Ghosts threaten Internet Explorer

Discussion in 'malware problems & news' started by tlu, Jun 27, 2008.

Thread Status:
Not open for further replies.
  1. tlu

    tlu Guest

    There are reports about a serious cross-domain vulnerability in Internet Explorer. Quote:

    "Do you believe in ghosts? Imagine an invisible script that silently follows you while you surf, even after changing the URL 1,000 times and you are feeling completely safe. Now imagine that the ghost is able to see everything you do, including what you are surfing and what you are typing (passwords included), and even guess your next move.No downloading required, no user confirmation, no ActiveX. In other words: no strings attached."

    While there is one report that says that only IE6 is affected, others claim that all browsers are. It seems, however, that only IE 6 &7 are affected.

    In any case it is highly recommended to disable Active Scripting in IE. As a precaution one should also disable Javascript in Opera and use Noscript with Firefox.
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Re: Ghosts threaten Intrenet Explorer

    Yes, I do believe in them, and if I find any ghosts in there, I'm calling these guys http://www.the-atlantic-paranormal-society.com/ ;) On a serious note, are all of our tools to protect ourselves going to become useless in the next couple of years?
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Re: Ghosts threaten Intrenet Explorer

    I´m also not sure what to think about it. Is this a major threat? Does it work in IE8 or not? But I told you guys, we need to get rid of Javascript as soon as possible, it´s crap, for the most part. :gack:

    https://www.wilderssecurity.com/showthread.php?t=206663
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Re: Ghosts threaten Intrenet Explorer

    Lol, I know, I understand your concern with javascript, but it really is a perfectly fine function (this coming from a non-programming guy of course). The code is safe, it's what people do with the code that makes it safe/unsafe. I also agree with what MrkVonic said in the thread you linked, Web 2.0 is bull and it's going to bring about security nightmares ( just call me Nostradamus ;) ).
     
  6. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Re: Ghosts threaten Intrenet Explorer

    Noscript FTW!!!! :)
     
  7. tlu

    tlu Guest

  8. tlu

    tlu Guest

    Re: Ghosts threaten Intrenet Explorer

    Ah - and how do prevent those people creating such unsafe code? ;)
     
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Re: Ghosts threaten Intrenet Explorer

    Well, short answer, you don't :) The Internet isn't regulated as of yet, so frankly you can't prevent people from creating malicious scripts and the like, you can only do your best to prevent the problems caused by them.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Hi,

    1 Apparently this has been fixed in Maxthon v2, it seems real interesting that they are actually able to fix flaws in the IE engine which M2 is using. They have also contacted MS about how they done it.

    2 How to make this exploit work? I´ve been to the testing site, but I have absolutely no clue if it works or not, what is supposed to happen?

    http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    *Bump*

    Anyone with any answers? What do y´all get to see? :blink:
     
  12. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Will Keyscrambler prevent them from reading key strokes? Will Sandboxie help?
     
  13. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    An invisible script that collects data ?

    How is that different from other malware that can do the same ?
     
Loading...
Thread Status:
Not open for further replies.