Oh I left parts out of my rant.
I truely mean the words in the next sentence.
What idiot approved the dialog box that basically says "This web site you haven't added to your Trusted Sites is at the moment wanting to get onto your network and write and read files. We're not going to tell you which ones. Will you let it"?
Now I think I"ve scoured my zone settings for three days and dont think I have one remaining option at "Prompt" will it ever go away?
-
Follow
Oops, something didn't work.
Sign In to be begin to follow this thread
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.Getting "follow" information
Start following this thread
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.Removing your "follow"
Setting up your "follow"
Did you know you can
sign up for email notifications?
-
pacelvi
Phear
-
manickernel
anticipate consequences..
Ok, I kinda hoped someone might discuss this but I now ask of you humbly with hat in hand....
What ARE the implications of following the Eeye registry modifications on workstation clients as follows:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}]
"Compatibility Flags"=dword:00000400[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/hta]
I know that this unlinks the adodb.stream function (if I am saying that right) on the local machine from IE, and removes the mime type for hta, but what are the possible ramifications?
I have already done this for about 900 desktops, and no issues yet, but would like more information.
or am i just beta testing out here??
and this may have been reported elswhere, but SecFocus has news of a second vector for the recent vulnerablilty in this link
-
Karim
Trapped in a world he never made!
pacelvi wrote:
What idiot approved the dialog box that basically says "This web site you haven't added to your Trusted Sites is at the moment wanting to get onto your network and write and read files. We're not going to tell you which ones. Will you let it"?
LOL!
My favorite (and I have only this on Microsoft sites so far, including microsoft.com/security), is the XP SP2 dialog that says,
The current site is trying to open a file that can have different security restrictions. If you trust this site, proceed by clicking OK.
The first time I saw this, I was like "WHAT file?!?!" and "Different security restrictions from WHAT?!?!"
There's a point at which dumbing down the technical content of an error message makes it completely useless. I call this the "Sad Mac" syndrome, after the little Sad Macintosh icon that comes on whenever the Mac has one of 27 billion possible hardware problems. It's similar to the "Check Engine" light on some cars.
Error message we can expect to see in the future:
"The current site is trying to do something that may or may not be malicious. If you would like to proceed, click OK."
"The server has sent content that could have ambiguous security ramifications for you, or possibly for those on your network. If you believe the owner of this website to be an honest and forthright person of integrity, click OK to continue."
"This web page contains content that could sometimes possibly be considered harmful, though not always. Click Cancel to navigate away from this page, or click the 'I'm Feeling Lucky' button to proceed."
-
manickernel
anticipate consequences..
Just reading Karim above, and hoping someone might have replied to my post, and I got to thinking..(always dangerous)
Now this is way, way out there. But at this point maybe way out is needed....
Why couldn't Microsoft generate "trusted keys" similar to SSL keys. Any website that wants to take ActiveX beyond "safe" methods would need to register and get a key before IE would grant those methods. The critical thing here is keys could be revoked, so this is more than just "signing" them as is done currently.
This takes part of the burden of determining a "trusted site" off the user.
Ok, I have probably made an idiot of myself, but no more so than "open a file that can have different security restrictions" -
manickernel
anticipate consequences..
As PeterF posted over in the coffeehouse, Microsoft has released a critical update 870669 that essentially makes the same modifications removing adodb.streams from IE functionality as recommended by Eeye.
-
Karim
Trapped in a world he never made!
an·ti·cli·max [ àntī kl màks, àntee kl màks ] (plural an·ti·cli·max·es) noun 1. disappointing end after big buildup: an ordinary or unsatisfying event that follows an increasingly exciting, dramatic, or unusual series of events or a period of increasing anticipation and excitement -
Karim wrote:
I call this the "Sad Mac" syndrome, after the little Sad Macintosh icon that comes on whenever the Mac has one of 27 billion possible hardware problems.
LOL
/Lars.
Thread Closed
This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.