In a follow-up to my earlier post, this problem is now going mainstream news. See;
Apparently, 10,000 websites have now been hacked and are ready and waiting (like conger eels in a hole or praying mantises on a twig), to nick all the personal details from passing suckers. This website, shadowserver, is maintaining some sort of a list. A lot of it is Baidu, the main Chinese search engine and a prime aggregator of links to deeply hidden copyrighted material.
It does make me wonder if Baidu put the code on their own sites to trap the copyright-thieving suckers. There’s some sort of irony in that thought.
For the sake of completeness, I’ll repeat Microsoft’s workaround below, that the ordinary computer user is supposed to do to effect some sort of a remedy. If you insist on using IE7, then you’d better do this. An easier solution is to use Firefox or Opera and then ask Microsoft to pay you for fixing their software. After all, when you call Joe the plumber, you expect him to actually do the work – not the other way round.
What Do I Do?
I don’t use IE7 or any flavour. In fact, even though the majority of web users use IE I don’t design my sites for it. If it works in IE, that’s good. But otherwise, I’m not bothered. I don’t want visitors who don’t care about their personal safety. It’s Microsoft software. It’s their job to make their software secure and standards compliant. If they can’t be bothered then why should I? If more people took this attitude, I’m sure M$ would do something about it.
This is Microsoft’s Primary Workaround (not a fix, mind you!) to the Problem, from here. There are others as well, but life’s too short…
Disable XML Island functionality
Use the following registry file to delete the XML Island key:
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]
Note For Windows Vista and Windows Server 2008 only, take ownership of [HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}] first, as follows:
1. Run Regedit as Admin
2. Go to [HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]
3. Click Permission, then Advanced, then Owner
4. Change Owner to Administrator
5. Click Grant Full Control to Administrator
6. Then iterate for all subkeys
For other operating systems, no extra action is needed.
Impact of workaround: Embedded XML in HTML may not render correctly.
How to undo the workaround
Use the following registry file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]
@=”MsxmlIsland”
[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
78,00,6d,00,6c,00,33,00,2e,00,64,00,6c,00,6c,00,00,00“ThreadingModel”=”Apartment”
[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\TypeLib]
@=”{D63E0CE2-A0A2-11D0-9C02-00C04FC99C8E}”
Leave a Reply
You must be logged in to post a comment.