[gui-talk] does anyone know about this

Tue Apr 29 21:19:49 UTC 2014

Here's more which I will summarize; it's from
http://www.pcpro.co.uk/news/security/388390/ie-bug-leaves-quarter-of-web-use
rs-vulnerable/email

Read the comments. The bug is in Flash. And apparently Adobe has released a
fix.

If you read the explanation, it's very detailed and the notification of the
fix comes from the author of the original article.

Mike

-----Original Message-----
From: gui-talk [mailto:gui-talk-bounces at nfbnet.org] On Behalf Of Mike
Freeman
Sent: Tuesday, April 29, 2014 1:58 PM
To: 'Discussion of the Graphical User Interface, GUI Talk Mailing List'
Subject: Re: [gui-talk] does anyone know about this

<http://www.usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homelan
d>
http://www.usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homeland

-security-clandestine-fox/8409857/

Mike

-----Original Message-----

From: gui-talk [ <mailto:gui-talk-bounces at nfbnet.org>
mailto:gui-talk-bounces at nfbnet.org] On Behalf Of Gregory D.

Rosenberg

Sent: Tuesday, April 29, 2014 1:23 PM

To: Discussion of the Graphical User Interface, GUI Talk Mailing List

Subject: Re: [gui-talk] does anyone know about this

Mike,

Do you have a reverse-engineered copy of the exploit or can you please site
your source. My understanding from all I have read is that Flash was just
one such vector.

On Apr 28, 2014, at 22:15 CDT, Mike Freeman < <mailto:k7uij at panix.com>
k7uij at panix.com> wrote:

> If you disable the Flash plugin for Internet Explorer, the hack won't 

> work as it employs a corrupted Flash file to accomplish its evil.

> 

> Mike

> 

> 

> -----Original Message-----

> From: gui-talk [ <mailto:gui-talk-bounces at nfbnet.org>
mailto:gui-talk-bounces at nfbnet.org] On Behalf Of 

> Gregory

D.

> Rosenberg

> Sent: Monday, April 28, 2014 7:35 PM

> To: Discussion of the Graphical User Interface, GUI Talk Mailing List

> Cc: NFB of Illinois Mailing List

> Subject: Re: [gui-talk] does anyone know about this

> 

> Rob,

> 

> 1) In layman's terms. Stop using Internet Explorer and switch to 

> Chrome, Firefox, or Safari.

> 

> Researchers at security company FireEye have found a flaw in Internet 

> Explorer that could let hackers easily slip a virus on to your computer.

> This also opens the doors for criminals. 

> 

> This flaw is present in every version of Internet Explorer stretching 

> back more than a decade. Version 6.0 through the latest IE 

> incarnation. The Internet Explorer browser is vulnerable on all versions
of Windows.

> 

> The bug is a drive-by hack; all you have to do is visit a website that 

> hackers have hijacked or modified and you're infected.

> 

> There is no permanent fix and Microsoft is still researching the problem.

> Microsoft advises using another browser until they fix this issue. 

> 

> This will potentially be a serious impact for those with no vision at all.

> If they have to learn their way around a different browser.

> 

> 2) For those more technical.

> 

> US-CERT is aware of active exploitation of a use-after-free 

> vulnerability

in

> Microsoft Internet Explorer. This vulnerability affects IE versions 6 

> through 11 and could allow unauthorized remote code execution.

> US-CERT recommends that users and administrators review Microsoft 

> Security Advisory 2963983 for mitigation actions and workarounds. 

> Those who cannot follow Microsoft's recommendations, such as Windows 

> XP users, may consider employing an alternate browser.

> For more details, please see VU#222929.

> 

> 3) For further reading:

> 

> 

<http://blogs.technet.com/b/msrc/archive/2014/04/26/microsoft-releases-secur
i>
http://blogs.technet.com/b/msrc/archive/2014/04/26/microsoft-releases-securi

> ty-advisory.aspx

> 

> 

<http://www.infoworld.com/t/microsoft-windows/us-cert-and-kb-2963983-dont-us
e>
http://www.infoworld.com/t/microsoft-windows/us-cert-and-kb-2963983-dont-use

> -drive-enabled-internet-explorer-241467

> 

> 

> 

> 

> 

> On Apr 28, 2014, at 20:53 CDT, Rob Kaiser <
<mailto:rcubfank at sbcglobal.net> rcubfank at sbcglobal.net> wrote:

> 

>> I just heard on the news that there is a security issue with internet

> explorer. 

>> 

>> I heard that Microsoft is advising that people use a differnet 

>> different

> web browser. 

>> 

>> Does anyone know the particulars on this?

>> 

>> Thanks. 

>> 

>> _______________________________________________

>> gui-talk mailing list

>>  <mailto:gui-talk at nfbnet.org> gui-talk at nfbnet.org

>>  <http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org>
http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org

>> To unsubscribe, change your list options or get your account info for

> gui-talk:

>>  <http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/gregg%40ricis.c>
http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/gregg%40ricis.c

>> om

> 

> 

> 

> P.S. Text the word BLIND to 85944 to donate $10 to the NFB Imagination

Fund

> via your phone bill.

> 

> The National Federation of the Blind knows that blindness is not the 

> characteristic that defines you or your future. Every day we raise the 

> expectations of blind people, because low expectations create 

> obstacles between blind people and our dreams. You can have the life 

> you want; blindness is not what holds you back.

> 

> --

> 73' & 75'

> Gregory D. Rosenberg AB9MZ

>  <mailto:gregg at ricis.com> gregg at ricis.com

> 

> RICIS, Inc.

> 7849 Bristol Park Drive

> Tinley Park, IL 60477-4594

>  <http://www.ricis.com> http://www.ricis.com

> 

> 708-267-6664 Cell

> 708-444-2690 Office

> 708-444-1115 Fax

> (Please call before sending a fax)

> 

> 

> 

> 

> NOTICE: This e-mail message and all attachments transmitted with it 

> are intended solely for the use of the addressee and may contain 

> legally privileged and confidential information. If the reader of this 

> message is not the intended recipient, or an employee or agent 

> responsible for delivering this message to the intended recipient, you 

> are hereby notified that any dissemination, distribution, copying, or 

> other use of this

message

> or its attachments is strictly prohibited. If you have received this

message

> in error, please notify the sender immediately by replying to this 

> message and please delete it from your computer.

> 

> 

> _______________________________________________

> gui-talk mailing list

>  <mailto:gui-talk at nfbnet.org> gui-talk at nfbnet.org

>  <http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org>
http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org

> To unsubscribe, change your list options or get your account info for

> gui-talk:

>  <http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/k7uij%40panix.co>
http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/k7uij%40panix.co

> m

> 

> 

> _______________________________________________

> gui-talk mailing list

>  <mailto:gui-talk at nfbnet.org> gui-talk at nfbnet.org

>  <http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org>
http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org

> To unsubscribe, change your list options or get your account info for

gui-talk:

>  <http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/gregg%40ricis.co>
http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/gregg%40ricis.co

> m

P.S. Text the word BLIND to 85944 to donate $10 to the NFB Imagination Fund
via your phone bill.

The National Federation of the Blind knows that blindness is not the
characteristic that defines you or your future. Every day we raise the
expectations of blind people, because low expectations create obstacles
between blind people and our dreams. You can have the life you want;
blindness is not what holds you back. 

--

73' & 75'

Gregory D. Rosenberg AB9MZ

 <mailto:gregg at ricis.com> gregg at ricis.com

RICIS, Inc.

7849 Bristol Park Drive

Tinley Park, IL 60477-4594

 <http://www.ricis.com> http://www.ricis.com

708-267-6664 Cell

708-444-2690 Office

708-444-1115 Fax

(Please call before sending a fax)

NOTICE: This e-mail message and all attachments transmitted with it are
intended solely for the use of the addressee and may contain legally
privileged and confidential information. If the reader of this message is
not the intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby notified
that any dissemination, distribution, copying, or other use of this message
or its attachments is strictly prohibited. If you have received this message
in error, please notify the sender immediately by replying to this message
and please delete it from your computer.

_______________________________________________

gui-talk mailing list

 <mailto:gui-talk at nfbnet.org> gui-talk at nfbnet.org

 <http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org>
http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org

To unsubscribe, change your list options or get your account info for

gui-talk:

 <http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/k7uij%40panix.com>
http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/k7uij%40panix.com

_______________________________________________

gui-talk mailing list

 <mailto:gui-talk at nfbnet.org> gui-talk at nfbnet.org

 <http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org>
http://nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org

To unsubscribe, change your list options or get your account info for
gui-talk:

 <http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/k7uij%40panix.com>
http://nfbnet.org/mailman/options/gui-talk_nfbnet.org/k7uij%40panix.com