How vulnerable IE 5 is?

if you visit http://www.angelfire.com/ia/padok with
IE5 they'll show you your directory structure in your drive C.

How dangerous is that? What kind of information a site can get from your computer? Are not on purpose these kind of "bugs" to read these informations?

Reginaldo
rarigoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rayt333Commented:
Very interesting, It does not show that with Netscape, I tries using IE5 and it showed the directory of my "C" drive, I guess that goes to show you how much more secure Netscape is (my prefered browser of choice)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dew_associatesCommented:
Actually, while the site is Java enabled, which then enables them to see the directory structure, they cannot actually read, alter or replace a file. This, of course, depends upon the restrictions you use in IE5 and whether you have downloaded and applied the security fixes.

Ray, you can't see it with Netscape as Netscape does not support the new COM or the new Java scripts. However, that doesn't mean you system is not vunerable via Java attacks, as it is but you just won't be aware that it is happening. When the page downloads to you, the java script is on your system and its part of the original netscape engine.
Dennis
0
kjanxCommented:
thats all bull. i fell for that one years ago. thats actually a pic of your own harddrive, and no one is looking at it or can see it.
nothing to fear.
kj
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

dew_associatesCommented:
kjanx, might I suggest that you do a little more research before you make that kind of statement.

What a little idea of what a hacker can do to identify you when you logon?

Go on line and open your email browser. Now minimize everything and then click Start, Programs, MS-DOS prompt.

Now type NETSTAT -r <Enter>

Netstat can be run from a java enabled script. Now, what can a hacker do with all of this info?

By the way, you may also want to visit or sunscribe to the MS Security Service.
Dennis
0
rayt333Commented:
Dennis
You are a wealth of info
Thanks
Ray
0
rarigoAuthor Commented:
This question was posted here to be discussed not to be answered. But a good answer would be the JavaScript that does that.
0
dew_associatesCommented:
Nope, I don't think so Rarigo! Why would you need the script for? And besides that, to do so would be a violation of the tenets of this site.

You received the advice you requested, and now you just want to discuss it? I don't think so..this site don't work that way. If this is what you wanted, you should have said so without baiting people with 100 points as an offer.

Dennis
0
rarigoAuthor Commented:
Dear Dennis,
  I didn't offer 100 points as you said. Take a better look and you'll see 10 ( ten ) and where did you read that exchange code violates the tenets of this site. Alias, this is the name of this site experts-EXCHANGE. Is it not?

Tchau,
Reginaldo

P.S. if you still want the points ( 10 of them ) propose an answer.

0
dew_associatesCommented:
My error and apology, there are only 10 points.

As for the java code to do as you seek, it could be potentially harmful to a PC user, therefore it is frowned upon at this site to offer such code.

And no, I have no need for the points!
0
rarigoAuthor Commented:
Dear Dennis,
   Now you say 'it could be potentially harmful' and I've asked exactly that. How dangerous can this kinda of site be? Only now, after this, you tell me. What's going on here?
   By the way. When I said this question was posted here to be discussed not be answered I was thinking just that. You and no one need these points but we need the discussion on these matters. Don't you think so?


Tchau,
Reginaldo

P.S.: I have that code.


   
0
dew_associatesCommented:
If you've read my comments above (all of them), and you've been following the MS Java related security issues in the last six months, there's not much room for discussion not is there.
0
rarigoAuthor Commented:
That's the best comment. Netscape is more secure.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.