[Dshield] Online graphical traceroute...

Jim Tagart Jim.Tagart at bellcold.com
Fri Mar 8 16:31:39 GMT 2002


	>>Unfortunately this site flips the bird at Linux users...

	>>You might want to see what programs/ActiveX goodies/etc. this site
	>>installs on your computer.

	>>-- 
	>>John Hardin
<johnh at aproposretail.com>

Shoot, good point John, it does require the Java VM and amazingly enough
Microsoft last Monday announced another -new- security flaw in IE.  Here's
from Panda Software's newsletter yesterday ---

             "It is the province of knowledge to speak,
            and it is the privilege of wisdom to listen".
    Oliver Wendell Holmes, Sr. (1809-94); U.S. writer, physician.
         		
                    - Patch for Microsoft VM -
     Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 7 2002 -- Microsoft has released a new version of Java Virtual
Machine for Win32 systems to correct a serious vulnerability. The problem,
which affects versions 3802 and earlier, can affect those using a proxy
server along with Internet Explorer to connect to the Internet.

A malicious Java applet could exploit this flaw to re-direct web traffic
once it has left the proxy server to a destination of the attacker's choice.
The attacker could carry out actions which could include accessing
confidential information (user names and passwords).

In order to know if there is an affected version of virtual machine
installed on a computer, open a DOS session and execute the command JVIEW
(C:\WINDOWS>jview). The version information will be at the right of the top
line, and has the following format: "5.00.xxxx", where "xxxx" is the build
number. For example, if the version number is 5.00.1234, you have build
number 1234.

The latest available version of Virtual Machine, which is not affected by
the problem is 3805 and can be downloaded from:
http://www.microsoft.com/java/vm/dl_vm40.htm

More information at:
http://www.microsoft.com/technet/security/bulletin/MS02-013.asp






More information about the list mailing list