so... is that URL you posted a key stealer, or the article telling us not to click on unknown URLs? ;) Two DBAs walking down the street late at night, hearing footsteps on the cobblestone behind them. First DBA: "I hope that guy isn't going to mug me." Other DBA: "Don't worry, I'm sure he's after me." -- You're not paranoid if the world really is out to get you. mwf -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Chip Sent: Wednesday, June 30, 2004 9:06 AM To: oracle-l@xxxxxxxxxxxxx Subject: OT - Beware of Internet Explorer Wow, opening a gif file can install a key logger and password stealer: http://news.com.com/Pop-up+program+reads+keystrokes%2C+steals+passwords/2100 -7349_3-5251981.html Beware of IE: The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser. On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of ''significant vulnerabilities'' in technologies embedded in IE. ''There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME-type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites,'' US-CERT noted in a vulnerability note. US-CERT is a non-profit partnership between the Department of Homeland Security (DHS) and the public and private sectors. US-CERT researchers say the IE browser does not adequately validate the security context of a frame that has been redirected by a Web server. It opens the door for an attacker to exploit the flaw by executing script in different security domains. Surfers must also get into the habit of not clicking on unsolicited URLs from e-mail, instant messages, Web forums or internet relay chat (IRC) sessions. (Datamation 06/29/04) Have Fun :) ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at //www.freelists.org/archives/oracle-l/ FAQ is at //www.freelists.org/help/fom-serve/cache/1.html ----------------------------------------------------------------- ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at //www.freelists.org/archives/oracle-l/ FAQ is at //www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------