Skip to comments.
Powerful Flaw Found in IE
Hole could allow scammers to hide the true address of Web pages
pcworld.com ^
| December 10, 2003
| pcworld.com
Posted on 12/10/2003 4:19:33 PM PST by Print
A newly discovered vulnerability in Microsoft's Internet Explorer browser could be a powerful new tool for scammers, allowing them to convincingly mask the real origin of Web pages used to trick targets into revealing sensitive information.
Attackers could use a specially crafted URL to display a different domain name in the address bar than the Web page's actual location. This practice is known as "spoofing."
Full article HERE
TOPICS: Miscellaneous
KEYWORDS: computer; computersecurity; internet; lowqualitycrap; microsoft; security; windows
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-72 next last
An illustration of the
bug in IE.
1
posted on
12/10/2003 4:19:34 PM PST
by
Print
To: Print
E-mail and IP spoofing have been around for years and it is not a IE flaw, but a html flaw.
To: Print; High-tech Redneck
Boy howdy! that's awful.
3
posted on
12/10/2003 4:24:09 PM PST
by
glock rocks
(molon labe)
To: Paul C. Jesup
"E-mail and IP spoofing have been around for years and it is not a IE flaw, but a html flaw. No, this is IE flaw. Mozilla which doesn't have this flaw.
4
posted on
12/10/2003 4:24:14 PM PST
by
Print
To: Print
Should read: Mozilla doesn't have this flaw.
5
posted on
12/10/2003 4:25:02 PM PST
by
Print
To: Paul C. Jesup
This is URL spoofing, not email or IP spoofing. It's indeed an IE flaw. I went there and Konqueror displayed the full URL.
6
posted on
12/10/2003 4:25:40 PM PST
by
B Knotts
(Go 'Nucks!)
To: Print
Switch to OPERA.
www.opera.com
It's free, or you can buy the upgrade.
7
posted on
12/10/2003 4:29:18 PM PST
by
TaxRelief
(They say you are what you eat, so I guess I'm "fresh". Some other folks are "well-preserved".)
To: Paul C. Jesup
E-mail and IP spoofing have been around for years and it is not a IE flaw, but a html flaw. No, Mozilla Firebird displays the entire URL:
http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm
To: justlurking
IE will show the source if you just go to the View Folder and click view, but then most people don't even take to time to learn how to properly use IE. I have also figured out how to prevent pop-ups without pop-up programs. The key is to understand and use the 'Internet', 'Trusted' and 'Restricted' options in Security section of IE's settings
To: justlurking
IE will show the source if you just go to the View Folder and click SOURCE, but then most people don't even take to time to learn how to properly use IE. I have also figured out how to prevent pop-ups without pop-up programs. The key is to understand and use the 'Internet', 'Trusted' and 'Restricted' options in Security section of IE's settings
To: Print
Opera's response when I pressed [test exploit]:
Security warning:
You are about to go to an address containing a username.
Username: www.microsoft.com
Server: zapthdingvat.com
Are you sure you want to go to this address?
[yes][no]
And Opera is FREE!
11
posted on
12/10/2003 4:36:36 PM PST
by
TaxRelief
(They say you are what you eat, so I guess I'm "fresh". Some other folks are "well-preserved".)
To: Paul C. Jesup
...most people don't even take to time to learn how to properly use IE...The key is to understand and use the 'Internet', 'Trusted' and 'Restricted' options Microsoft should not make it so difficult for the average user to understand the options. It should also be safe by default.
12
posted on
12/10/2003 4:39:54 PM PST
by
TaxRelief
(They say you are what you eat, so I guess I'm "fresh". Some other folks are "well-preserved".)
To: Print
Well, I use ms Internet Explorer and I went to the 'test' site;
and I clicked on 'test exploit' and I got this message:
Location in address bar should be
http://www.microsoft.com And guess what?
The location in my adress bar said
http://www.microsoft.com So - what is the problem?
13
posted on
12/10/2003 4:41:29 PM PST
by
DefCon
To: TaxRelief
Microsoft should not make it so difficult for the average user to understand the options. It should also be safe by default.
Okay, I'll go along with that, but on the other side of the coin, Linux should not make it so difficult for the average user to understand how to use it. ;P
To: Paul C. Jesup
I'd have to disagree, it you look at the site in competing browsers, only IE is tricked.
To: DefCon
Well, when they say "should be," they mean "should be" if the exploit succeeds. Which it did, in your browser.
16
posted on
12/10/2003 4:46:08 PM PST
by
B Knotts
(Go 'Nucks!)
To: Print
It fooled Visual Route - I use this to help track web sites & emails back to source.
=== VisualRoute report on 10-Dec-03 6:44:56 PM ===
Report for www.microsoft.com [207.46.134.157]
Analysis: Connections to HTTP port 80 on host 'www.microsoft.com' [origin2.microsoft.com] are working, but ICMP packets are being blocked
past network "207.46.155.0" at hop 15. It is a HTTP server (running Microsoft-IIS/6.0).
17
posted on
12/10/2003 4:46:21 PM PST
by
steplock
(www.FOCUS.GOHOTSPRINGS.com)
To: Paul C. Jesup
Hmmm... so you're saying the proper way to browse is to inspect each site's page in source view, adjust your browser security settings and then proceed according to your preferences? I guess this would especially needed for those sites that use library files (good luck showing people how to download those!).
Whew, I get tired just thinking about it.
Comment #19 Removed by Moderator
Comment #20 Removed by Moderator
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-72 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson