In a follow-up to my earlier post, this problem is now going mainstream news.  See;

• Internet Explorer security alert
• Another wave of attacks target Internet Explorer

Conger Eel in a Hole

Apparently, 10,000 websites have now been hacked and are ready and waiting (like conger eels in a hole or praying mantises on a twig), to nick all the personal details from passing suckers.  This website, shadowserver, is maintaining some sort of a list.  A lot of it is Baidu, the main Chinese search engine and a prime aggregator of links to deeply hidden copyrighted material.

It does make me wonder if Baidu put the code on their own sites to trap the copyright-thieving suckers.  There’s some sort of irony in that thought.

For the sake of completeness, I’ll repeat Microsoft’s workaround below, that the ordinary computer user is supposed to do to effect some sort of a remedy.  If you insist on using IE7, then you’d better do this.  An easier solution is to use Firefox or Opera and then ask Microsoft to pay you for fixing their software.  After all, when you call Joe the plumber, you expect him to actually do the work – not the other way round.

What Do I Do?

I don’t use IE7 or any flavour.  In fact, even though the majority of web users use IE I don’t design my sites for it.  If it works in IE, that’s good.  But otherwise, I’m not bothered.  I don’t want visitors who don’t care about their personal safety.  It’s Microsoft software.  It’s their job to make their software secure and standards compliant.  If they can’t be bothered then why should I?  If more people took this attitude, I’m sure M$ would do something about it.

This is Microsoft’s Primary Workaround (not a fix, mind you!) to the Problem, from here.  There are others as well, but life’s too short…

Disable XML Island functionality

Use the following registry file to delete the XML Island key:

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]

Note For Windows Vista and Windows Server 2008 only, take ownership of [HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}] first, as follows:

1. Run Regedit as Admin

2. Go to [HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]

3. Click Permission, then Advanced, then Owner

4. Change Owner to Administrator

5. Click Grant Full Control to Administrator

6. Then iterate for all subkeys

For other operating systems, no extra action is needed.

Impact of workaround: Embedded XML in HTML may not render correctly.

How to undo the workaround

Use the following registry file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]

@=”MsxmlIsland”

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InProcServer32]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
78,00,6d,00,6c,00,33,00,2e,00,64,00,6c,00,6c,00,00,00

“ThreadingModel”=”Apartment”

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\TypeLib]

@=”{D63E0CE2-A0A2-11D0-9C02-00C04FC99C8E}”

Amazon Related:

Internet - The Cyberian Connection - A Beginner's Guide [VHS] [1994]

Greeting Card Factory Deluxe 7 (PC CD)

• Riverbend Golf Club, Madera, CA Riverbend Golf Club is located in Madera, CA Phone: 559-432-3020 Website: http://www.riverbendgolf.com Course History: This is a private course that...
• Alternative Income Streams Progress - January 2007 This is the fifth installment tracking of my alternative income streams plan and progress. It appears my income streams have...

Related Posts by Tags

• The Problem with Microsoft and Oledb32.dll (1)
• Google Security to Crawling Chaos and Morals (5)
• Even More on Baer Bank versus Common Decency/Law/Sense (WikiLeaks) (0)