There is a security vulnerability with IE6 on Win2K machines that allow code to be run when using the back button. Until a patch is issued by Microsoft, who claims this is not a major vulnerability, I have removed all IE6 and standardized on IE5.5 throughout our domain, refusing the upgrade. I see no point for the upgrade as it also has caused Error Reporting problems in the pdm.dll files on our nodes. Unless you don't mind having your data compromised, don't upgrade your network to IE6.
Adam Roof Network Security Administrator First Bank Of Beverly Hills mailto:[EMAIL PROTECTED] NOTE: The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee(s). Access to this e-mail by anyone other than the recipient is unauthorized. If you are not the intended recipient, any disclosure, reproduction, distribution, or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 6:16 PM To: [EMAIL PROTECTED] Subject: IE 5.5 security All, I've been asked by my teacher to upgrade all the lab Win2k pcs from IE 5.5 to IE6. All the nodes plug into a switch that plugs into a Cisco 3640 that uses nat to talk to the Internet. Prior to upgrading ro IE 6, I noticed that IE 5.5 submits the data to a local port before accessing the remote destination. There are no proxy servers running on the network and tools such as insider say that the port in question is being binded and owned by IE itself. The Tools=>Options=>Connection menu shows no proxies are configured. Normal process: IE opens a connection on a random high port and then connects to port 80 of destination i.e.localhost:1214 to www.abc.com:80 Prcoess on my lab pcs: IE opens a connection on a random high port =>to a random static high end port on the localhost and then connects to port 80 of destination i.e.localhost:1214 => localhost:1033=>to www.abc.com:80 The port 1033 will remain valid until the browser is closed. All subsequent http or https sessions from the browser or any type of connection all go to port 1033 prior to reaching the Internet. This behavior is similar to a proxy. The port 1033 is random. IE 5.5 assigns a different random static port for this proxy behavior every time it starts up. Telneting to this static port produces nothing so I don't really know why ie has this port on. Now if I were to use ie 6 on another box or an upgraded box, then this proxy behavior goes away. It behaves like a normal app by opening a random high port to connect to the Internet. My question is what is so different with IE 5.5 that it has this proxy like behavior whereas in IE6 it doesn't and behaves like a normal app. I know my machine has not been hacked because I even reinstalled a Win2k machine from scratch using IE 5.5 and it still exhibits the same proxy behavior. Any help would be appreciated. Please write back. Thanks. Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
