Aaaalllrighty, guys. Do we really need to argue over which browser is better, whose blog should be read every night before bedtime, or what's going to be done when an admin gets online...?

Let's just take a big breath, relax, and go do something else for a while. No need to bicker back and forth over this stuff.

Wow, someone was abused by a blog in a past life...

I think it's safe to assume that since so many people are getting this message, it's almost definatly on the GMC end and not a client side problem. I don't get the messages, but maybe thats because I don't have any form of virus/badware protection.


IE is designed for use by anyone. If there are doubts, you and I can decide what the risks are, if there are in fact any, and whether it's worth the risk. Not everyone understands all those kind of things. For example, the other day my father was on the internet when a window popped up and asked if he would like to scan the computer for viruses. He thought that sounded like a good idea, and hit OK. Turns out it wasn't a good idea, and it took me wuite a while to get it to boot windows again... One of my friends has their mothers browser set up so she can only go to certain websites (such as email and a trusted game site). Not everyone can judge the risks like you and I, and thats why "if in doubt, stay out" is a system that works for them.

@uuf6429: The cchome problem is because they used an old version of webkit (the same used in safari 3.1 I think). The flaw was corrected in version 3.1.2, so it should only be a matter of time before google fixes that.

Yea as soon I updated my avast virus scanner, i got a "malware" from gmc the next thing i clicked on, im guessing the latest avast definitions has a false positive or something.

I use the latest version of firefox 2 whatever that is if it helps.

Sorry guys but I'm fed up trying to explain this thing.

Go to a topic about google chrome.



Thats a good point, but most people use one of three anti-virus' and the manufacturers share the same info on whats a virus and what isn't.
But im not saying your wrong, its just odd that nod32 which is notoriously annoying to work around for its insane security measures has no problem, even with this whole 'threatsense'


Nothing against blogs, but they aren't anything special, and they are never a reliable source of information in any form.
This is just my opinion but they really have no place in a topic discussing facts.

I think there isnt much point discussing this further until someone who knows what the problem is comes forward and tells us, otherwise we are all chasing our tails.

People has been talking about how secure it is.

I just showed how people tend to become blatantly stupid.

So you think because one program doesn't recognise the virus, the others that do should be ignored? Unless its just not in the nod32 virus database, it may be a difference of opinion as to what is a threat.

A blog is about as reliable as word of mouth. But that doesn't mean it's wrong, especially when proof is offered.
Also, some of us read the blogs for the enterainment, and occasinally learn a thing or two when there are facts.


I need the exercise.

DarkFlame, either you are an idiot or you didn't read any of these posts.

We know where there is the problem (at least I do). In fact I'm trying to fix it now .

But in any case usually it's the webmaster/admins' job to fix such a thing not a whitehat .

No i dont think that, im saying that an anti-virus which goes over board in protection, to the extent of closing msn if i leave a window untended, has found no problems.



Its less reliable, first reason is its easier to lie to a bunch of people you dont know or have to see face to face.
Secondly because the information is usually from another blog. And really, why are we talking about blogs?



Get an exercycle

Im leaving this topic now and will probably check back only to see the outcome, so please do not direct any comments to me

QUICK EDIT FIRST:


I like how you call me an idiot, and infact alot of people idiots, when none of them have actually said anything wrong. Perhaps you are an idiot because you are shooting your mouth off like we should all be praising you?

I read a post of yours that was about google chrome, but its nothing to do with the problem that is at hand.



[sarcasm]Wow thats so smart of you, i wish i could be like you some day[/sarcasm]

In that case its more likely its missing from the virus database.

Its hard to lie when you have proof about what you're pushing. And I doubt many bloggers intentionally lie.

Can't afford it. Chasing tails is cheaper.

I'm the boss of me

Some people around here can do what I'm trying to do.
Others show of their knowledge on how certain sites pick up quickly reports about malware.
While the majority of the others try to show of their intelligence by being ignorant.

If only you checked who found about this problem and our starting discussion on how it would be fixed, you'd be less sceptic.

@uuf6429: You obviously don't get how browser security works. Whether or not a particular browser can view the iFrame or not, it depends on the browser's security holes. It's like what you posted about Chrome, some browsers have some security problems others don't. This uses an ActiveX control, which is only supported in IE, so there is reason to believe it is only a problem in IE. However because there is also something to do with Java, it could easily still be a problem with other browsers. Also, calm down.

Absolutely not true.
An iframe can't be "insecure" other wise, you can't login gmail or GA (because it uses an iframe) or see certain sites.
For example, some sites use Iframes as index/page such as phpmyadmin or the online MSDN another example is several CMS and web panels like cPanel and Parallels.
And no, this particular hack isn't just one.
On firefox it tries crashing it with various tachniques or using a jar file (which work for all browsers).
As I said, ActiveX is just a part of all the hacks.
You'd be a complete idiot to believe a browser is secure as long as it's not IE.
No browser is 100% secure.

My suggestion is never trust a browser which says it's highly secure (unless it is verified).

Also, I've been using IE most of the time, without ever being infected. For the simple reason that I use common sense and not accepting anything that pops up.

won't this forum just fix the problems instead of all user searching for new browsers?
i guess it could easily be solved by the programer's of the forum.
im using a proxy server now but normally i used the newest firefox.

Problem is the only people with access to the source code aren't online. That's what we are all waiting for.

Jumpey - Also, your point doesn't make sense.

If iframes are insecure, why not just remove them? What makes a browser determine if an iframe is good or bad?
It's just as if you entered a url in the address bar. How does the browser know if it's good or not?
If iframes where bad, they would have been pulled out from browsers, but in fact they are not.

The thing is, it isn't an iFrame issue, the iFrame is just a tool to use the virus. The virus is what can be 'insecure', if you know what I mean. I know that browsers other than IE are also insecure, just in different ways. I love IE, I use it every day.

So what is your point?!

If I found the exploit, I found where it is - that is, from the actual code, I wrote two reports about it one to YYG and one to Google, does that automatically make me ignorant on how browsers work?
I would rather say the opposite.

Also, you are incorrect there.
The virus is not in the iframe; the iframe leads to three others.
Last I checked, one of them was empty, another had the virus/hacks in a lot of obfuscated javascript (of course I do know how to change it back) and the last one had some XSS exploits which can be exploited from any browser.
The only difference with IE is the hack with ActiveX. But I can't see why people pick on IE when other browsers are just as insecure.
And by the way, all of this ActiveX stuff is nonesense. If you'd been anywhere near developing browser plugins, you'll find that ActiveX can be run just as well in browsers like firefox.

I wouldn't count on any particular browser being completely safe. I normally use Firefox, and was playing with Chrome. Unfortunately, Firefox's warning seems to break certain forum tools for me, such as an IP search. Chrome is worse, as any search I attempt with it always seems to trigger flood control. Eventually, I ended up using Opera last night as it was the only browser I could actually moderate with. Note that all that time, while I received browser warnings, there was no antivirus warnings triggered. Also, a full scan last night came up fine.

This morning though, I received one as soon as I came here, with Opera, now quarantined. In a case like this, I think it's security settings that are more relevant than what browser is actually used.

My point is that, this is wrong:



Because the iFrames aren't the problem. We don't really know what browsers are effected by this, do you want to give it a try? I don't think so.


Trust me I know, I tell people that all the time.

Can you please just try and read the other posts?
As I said, most browsers are suspectible to attacks include:
Internet Explorer, Firefox, Opera, Safari, Chrome...
Please note that some browsers can block the attack including IE Firefox and Chrome.
Also please change that "we" to "I". Seriously you can't expect everyone not to read anything but just write up things like you do?!

As t3mp3st said, it is a matter of configuration not browser.

No I don't.
So you know that a browser is completely safe, but you don't know a thing about web coding?
Then you must be a genius! Or the opposite... Fair is fair.

I wasn't talking about the other posts in that situation, you're the one that keeps bringing that up over and over. Simply iFrames are not the virus, got that right? So let's move on already.



That is completely wrong, Firefox does not support ActiveX natively.


What? I wasn't directing that at you. And I know browser security. They all have security holes, just different ones. And I am a website developer, with XHTML, CSS, JavaScript, PHP, MySQL and SQLite. I also use C++ and GML, but enough about qualifications. Anyway, look in my sig, see that userbar, I'm a moderator there. That's where we discuss things like this. We also discuss them at 110mb, I know this stuff and as far as I can see, you basically agree with me, so I don't get what the problem is.

Didn't you say you don't know where is the problem?
I outlined it exactly.
Thanks for repeating my words! That's very usefull!
I know where's the problem you said it is because of the iframe - I outlined where the iframe leads to rather "then it's the virus" as you said.

It does not do that natively. But there are a lot of quirks to do that.
In fact I know about 3 of them, one of which is my own proud invention. This sort of thing can be done:
-Using one of the several IE extensions (IE render/IE tab)
-Overriding buffers to make the browser execute binary code
-Using java jars to run system dlls, executables and of course even activex.

Great. Sorry, got that wrongly.

Me either. But rather then a discussion forum, I discuss facts with wildlist.org and some other advisory organizations .

Just got an email back!

It seems the guys at Yoyo are trying to fix this. Horay!
Let's cheer them up!!

Yeah, but I said it first.


I never said that the iFrame was the virus. Either you have me mixed up with someone else, or you have to reread my posts. I have been saying the opposite of that since the start.


I was only saying that as an example, and most people probably don't have that add-on. By the way, thanks for repeating what I said, lol.

Said what? I never mentioned that sort of thing!
I've been saying how it exactly is and people keep saying I'm inventing stuff!
If you don't want to believe me, check it yourself!
I never said the iframe is a virus - I've been saying this from the start! I said the iframe leads to a virus.

So why did you say:
-You have no idea where there is the problem
-You have no idea which browsers are affected
You're just manipulating what I keep saying to your needs!

ARE YOU DUMB ARE WHAT?! A virus maker uses the working "exceptions" or "quirks".
The point is, this can be done, period.

I'm beginning to think you don't understand English very well, either that or you read too fast. Because everything you said in your previous post was misinterpreting what I said.


What? I said I said it first, not you said it first. And I wasn't talking about that. For the last time, we both agree.



Those are just small clips of what I said, they mean nothing without context. And with context, they did not mean that. I have always said that the iFrame is not the virus. For the last time again, I agree with you.



I know it can be done, I said it can be done first, period.

In FireFox I have no issues when looking around. On IE McCaffee alerts me and says "Trojan removed" and IE blocks some addon "Remote Service Control". (Oh and IE crashed lol)

I get lots of problems first it comes up with the reported attack site warning thing then since i just happened to of had AVG installed it comes up with warning saying that it has Exploits Java Obfuscation and another warning saying Exploits Web Attacker.

Where did you say you said it first?
Doing that is what the Firefox team has been doing.

Why the hell did you say that Firefox doesn't natively support ActiveX?

I mean, this sort of thing is like saying "I'll stick a knife through your heart but not kill you!".
Oh yeah, it makes sense, people today would believe that.


Also, if you are so knowledgable, tell me exactly what does this attack lead to. That is which parts are being attacked, or if not exactly which parts, just say what is being done.

Chrome has crashed for me twice because of this. I'm using Chrome because it is the only browser I have except IE on this computer and just encase$, since this is an ActiveX virus. Of course Chrome is still in beta, which is most likely why it kept crashing.

Anyway, didn't uuf6429 reckon that the admin were fixing it now, or did he just make that up...

Edit:


Because it doesn't, do you even know about native means, it means without an add-on/mod/hack.

WTF uuf6429 and Jumpey stop fighting this is not a bloody browser problem its a website problem.

And it defiantly doesn't have anything to do with Active X.
Add also Firefox does not support Active X for their want of it being cross platform.

And also Jumpey native does not mean that at all.

Jumpey - That is not the point.

A virus maker won't go on like "Too bad can't use natively activex in firefox" but rather "Oh cool, this makes activex work in firefox".

My point is, it is a matter of security.

Yes that is true, and that is what I tried talking about here, but someone keeps adding comments about how insecure IE is...
That is my point.
They never planned compliance with ActiveX, but a virus writer DOES not write compliant code!!
Hell! S/he just writes malicious code and that's just about it!
And as I said, Firefox can STILL access ActiveX through quirks.


Are you happy now?

I'm not going to discuss this any more. You don't even understand what I'm saying and you're going to get the topic locked. And for reference, I don't think IE is insecure, I love it and think it is the most secure...

Look, the security hole is there. During this whole time I saw it changing.
They can put any hack they want in it. The browser doesn't matter.

Now that we clarified that. What's next?

Hey i only just noticed this thread and firefox keeps coming up with "site attack".
Sorry to be a nuisance this thread is filled with people arguing about broswers.
Should i not go on the gmc for a while and come back later or is everything ok.
Sorry :S

Error on page

This bad



I get a error message when load caught on virus in gmc.
not happy with gmc
virus in my computer why gmc get virus! I restart system and reboot back to...

when happened when gmc get virus and error on page where from link.

if get load on gmc maybe virus or error on page be quick esc to stop! may error message then exit this internet explores.

try: http://gmc.yoyogames.com/lofiversion/index.php non error. without login and load that fine.

I am using IE on a friend computer and no error message.

We are safe.

Lol.

You guys should all stop flaming each other. Hit CTRL+F, type "idiot" and see how many matches you get. Can't we all just get along?

Please don't turn off/reduce your security settings. You're opening yourself up for attack that way. And people should stop recommending it as a method of getting around the warnings.

It wasnt a virus, someone hacked the system.

Your post is the only match I get. Idiot.

By the way the virus turned off my system restore. (and I can't open it up). This happen to anyone else?

Do not be fooled about being safe surfing with IE. It has suffered in its security checks. That page popped up on firefox cause it was reported as being malicious and the forefox browser was telling us so.

So that should tell you that firefox stays on top of the reports of sites and alerts you if you happen to come to a site that has been reported and malicious

Is it just me or was the IPB default skin on just now?

There is a virus, someone has injected an iFrame into the GMC that points to a virus. The GMC isn't hosting it, but it is causing your browser to point to the site delivering the virus.

Okay, so search the whole topic...

Tuntis - It's fine here.
But as I said before, they are trying to fix it. They could have changed to an older version temporally. Please, do stay calm and patient .

The iframe is removed.

Did you also patch it?
Good work

I still can't properly browse the website, kinda annoying. =[

edmunn - The website is ok on this side. What's your problem?

Until Google scans the site again, or YYG send in a rescan application you'll continue to get the warning. For now you are able to disable it in Firefox by going to

Tools > Security [Tab] > [Uncheck] Tell me if ... attack site.

Warning: This will disable the alert for every site you visit, so you may want to re-enable it once you've done viewing the GMC. Or leave it enabled until the attack site is cleared for this domain.