No you won't be "A-OK" 1 + 2, One might just as well install a keylogger and get the passwords that way 3 doesn't do you any good, you can just have a trojan connect to a server running on port 80 instead of having the attacker connect to you. and it does nothing for you if someone wants to wipe your HD 4. trivially to circumvent most of the time it recognizes POC code but change it a bit and it wont get picked up 5. Currently we have the highly unusual situation that there are not one but two unpatched security issues in IE that will allow remote code execution and which are *EXTREMLY* easy to exploit and infact are actively beeing exploited. I've been staring at my own code at least twice these weeks (some scum trying to install a dialer) There simply isn't a patch available that you can apply, for both these issues there are workarounds though (reghacks), so applying these is probably your best bet. Or you could *despite the fact that I hate to promote a product from a company that thinks its ok to sue someone for giving their product a bad review* use finjan's surfingguard which does seem to block a lot of attacks proactivly --jelmer On Wednesday 24 September 2003 20:59, DarkKnight wrote: > In-Reply-To: <3F7077FE.70303@uniontown.com> > > That method of stealing was taken from my website, "counter" is used to > trick users into thinking that the script is just for a counter, but in > reality it is just the object vulnerability. Anyways, AIM will do nothing > to fix this. Why? Because it is not a vulnerability within AIM, nor is it > really there problem. Prevention- > > > > 1. Do not save passwords > > 2. Delete registry data (only if you use test buddy [staff aim], the > passwords are in plain text) > > 3. Get a firewall > > 4. Update/Get a Virus Scanner > > 5. Get an IE patch > > > > Do the above and you will be A-Okay, AIM-wise and all around security wise. > > > > - DarkKnight (of http://www.insecureonline.com)