Skip to comments.
Cont Click that link, Microsft tells users to type it...
Microsoft.com ^
| Microsfot
Posted on 01/30/2004 11:03:13 AM PST by N3WBI3
When you point to a hyperlink in Microsoft Internet Explorer, Microsoft Outlook Express, or Microsoft Outlook, the address of the Web site typically appears in the Status bar at the bottom of the window. After you click a link that opens in Internet Explorer, the address of the Web site typically appears in the Internet Explorer Address bar, and the title of the Web page typically appears in the Title bar of the window.
However, a malicious user could create a link to a deceptive (spoofed) Web site that displays the address, or URL, to a legitimate Web site in the Status bar, Address bar, and Title bar. This article describes steps that you can take to help mitigate this issue and to help you to identify a deceptive (spoofed) Web site or URL.
(Excerpt) Read more at support.microsoft.com ...
TOPICS: Miscellaneous; Unclassified
KEYWORDS: bug; internet; lowqualitycrap; microsoft; windows
Navigation: use the links below to view more comments.
first 1-20, 21-28 next last
Bwhhahahahah...
1
posted on
01/30/2004 11:03:14 AM PST
by
N3WBI3
To: N3WBI3
This is old news, too. Surprising they're acting like it's brand new!
2
posted on
01/30/2004 11:07:10 AM PST
by
thoughtomator
("I will do whatever the Americans want because I saw what happened in Iraq, and I was afraid"-Qadafi)
To: N3WBI3
It is perfectly safe to use dynamite in your mine, as long as you don't light the fuse.
3
posted on
01/30/2004 11:08:09 AM PST
by
DManA
To: N3WBI3
This isn't a Microsoft only issue...any browser that runs Javascript can be spoofed this way...
To: N3WBI3
You're link to the Microsoft support document does not work.
hmmm
5
posted on
01/30/2004 11:08:46 AM PST
by
wesdale
To: N3WBI3
And you want me to click that link for the whole story?
Yeah... right!
[lol]
To: thoughtomator
They pretended like they were working on it then hoped the threat would just go away.
7
posted on
01/30/2004 11:09:39 AM PST
by
DManA
To: danneskjold
Yeah, but because MS uses the same shoddy code for everything, a problem in one program becomes a problem in every single program that uses that feature... so what would be a simple browser issue elsewhere is now a browser, email, calendaring, word processing, etc. issue.
8
posted on
01/30/2004 11:11:46 AM PST
by
thoughtomator
("I will do whatever the Americans want because I saw what happened in Iraq, and I was afraid"-Qadafi)
To: N3WBI3
Cont Click that link, Microsft tells users to type it...
Microsoft.com ^ | Microsfot This resembles English.
9
posted on
01/30/2004 11:13:07 AM PST
by
Izzy Dunne
(Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
To: N3WBI3
Bad link...
10
posted on
01/30/2004 11:13:11 AM PST
by
js1138
To: thoughtomator
Yeah, but because MS uses the same shoddy code for everything, a problem in one program becomes a problem in every single program that uses that feature... so what would be a simple browser issue elsewhere is now a browser, email, calendaring, word processing, etc. issue. shoddy code?...bit of a stretch...anyone that uses javascript could have this issue...
To: danneskjold
It's an Explorer issue.
12
posted on
01/30/2004 11:14:55 AM PST
by
Salo
(You have the right to free speech - as long as you are not dumb enough to actually try it.)
To: Salo
I can post a link on an html page that will display a diffent link address when you hover over it, in any browser that supports javascript...
To: danneskjold
Opera runs JS but does not behave in this manner
14
posted on
01/30/2004 11:16:43 AM PST
by
N3WBI3
To: danneskjold
I can post a link on an html page that will display a diffent link address when you hover over it, in any browser that supports javascript... No true. Mozilla supports Javascript and doesn't exhibit this behavior.
15
posted on
01/30/2004 11:20:17 AM PST
by
Prime Choice
(I'm pro-choice. I just think the "choice" should be made *before* having sex.)
To: danneskjold
This isn't a Microsoft only issue...any browser that runs Javascript can be spoofed this way... That's incorrect. Mozilla and Konqueror both display the full URL. Only Internet Explorer is vulnerable.
16
posted on
01/30/2004 11:20:50 AM PST
by
B Knotts
(Recall Arnold!)
To: danneskjold
You will see it displayed correctly in any browser but MS Internet Explorer for Windows. IE will only show the spoofed address.
Here.
17
posted on
01/30/2004 11:22:00 AM PST
by
Salo
(You have the right to free speech - as long as you are not dumb enough to actually try it.)
To: N3WBI3
Manually typing in the URL can be just as dangerous as clicking the link. It is still possible to arrive at a malicious (to Windows) site if the user is not familiar with URL encoding and doesn't think about what they're typing in.
Fundamentally, this is an issue about a crap operating system more than an unsafe URL.
18
posted on
01/30/2004 11:23:21 AM PST
by
HAL9000
To: danneskjold
It's true that you can do a similar thing in Javascript. However, the IE code is used in other contexts where Javascript is not normally used.
19
posted on
01/30/2004 11:23:27 AM PST
by
B Knotts
(Recall Arnold!)
To: danneskjold
BTW, another related MS IE security hole,
here.
20
posted on
01/30/2004 11:25:08 AM PST
by
Salo
(You have the right to free speech - as long as you are not dumb enough to actually try it.)
Navigation: use the links below to view more comments.
first 1-20, 21-28 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson