Browser Security Pack

[Kye-U]

Updated File on July 6th, 2004 - 1:20 AM EST

http://prxbx.com/forums/index.ph...topic=131&st=0#

BTW, ProxRocks, do the attachments work for you now?

[ProxRocks]

Eureka!!! Yes, it works...

Gracias...
Merci...
Ringraziarlo...
Vielen Dank...
Obrigado...
Mange takk...
Спасибо...
Dank u...
Ankthay youay...

[Kye-U]

ProxRocks Wrote:Eureka!!!  Yes, it works...

http://prxbx.com/forums/index.ph...opic=131&st=15#

It was a mistake I made when I was setting up the forums. I didn't bother to read the top of the Attachment protection readme <_<

[ProxRocks]

Glad that it's fixed - 'cause there is no way in H311 that you are going to turn me into a Firefox user...

If you've ever looked at Sleipnir and its MASSIVE number of FEATURES that is completely VOID in "the dead fox", then you're sure to understand where I'm coming from...


And if you've followed my rants, you know very well my opinions on "security" and how IE is no 'less' secure than "the dead fox"...

[Kye-U]

Last Updated: July 6, 2004 - 2:47 PM EST

Added http://www.greymagic.com/security/advisories/gm011-ie/ (AKA IE D-Day Exploit)

[Ralph]

Hey Kye-U , Thanks ; your new filter set is incredible ! The Proxo community , I am sure , is grateful for your work and dedication . BTW , I noted that you posted it at 4:52 am on Yahoo . Did you get any sleep or did you work on it all night ?

[Kye-U]

Ralph Wrote:Hey Kye-U , Thanks ;&nbsp; your new filter set is incredible ! The Proxo community , I am sure , is grateful for your work and dedication . BTW , I noted that you posted it at 4:52 am on Yahoo . Did you get any sleep or did you work on it all night ?&nbsp;

Thanks you! I hope the Proxomitron community is

Yes, I worked all night (you could say) until the sun came up, around 6. It was hard to sleep since it was so bright. I had to smother my face into my blanket and pillow <_<

[Ralph]

I came across this neat site on another board ( AumHA) : http://bcheck.scanit.be/bcheck/sid-316bd3e...24ec2b8b1ef863/ which tests your security . I came up perfect ! Take a look at it if you get a chance .

[Siamesecat]

Thanks muchly for the explanations, people. I have another question about the filter set. Some of the replacements include an alert and an anchor, others have an alert and a bold text message, others a comment, etc. Was this intended to be an index of severity for the effects of the exploits? Is the alert and anchor the most severe, and lacking an alert the least severe?

[Kye-U]

Siamesecat Wrote:Was this intended to be an index of severity for the effects of the exploits? Is the alert and anchor the most severe, and lacking an alert the least severe?

Nope, it doesn't.

I have now made them all Bolded. (With 1 or 2 missing the Alert feature.)

Updated: July 6, 2004 - 8:57 PM EST

http://prxbx.com/forums/index.ph...topic=131&st=0#

[Siamesecat]

Code:

Name = "IE: Object Data Exploit [Kye-U]"
Replace = "<strong>[IE Object Data Exploit Removed]</a></strong>"

You left a stray end anchor tag in the replacement.

[sidki3003]

Ralph Wrote:I came across this neat site on another board ( AumHA) : http://bcheck.scanit.be/bcheck/sid-316bd3e...24ec2b8b1ef863/ ...

This is a very good link - it uses interesting methods and is a great test site, thanks!

sidki

[Kye-U]

Siamesecat Wrote:You left a stray end anchor tag in the replacement.

Thanks

Updated!

[Jaded_Goth]

Kye-U Wrote:The one on "Webhelper4u" is an actual Help Exploit link.

WOW! Fancy that!

Does the webmaster at webhelp4u know about the problem?Poor chap.

I am paying close attention to the coding issues described here.Believe me,I am endeavouring to learn and not be a dumb-***.

FYI,here's a screenshot of a different alert triggered today.Again,whilst browsing cexx.org.Upon reflection,I wouldn't actually term it a "false positive".The fact is,if I were to accidentally click on an html link within an HijackThis! log,I would most certainly be in trouble.

It is from the previous config,mind.I notice you've updated it again,Kye-U.Boy,do you work hard!

BTW,to be specific,I'm running the I.E. filter pack merged with the Sidki config.The alerts are the same regardless of whether I browse with Mozilla or I.E.I feel quite happy testing the configs with this in mind.


Thank you!

[Kye-U]

Jaded_Goth Wrote:FYI,here's a screenshot of a different alert triggered today.

I'm running the I.E. filter pack merged with the Sidki config.

Quote:O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - WARNING: Hcp:// link found!

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - WARNING: Hcp:// link found!

I wouldn't worry about those I think that in a way they're real, but they're not a threat.

Quote:hcp://system/RunExeActiveX.CAB

hcp://system/StartFirstControl.CAB

I'm also using Sidki's config with the pack [lol]