Clearly, the average person wouldn't be able to -- nor would they bother to -- distinguish between the two URLs." But the deception is still there, regardless. And it took me all of a minute to discern it, once warned. It is you who inserted the qualifier "average person." It is the only way out of the argument for you, and a lame one at that.
So, what is Microsoft doing to help customers avoid or discern nefarious URL spoofing?
But the deception is still there, regardless. And it took me all of a minute to discern it, once warned. It is you who inserted the qualifier "average person." It is the only way out of the argument for you, and a lame one at that.
No, it's not a lame argument. Again, look at the URLs:
Firebird http://windowsupdate.microsoft.com%01@security.openwares.org/Update.htm
IE http://windowsupdate.microsoft.com
Clearly, the average person cannot tell them apart. By your own admission, it took you a full minute to tell them apart. Do you seriously think that the
average user is going to stare at a URL for a full minute before deciding that it's safe?!? Geezus. Of course not! They're going to look at the first portion of the URL, determine that it's where they thought they should be, and continue on. Your attack on common sense is baffling and pointless.
So, what is Microsoft doing to help customers avoid or discern nefarious URL spoofing?
They've already fixed the problem. See
http://www.freerepublic.com/focus/f-news/1070394/posts. I'm not surprised that you don't know about it. You guys know how to attack -- but that's about it.