[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

How vulnerable IE 5 is?

Posted on 1999-11-17
12
Medium Priority
?
133 Views
Last Modified: 2013-12-28
if you visit http://www.angelfire.com/ia/padok with
IE5 they'll show you your directory structure in your drive C.

How dangerous is that? What kind of information a site can get from your computer? Are not on purpose these kind of "bugs" to read these informations?

Reginaldo
0
Comment
Question by:rarigo
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 17

Accepted Solution

by:
rayt333 earned 40 total points
ID: 2215610
Very interesting, It does not show that with Netscape, I tries using IE5 and it showed the directory of my "C" drive, I guess that goes to show you how much more secure Netscape is (my prefered browser of choice)
0
 
LVL 25

Expert Comment

by:dew_associates
ID: 2215903
Actually, while the site is Java enabled, which then enables them to see the directory structure, they cannot actually read, alter or replace a file. This, of course, depends upon the restrictions you use in IE5 and whether you have downloaded and applied the security fixes.

Ray, you can't see it with Netscape as Netscape does not support the new COM or the new Java scripts. However, that doesn't mean you system is not vunerable via Java attacks, as it is but you just won't be aware that it is happening. When the page downloads to you, the java script is on your system and its part of the original netscape engine.
Dennis
0
 
LVL 1

Expert Comment

by:kjanx
ID: 2217296
thats all bull. i fell for that one years ago. thats actually a pic of your own harddrive, and no one is looking at it or can see it.
nothing to fear.
kj
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
LVL 25

Expert Comment

by:dew_associates
ID: 2217702
kjanx, might I suggest that you do a little more research before you make that kind of statement.

What a little idea of what a hacker can do to identify you when you logon?

Go on line and open your email browser. Now minimize everything and then click Start, Programs, MS-DOS prompt.

Now type NETSTAT -r <Enter>

Netstat can be run from a java enabled script. Now, what can a hacker do with all of this info?

By the way, you may also want to visit or sunscribe to the MS Security Service.
Dennis
0
 
LVL 17

Expert Comment

by:rayt333
ID: 2217971
Dennis
You are a wealth of info
Thanks
Ray
0
 

Author Comment

by:rarigo
ID: 2221440
This question was posted here to be discussed not to be answered. But a good answer would be the JavaScript that does that.
0
 
LVL 25

Expert Comment

by:dew_associates
ID: 2221448
Nope, I don't think so Rarigo! Why would you need the script for? And besides that, to do so would be a violation of the tenets of this site.

You received the advice you requested, and now you just want to discuss it? I don't think so..this site don't work that way. If this is what you wanted, you should have said so without baiting people with 100 points as an offer.

Dennis
0
 

Author Comment

by:rarigo
ID: 2221462
Dear Dennis,
  I didn't offer 100 points as you said. Take a better look and you'll see 10 ( ten ) and where did you read that exchange code violates the tenets of this site. Alias, this is the name of this site experts-EXCHANGE. Is it not?

Tchau,
Reginaldo

P.S. if you still want the points ( 10 of them ) propose an answer.

0
 
LVL 25

Expert Comment

by:dew_associates
ID: 2221472
My error and apology, there are only 10 points.

As for the java code to do as you seek, it could be potentially harmful to a PC user, therefore it is frowned upon at this site to offer such code.

And no, I have no need for the points!
0
 

Author Comment

by:rarigo
ID: 2221486
Dear Dennis,
   Now you say 'it could be potentially harmful' and I've asked exactly that. How dangerous can this kinda of site be? Only now, after this, you tell me. What's going on here?
   By the way. When I said this question was posted here to be discussed not be answered I was thinking just that. You and no one need these points but we need the discussion on these matters. Don't you think so?


Tchau,
Reginaldo

P.S.: I have that code.


   
0
 
LVL 25

Expert Comment

by:dew_associates
ID: 2221493
If you've read my comments above (all of them), and you've been following the MS Java related security issues in the last six months, there's not much room for discussion not is there.
0
 

Author Comment

by:rarigo
ID: 2225178
That's the best comment. Netscape is more secure.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension . This reminded me of questions that come up here at EE along the lines of, "How can I tell the type of file from its cont…
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question