{"id":112,"date":"2004-12-23T13:33:01","date_gmt":"2004-12-23T18:33:01","guid":{"rendered":""},"modified":"2015-09-14T08:07:43","modified_gmt":"2015-09-14T12:07:43","slug":"security_alert_for_windows_xp","status":"publish","type":"post","link":"http:\/\/pcin.net\/update\/2004\/12\/23\/security_alert_for_windows_xp\/","title":{"rendered":"Security alert for Windows XP"},"content":{"rendered":"<div class=\"entry\">\n<p>From the <a href=\"http:\/\/www.edbott.com\/weblog\/\">Ed Bott &#8211; Ed Bott &#8211; Windows (and Office) Expertise: Security alert for Windows XP<\/a> blog:<\/p>\n<blockquote><p>Here&#8217;s a disturbing report of a <a title=\"Secunia - Internet Explorer Cross-Site Scripting Vulnerability Test\" href=\"http:\/\/secunia.com\/internet_explorer_cross-site_scripting_vulnerability_test\/\">Cross-Site Scripting Vulnerability<\/a> in Internet Explorer, from <a href=\"http:\/\/secunia.com\/\">Secunia<\/a>. Note that installing SP2 alone will not protect you from this problem, although it does offer a useful tool to fix it temporarily.<\/p>\n<p>Clicking the test link on their page opens an IE window that contains their own content, with &#8220;https:\/\/www.paypal.com\/&#8221; displayed in the Address bar and an authentic-looking SSL padlock icon in the status bar. (Clicking the test link in Firefox does nothing.)<\/p>\n<p>This test page, of course, does nothing. But if it were an actual phishing attack, it would be possible for a bad guy to convince you to give up personal information like a password or a credit card number in the mistaken belief you were actually at a Web site belonging to your bank, PayPal, Ebay, or another trusted site.<\/p>\n<p>To protect yourself until a patch is released, do the following.<\/p>\n<ol>\n<li>From Internet Explorer, choose <strong>Tools<\/strong>, <strong>Manage Add-ons<\/strong>. (If you don&#8217;t see this menu choice, you don&#8217;t have SP2 installed, and you have bigger problems!)<\/li>\n<li>Scroll down the list and select <strong>DHTML Edit Control Safe for Scripting for IE5<\/strong>.\n<\/li>\n<li>Click <strong>Disable<\/strong>.\n<\/li>\n<li>Click <strong>OK<\/strong> to close the dialog box, and then restart IE.<\/li>\n<\/ol>\n<p>Even if you normally use Firefox, I recommend that you take this precaution until a patch is available.<\/p>\n<p>If you have an application that needs to use the DHTML Edit control, there&#8217;s a fix that allows this ActiveX control to be used safely, but it&#8217;s too complicated to list the instructions here. Leave a comment if you are in this situation.<\/p>\n<p>If you use an earlier version of Windows, you should disable ActiveX. <\/p><\/blockquote>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>From the Ed Bott &#8211; Ed Bott &#8211; Windows (and Office) Expertise: Security alert for Windows XP blog: Here&#8217;s a disturbing report of a Cross-Site Scripting Vulnerability in Internet Explorer, from Secunia. Note that installing SP2 alone will not protect you from this problem, although it does offer a useful tool to fix it temporarily. &#8230;<\/p>\n","protected":false},"author":1977,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[3],"tags":[],"class_list":{"0":"post-112","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-software-tips","7":"anons"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"http:\/\/pcin.net\/update\/wp-json\/wp\/v2\/posts\/112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/pcin.net\/update\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pcin.net\/update\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pcin.net\/update\/wp-json\/wp\/v2\/users\/1977"}],"replies":[{"embeddable":true,"href":"http:\/\/pcin.net\/update\/wp-json\/wp\/v2\/comments?post=112"}],"version-history":[{"count":0,"href":"http:\/\/pcin.net\/update\/wp-json\/wp\/v2\/posts\/112\/revisions"}],"wp:attachment":[{"href":"http:\/\/pcin.net\/update\/wp-json\/wp\/v2\/media?parent=112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pcin.net\/update\/wp-json\/wp\/v2\/categories?post=112"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pcin.net\/update\/wp-json\/wp\/v2\/tags?post=112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}