[Dshield] QHOSTS-1 Trojan & MSIE6 Vulnerability

warpmedia warpmedia at comcast.net
Fri Oct 3 18:33:37 GMT 2003

http://www.utils32.com/adiefiltr.asp is what I've been playing with and 
does what is needed. It can flip a site into a JS enable zone and let you 
block popups, etc... then "reset" it back to restricted. I just find $20 a 
bit much for what should be a M$ supplied control

M$ did supply a IE add-in that did allow adding to Trusted or Restricted, 
no source, no MSDN example, etc... it all comes down to registry entries.

At 10:13 10/3/2003, Tom Liston wrote:
>To the best of my knowledge, there is no third-party add-in that allows JS
>to be turned on and off easily.  I looked into writing one, but I'm not
>even sure it is possible.  Changing stuff in the registry on the fly
>doesn't seem to work, because IE doesn't check the registry each time
>before it attempts to run JS code...  only on start up.
>Poor, poor, POOR interface design...
>- -TL
>On 2 Oct 2003 at 22:13, warpmedia wrote:
> > Yet again proof that JS & ActiveX should be considered unsafe for general
> > browsing and that M$ not catching bugs properly ought to add a zone
> > management to the IE taskbar, distribute appropriate .reg patches to add
> > security zones that enable JS & ActiveX (separately, granular), and set IE
> > to restricted zone by default. Usability of windows update be damned.
>- ---- >8 ---- Snip!

Joshua MacCraw
warpmedia at comcast.net

More information about the list mailing list