Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Gopher Attacks Are Latest IE Security Threat
Brian McWilliams, SecurityFocus 2002-06-04

Browser's support for archaic technology lets attackers burrow in.

Comments Mode:
Gopher Attacks Are Latest IE Security Threat 2002-06-04
Anonymous (1 replies)
It appears that the gopher settings in the lan settings dialog are only available when connecting through a proxy. Does anyone have any info if that is really the case?

Eugene...

[ more ]  [ reply ]
Gopher Attacks Are Latest IE Security Threat 2002-06-05
Anonymous
If IE uses a DUN connection to connect to the internet then you need to alter the properties of that specific connection, not the LAN properties. The Proxy Settings specified in the article only apply when IE retrieves pages over a LAN connection. You will still be vulnerable to the theorised gopher...

[ more ]  [ reply ]
Instant Patch 2002-06-05
Anonymous
just block it from the registry

HKEY_CLASSES_ROOT\gopher\shell\open\command

replace that string value with notepad.exe or nothing at all....

[ more ]  [ reply ]
the best way to protect yourself 2002-06-05
Anonymous
use a browser that is not affected by this.

any non ms browser.

http://www.mozilla.org...

[ more ]  [ reply ]
Software that will prevent these bugs from causing damage 2002-06-05
<codetek (at) codetek (dot) com [email concealed]> (2 replies)
CodeTek Studios has just released, for free public beta, SafeOffice 1.0 for Windows XP. It is designed to prevent vulnerabilities just like this from being able to cause any damage to your system.

SafeOffice is able to provide an extra layer of security for people running Internet Explorer, Outlo...

[ more ]  [ reply ]
Software that will prevent these bugs from causing damage 2002-06-06
Anonymous
Hm... Great...

Do I trust security software from a firm, whose site gives the following error:

"Warning: Access denied for user: 'codetek@localhost' (Using password: YES) in //functions/db.php on line 13"

...

[ more ]  [ reply ]
Software that will prevent these bugs from causing damage 2002-06-06
Anonymous
Yeah, like, your page is severely struck with a case of unconectedness... Check it out....

[ more ]  [ reply ]
What if 2002-06-06
Anonymous
I delete everything under the Gopher Key in the Registry and then Write-protect the key, so that its content cannot be overwritten.

Very much like deleting the Outlook and Outlook Express Files and Removing access to the Directory for everyone, but leaving the empty directory there....

[ more ]  [ reply ]
Gopher Attacks Are Latest IE Security Threat 2002-06-07
Anonymous (1 replies)
I have a serious problem with releasing details about vulnerabilities before fixes are in place. You can say that

"the hackers know about them", but do they? I submit that very few know about these vulnerabilities until they are published, then everyone does. And if no fix is in place the danger is...

[ more ]  [ reply ]
Company Producing Fix 2002-06-08
Anonymous (1 replies)
This company is supposed to have some IE software security thing pretty soon- my friend works there.

http://www.PivX.com

Their technology for other things looks cool, why such a big company working on such a small little registry fix?...

[ more ]  [ reply ]
Company Producing Fix 2002-06-11
Anonymous
They have a fix, and it works great. There is a small problem though, Windows Media Player (WMP) by default uses the proxy settings in IE, and the gopher setting throws it all out of whack. There is anote on their site saying their going to fix that too.

...

[ more ]  [ reply ]
Gopher Attacks Are Latest IE Security Threat (write protect)? 2002-06-09
Anonymous (1 replies)
How would one 'write protect' a registry key? (as stated above)....

[ more ]  [ reply ]
Gopher Attacks Are Latest IE Security Threat (write protect)? 2002-06-11
Pasti
Do not use regedit, use regedt32 and you can

put security on the keys ;-)

Greetings P@sti

...

[ more ]  [ reply ]
Gopher Attacks Are Latest IE Security Threat 2002-06-11
Anonymous
Uh....who the HELL uses Gopher anymore?

Now after you ponder this question a little, ask yourself why support for freakin' GOPHER(!) had not been removed from IE's codebase a long time ago.

Everyone knows that MS has no problem with bloating code. The issue here seems to be that noone at ...

[ more ]  [ reply ]
Microsoft will not help 2002-06-12
Geoff Shively


Just as predicted, news media this week seems to be covering the MSIE gopher root exploit with a new focus on Microsoft and their real problems with security, not just the latest hole. One company even goes as far to say that they 'cleaned up Microsoft's mess, once again'. With 18+ un-patched...

[ more ]  [ reply ]
Gopher Attacks Are Latest IE Security Threat 2002-06-13
Anonymous
Does anyone know of any sites/companies/people who have been hacked thru this new flaw?...

[ more ]  [ reply ]
Gopher Attacks Are Latest IE Security Threat 2002-06-14
Anonymous
could explain as I to me can explore this bug and as I can protect me? ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus