing atop each page.
It changes the functionality of the "Read more..." links on band and album detail pages. On the old AMG, band and album pages contained full reviews. Now, they feature only the first few sentences, with a link to "Read more..." on a separate page. The extension changes the functionality of that "Read more..." link so that, instead of taking you to a new page, clicking the link will dynamically load the full band/album review and insert it inline.
― Elvis Telecom (Chris Barrus), Tuesday, 20 July 2004 16:15 (twenty-one years ago)
― g--ff (gcannon), Tuesday, 20 July 2004 16:38 (twenty-one years ago)
i've been using mozilla for a while now, but the firefox browser seems a little zippier and i like the extensions for it better. but i still need an e-mail client...
― mookieproof (mookieproof), Tuesday, 20 July 2004 17:12 (twenty-one years ago)
― Lord Custos Omicron (Lord Custos Omicron), Tuesday, 20 July 2004 22:20 (twenty-one years ago)
― mookieproof (mookieproof), Tuesday, 20 July 2004 22:44 (twenty-one years ago)
Sent: Thursday, February 24, 2005 1:31 PMSubject: Mozilla Firefox
Hello:
Please advised[sic] why Mozilla Firefox is installed on your computer. Firefox is not [clip]'s standard Internet Browser and will be removed from workstations.
Thank You,
Desktop Engineering - U.S.
― gygax! (gygax!), Thursday, 24 February 2005 21:46 (twenty-one years ago)
― caitlin oh no (caitxa1), Thursday, 24 February 2005 22:05 (twenty-one years ago)
― mookieproof (mookieproof), Thursday, 24 February 2005 22:14 (twenty-one years ago)
― Paunchy Stratego (kenan), Wednesday, 13 July 2005 15:02 (twenty years ago)
― Jon, remind me again why you haven't drowned in your own vomit (ex machina), Wednesday, 13 July 2005 15:07 (twenty years ago)
― David R. (popshots75`), Wednesday, 13 July 2005 15:10 (twenty years ago)
― Paunchy Stratego (kenan), Wednesday, 13 July 2005 15:12 (twenty years ago)
― Jon, remind me again why you haven't drowned in your own vomit (ex machina), Wednesday, 13 July 2005 15:15 (twenty years ago)
― Paunchy Stratego (kenan), Wednesday, 13 July 2005 15:17 (twenty years ago)
― Jon, remind me again why you haven't drowned in your own vomit (ex machina), Wednesday, 13 July 2005 15:19 (twenty years ago)
What I'm REALLY hoping for is a newer version of their calendar program.
― David R. (popshots75`), Wednesday, 13 July 2005 15:19 (twenty years ago)
i've always noticed that memory issue. it's been around since earlier versions. m.
― msp (mspa), Wednesday, 13 July 2005 15:25 (twenty years ago)
― teeny (teeny), Wednesday, 21 September 2005 17:45 (twenty years ago)
I only just got Firefox based on the "it's 2005 what browser do you use" thread, but was afraid to use the beta, I loaded the standard version. Is Opera a better bet? I am weaning off IE entirely and like the tabbed thing at the top very much on Firefox.
― Wiggy (Wiggy), Wednesday, 21 September 2005 18:48 (twenty years ago)
― M. V. (M.V.), Wednesday, 21 September 2005 21:48 (twenty years ago)
(Note: this is my idiosyncratic minimalist arrangement; on installation the array of buttons and bars is, eh, Maybachy.)
― M. V. (M.V.), Wednesday, 21 September 2005 21:59 (twenty years ago)
― I do feel guilty for getting any perverse amusement out of it (Rock Hardy), Monday, 12 December 2005 01:40 (twenty years ago)
― Hairy Asshurt (Toaster), Monday, 12 December 2005 11:49 (twenty years ago)
― ken c (ken c), Monday, 12 December 2005 13:05 (twenty years ago)
― ken c (ken c), Monday, 12 December 2005 13:07 (twenty years ago)
― caitlin oh no (caitxa1), Monday, 12 December 2005 13:08 (twenty years ago)
― Greig (treefell), Monday, 12 December 2005 13:10 (twenty years ago)
― ken c (ken c), Monday, 12 December 2005 13:10 (twenty years ago)
― caitlin oh no (caitxa1), Monday, 12 December 2005 13:12 (twenty years ago)
― rtcotm (mwah), Saturday, 18 March 2006 12:58 (twenty years ago)
network.http.max-connections = network.http.max-connections-per-server = network.http.max-persistent-connections-per-server= network.http.pipelining = network.http.pipelining.maxrequests = network.http.request.max-start-delay =
― rtcotm (mwah), Saturday, 18 March 2006 13:03 (twenty years ago)
― s/c johnson wax (Jody Beth Rosen), Saturday, 18 March 2006 22:00 (twenty years ago)
It's been a while since I really paid attention to such things, but I suspect that most of the precieved performance improvements here with cranking this up would be mostly to do with poor scheduling on the client side and lots of big stuff with lots of small stuff on the server side. For example, you've got a pile of connections open downloading flash while smaller images and text get starved out. That and if you have a really high latency link, it makes things better. Pipelining would make that even better, but...
Although pipelining would theortically be wonderful to turn on, there's a fair number of web servers out there that don't react very well with pipelined HTTP requests. It's probably set to "false" by default for a reason. Stuff will get faster if you turn it on, but some sites may not work at all.
With this said, I've never used fasterfox or even know what it is..
― mikef (mfleming), Saturday, 18 March 2006 23:46 (twenty years ago)
― kyle (akmonday), Monday, 20 March 2006 14:08 (twenty years ago)
― beanz (beanz), Monday, 20 March 2006 14:14 (twenty years ago)
― R.I.P. Concrete Octopus ]-`: is a guy with a belly button piercing (ex machina), Monday, 20 March 2006 15:03 (twenty years ago)
― beanz (beanz), Monday, 20 March 2006 15:12 (twenty years ago)
that being said, I do turn on pipelining, and crank that bitch up to 30, but I don't change any of the other network.http defaults.
― TOMBOT, Monday, 20 March 2006 20:13 (twenty years ago)
― R.I.P. Concrete Octopus ]-`: is a guy with a belly button piercing (ex machina), Monday, 20 March 2006 20:40 (twenty years ago)
― TOMBOT, Monday, 20 March 2006 20:52 (twenty years ago)
― Jordan (Jordan), Monday, 20 March 2006 20:53 (twenty years ago)
Wait... the man too lazy to LOGIN to ILX is telling us to use about:config?
― R.I.P. Concrete Octopus ]-`: is a guy with a belly button piercing (ex machina), Monday, 20 March 2006 20:58 (twenty years ago)
― R.I.P. Concrete Octopus ]-`: is a guy with a belly button piercing (ex machina), Tuesday, 21 March 2006 14:46 (twenty years ago)
whatever the most recent version is (for windows, and NO THAT'S NOT WHY; it was running beautifully up until about two weeks ago). i check for spyware/viruses pretty often, so i'm almost certain it's not that. i wonder if there's some other program it's conflicting with?
problems:
1) taking a long time to load when i try to start it2) hanging ("not responding")3) randomly shutting down (w/ "feedback agent" popup)
― My faxed joke won a pager in the cable TV quiz show. (Jody Beth Rosen), Tuesday, 21 March 2006 14:59 (twenty years ago)
― NICKBURNS (ex machina), Tuesday, 21 March 2006 15:06 (twenty years ago)
The advisory, which will be posted here, acknowledges a code execution hole that was discovered and publicly reported by Secunia Research of Copenhagen, Denmark.
Secunia said in an alert that the vulnerability is due to an error in the processing of the "createTextRange()" method call applied on a radio button control.
"This can be exploited by a malicious Web site to corrupt memory in a way that allows the program flow to be redirected to the heap," Secunia said in the alert, warning that successful exploitation allows execution of arbitrary code whenever the target visits the rigged Web site.
Microsoft hunts down new Internet Explorer bug. Click here to read more.
The vulnerability was confirmed on a fully patched system with IE 6.0 and Microsoft Windows XP SP2. It has also been confirmed in IE 7 Beta 2 Preview, Secunia said.
― R.I.P. West Village Bird Shaman ]-`: (ex machina), Thursday, 23 March 2006 19:24 (twenty years ago)
Firefox really sucks lately. Real talk.
― M@tt He1ges0n, Friday, 21 March 2008 17:14 (eighteen years ago)
It does? I think FF3beta4 is the best of the FF3 betas and the first one that made me completely ditch version 2.x
― StanM, Friday, 21 March 2008 19:15 (eighteen years ago)
my regular version is crash like hell lately. don't know what's up.
i tried the beta and it wasn't much better (tho i am on a mac so maybe that's the difference)
i actually started using safari for the first time in ages again, and it's consistently faster than FF right now.
― M@tt He1ges0n, Friday, 21 March 2008 19:32 (eighteen years ago)
I am having none of these firefox issues on XP or OS X. then again I refuse to upgrade to leopard until they force the issue.
― El Tomboto, Friday, 21 March 2008 20:08 (eighteen years ago)
anyway as regards the original advisory, at this point the only vaguely safe way to use the internet IMEO is to use firefox with noscript and adblock with filterset g
― El Tomboto, Friday, 21 March 2008 20:44 (eighteen years ago)
or just never use javascript or flash or quicktime plugin
firefox has a fucking horrible memory leak or something, at least in XP, leave it open with gmail for half a day and watch it eat up everything it can
― akm, Friday, 21 March 2008 20:45 (eighteen years ago)
Seems to top out at 150MB for me. I'd rather deal with that than an infestation of mebroot
― El Tomboto, Friday, 21 March 2008 21:12 (eighteen years ago)