Feeling Dangerously Brave?

**Leurgy** · August 13th, 2002, 12:12 PM

A friend went to a site that ran the JS.Exception Exploit on his machine. Its mostly annoying (webpage changes when he moves the mouse, errors in Windows Explorer). In researching it, I found many refences to Internet Explorer, but he uses Netscape.

Turns out he has never done a Windows Update. He is doing that now, and I think that the Critical/Security Update that would have saved him was November 12, 1999. (Deals with Javascript)But would that haved saved him if he uses Netscape?

He insists on using V4.76 and I have found where he can download that version from Netscape's site. Would the "current" V4.76 be any more secure than his two year old one?

If anyone is feeling dangerously brave, and if a Moderator agrees, I'll post the URL.

**fink** · August 13th, 2002, 12:20 PM

That website is for the makers of Lockdown Millenium, formerly Lockdown 2000. They have been harshly criticized by a lot of knowledgable web security/privacy experts for not only creating a substandard product and using fear tactics to try and get unknowing users to buy their software but also for generating spurious lawsuites against some of those critics.

http://www.nwinternet.com/~pchelp/bo/LDthreat.htm

**Leurgy** · August 13th, 2002, 12:38 PM

Thanks Fink:

I ran the test with AVG running, and got an alert "Could be infected VBS/GMW". It then wanted me to shutdown my anti-virus. I'm not THAT stupid. I read the page you sent, and am removing that link.

Thanks again, I guess thats why we come here.

**JoJo Gunn** · August 13th, 2002, 02:46 PM

The page you get after clicking on the link on Little's page shows me that Lockdown is the most unprofessional "business" I've seen yet in the time I've been on the Net. Why would I spend a dime with them? And what would I get if I used their phone support? Sounds from a nursery?

From a quick glance it would seem Little has more reason for a lawsuit, considering there's a whole web page of bed wetting dedicated to him.

http://lockdowncorp.com/pchelp/

Uh, make that at least 2 pages of bedwetting.

http://lockdowncorp.com/pchelp/paris.html

Very unprofessional business practices.....

**Leurgy** · August 13th, 2002, 04:14 PM

So, it seems that these two people (Paris and Little) are not getting along. Oh well.

Any answers to my questions?

**JoJo Gunn** · August 13th, 2002, 06:21 PM

I'm confused. Did you post a link to that script and later remove it? I'm only able to go by fink's response here. Is that script attributed to Lockdown? If so, my comments apply.

Now, what site did your friend go to?

**Leurgy** · August 13th, 2002, 08:42 PM

I removed the link for the lockdown browser security test, based on what I read, and what I experienced.

The site my friend went to was:

http://www.nessie.co.uk/

**Tuttle** · August 14th, 2002, 05:29 AM

The patches on Windows Update only apply to IE, not Netscape. Historically though, Netscape has suffered from far fewer of that sort of exploit than IE, and in this case it appears that JS.Exception is an IE-only flaw.

There's no point downloading 4.76 again. Netscape sometimes release a major security fix as a new minor version without actually telling anyone it's a security fix, but to my knowledge they've never tried to silently re-release a version.

**Leurgy** · August 16th, 2002, 03:51 PM

Spoke to my friend again and he is suddenly being flooded with spam, co-incident to the JS.Exploit(?). The wierd thing about it is that the spam he is receiving does not have his email address, in other words, he is receiving spam with other peoples email addresses.

Could the Exploit have caused this? If so, how? Any ideas about how to correct this?

Thread: Feeling Dangerously Brave?

Thread Tools

Search Thread

Display

Feeling Dangerously Brave?

Thread Information

Users Browsing this Thread

Posting Permissions