Infocon back to green

Published: 2005-11-22
Last Updated: 2005-11-22 19:44:11 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
After elevating the Infocon to 'Yellow' 24 hours ago, we now switched back to green as there is no new development regarding the Internet Explorer issue.

There is still no fix, and even on our site, which is mostly frequented by users interested in security, 50% of all visitors are likely  vulnerable based on them using Internet Explorer with Javascript enabled.

We do not see any use of the exploit "in the wild", but the proof of concept version could trivially be modfied, so the risk persists.

If you use Microsoft Internet Explorer, make sure that you have Javascript turned off. While Windows 2003 is not vulnerable in its default configuration, it may be vulnerable in a more relaxed configuration.

Personal preference: Use Firefox and the "noscript" extension. It will allow you to turn javascript on as needed.

In MSIE, you have the option to have MSIE prompt you whenever a site contains Javascript. This is not only a bit annoying, but the warning that pops up may not get the message across to your users:

0 comment(s)


Diary Archives