Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Update on Internet Explorer Exploit in the wild

If you use Internet Explorer to browse the web, I'd suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It …

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

If you use Internet Explorer to browse the web, I'd suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It seems that in spite of Microsoft's infinite wisdom that "Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site".... the reality is that legitimate sites have been hacked and the malicious code has been added. (Over 200 legit sites...)


Good details on this come from The security fix. The available options seem to be 1) disable active scripting (some sites may not work after this unless you add them to trusted sites...) 2) download IE7 beta2 preview (unstable beta browser?) 3) USE ANOTHER BROWSER. I would highly recommend option 3 and/or option 1, in that order.... The most popular rendition of this exploit seems to be dropping software that's collecting private information.

Hopefully there will be an out of cycle patch for this, but from Microsoft's official releases, it doesn't seem they see it as a big problem "an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site"

If you're interested in more details in what's getting collected... Sans has a page analyzing some of what's being snatched.

Be cautious....