Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Firefox flaw raises phishing fears
ZDNET ^ | 1/7/2005 | Ingrid Marson

Posted on 01/07/2005 3:06:33 PM PST by KwasiOwusu

A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned.

The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, allows malicious hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.

Mikko Hypponen, director of antivirus research at software maker F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.

To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site.

(Excerpt) Read more at news.zdnet.com ...


TOPICS: Technical
KEYWORDS: browsers; computersecurity; firefox; intertexplorer; kneepads; littleprecious; lowqualitycrap; microsoft; paidshill; redmondpayroll; trollfromredmond
Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160 ... 221-223 next last
To: KwasiOwusu

Absolutely.


121 posted on 01/07/2005 9:11:00 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 119 | View Replies]

To: ShadowAce
"Absolutely."


Riiight.
Show me the open source/free software that is running www.Microsoft.com
Just for starters.
122 posted on 01/07/2005 9:14:40 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 121 | View Replies]

To: KwasiOwusu

The TCP/IP stack that MS lifted (legally--it's under the BSD license). Without that, nothing on the Internet would run.


123 posted on 01/07/2005 9:18:03 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 122 | View Replies]

To: davetex

The idiot is simply trolling. Pay it no mind.


124 posted on 01/07/2005 9:25:42 PM PST by ExDemSince92
[ Post Reply | Private Reply | To 40 | View Replies]

To: ShadowAce
"The TCP/IP stack that MS lifted "

TCP/IP stack is open source?
Since when?

That will be news to Vince Cerf who is generally credited with inventing TCP protocol.

"Q. "Who invented the Internet Protocol (IP)?"
A. In May, 1974, the Institute of Electrical and Electronic Engineers (IEEE) published a paper titled "A Protocol for Packet Network Interconnection." The paper's authors -- Vinton Cerf and Robert Kahn -- described a protocol called "TCP" that incorporated both connection-oriented and datagram services... (see below) "

http://compnetworking.about.com/od/networkprotocolsip/l/blfaq009.htm

How did the those wonderful open source magicians manage to invent somethinmg that had already been invented again?
125 posted on 01/07/2005 9:26:15 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 123 | View Replies]

To: KwasiOwusu

I have read the thread, or else I wouldn't have suggested that you do so.

And the "you.... calling other people fanatics" thing was meant to imply that you display more fanatical behavior than most of your repliers.


126 posted on 01/07/2005 9:35:39 PM PST by baseballfanjm
[ Post Reply | Private Reply | To 108 | View Replies]

To: KwasiOwusu
Here's the history of MS and TCP/IP.
127 posted on 01/07/2005 9:36:59 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 125 | View Replies]

To: baseballfanjm
"I have read the thread, or else I wouldn't have suggested that you do so"

So have I.
You see, I helped create this thread.

"I have read the thread, or else I wouldn't have suggested that you do so"

I know what you meant.
Naturally I don't happen to agree with you on that one.
128 posted on 01/07/2005 9:38:13 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 126 | View Replies]

To: KwasiOwusu
TCP/IP stack is open source?
Since when?

Since you can download it from several sites off the net.

129 posted on 01/07/2005 9:40:52 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 125 | View Replies]

To: KwasiOwusu

Alright then. No hard feelings.


130 posted on 01/07/2005 9:45:23 PM PST by baseballfanjm
[ Post Reply | Private Reply | To 128 | View Replies]

To: ShadowAce

Bedtime for me. I may check in later this weekend.


131 posted on 01/07/2005 9:46:39 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 129 | View Replies]

To: ShadowAce
A few quotes from your site :

"Eventually the new, from scratch TCP/IP stack was done and shipped with NT 3.5 (the second version, despite the number) in late 1994. The same stack was also included with Windows 95. "

and

"And implying that the TCP/IP stack uses BSD code is also false"

Bottom line, TCP was NOT invented by any open source group whatsoever at all.
And Microsoft did rewrite Windows NT TCP/IP stack from scratch, by themselves.
132 posted on 01/07/2005 9:52:14 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 127 | View Replies]

To: KwasiOwusu

Wow you call a buch of people moronr, and clueless and they push back... go figure..


133 posted on 01/07/2005 10:52:40 PM PST by N3WBI3
[ Post Reply | Private Reply | To 105 | View Replies]

To: KwasiOwusu
Microsoft IIS runs more commercial sites than any other web server out there. That is where the real money is made.

Citibank, Wells Fargo, Ameritrade, Amazon,... If you want secure stable Internet transactions you want to use Unix.

Good point about dell, too bad their average server uptime is less than two months. Where as Citibank's 90 day moving average is more than three times that...

Also can you provide me with some evidence that Dell does more business transactions in a day than Citibank?

134 posted on 01/07/2005 11:07:54 PM PST by N3WBI3
[ Post Reply | Private Reply | To 111 | View Replies]

To: N3WBI3
Also can you provide me with some evidence that Dell does more business transactions in a day than Citibank?"

No one sells more per day on their web site than Dell does.
Citibank , Wells Fargo etc etc don't sell goods on their web sites.
They are banks.

"If you want secure stable Internet transactions you want to use Unix."

Rubbish Dell generates more secure, stable Internet transactions than anyone else. They use Windows.
Plus Dell is one of the most succesfull companies on the entire planet, and by far the mot successful PC seller in the history of mankind, and moving fast up the ladder in servers as well.
Nearly 54% of Fortune 1000 companies run their entire web site operations on Windows servers and IIS. Unix doesn't even come close. .
135 posted on 01/08/2005 7:16:47 AM PST by KwasiOwusu
[ Post Reply | Private Reply | To 134 | View Replies]

To: N3WBI3
"Wow you call a buch of people moronr, and clueless and they push back... go figure"

You are turning things the other way round.
I put in a post about the security weaknesses of Firefox, and as expected got deluged with attacks from the loony left, open source crazies.
Nothing new in that. Doesn't worry me much.
I have been fighting with open source crazies for years.
It's great fun.
136 posted on 01/08/2005 7:22:58 AM PST by KwasiOwusu
[ Post Reply | Private Reply | To 133 | View Replies]

To: JoJo Gunn
Fortunately for me, anyway. I was ready to set a charge under it and figure out some kind of "accident" explanation for the insurance company.LOL!

What you spoke about may be part of the issue. I'm not sure really how to explain it. I have learned just enough about computers over the years to be dangerous, but not enough to really be of any help to myself. When I graduated high school and went to college, I bought a high end typewriter. My sister, who is four years younger, bought a typewriter with word processing capabilities (which was way cool then). As I left college personal computers were just starting to be more common, but I missed really getting to learn about them. I've had to "pick it up on the street corner", as they say.

My inlaw's computer still hangs and give them the "Blue Screen Of Death" once in a while, and a lot of times the error message will include something about a .dll file (I have no idea what one of those is).

I ended up restoring their computer twice using the HP recovery discs that came with it (3 disks, but you only use 2...?). First time without using the reformat option. When that didn't help, I ran it again using the reformat option from the recovery disk. Seems to have done much better, but still having some problems. Unfortunately, they are 500 miles away from us, so it's hard for me to try new things on it and they are not comfortable with me trying to talk them through it over the phone. I think they are starting to consider getting a new computer.

137 posted on 01/08/2005 7:31:38 AM PST by Pablo64 ("Everything I say is fully substantiated by my own opinion.")
[ Post Reply | Private Reply | To 77 | View Replies]

To: Robert A. Cook, PE

There is a Firefox extension called "ieview" at http://ieview.mozdev.org/ which solved this problem for me. Lets you shell out to IE to re-load the currently browsed site and drop right back to Firefox when finished.


138 posted on 01/08/2005 7:33:13 AM PST by Uncle Fud
[ Post Reply | Private Reply | To 92 | View Replies]

To: N3WBI3
"Citibank, Wells Fargo, Ameritrade, Amazon,... "


BTW, if you want financial institutions, both the Nasdaq and the London Stock Exchange (www.londonstockexchange.com) run on Microsoft Windows. :)

As for Amazon, Barnes and Noble (bn.com) run their online business on Windows too.
139 posted on 01/08/2005 7:51:42 AM PST by KwasiOwusu
[ Post Reply | Private Reply | To 134 | View Replies]

To: Pablo64
A "DLL" is a linked Microsoft programming extension intimately associated with one or more executable programs.

Usually, they try to teach programmer to use DLL to do common repetitive task that several programs can later "share" -> Thus, programming time is reduced.

In theory.

Like any program, a DLL can become corrupt, or more likely, since its shared by different programs, program A, version 1, expects the DLL to do one thing; program B version 2, expects it to do another thing under different circumstances, and program D version 12 expects it to do a third thing under the same circumstances.
140 posted on 01/08/2005 9:15:02 AM PST by Robert A Cook PE (I can only donate monthly, but Kerry's ABBCNNBCBS continue to lie every day!)
[ Post Reply | Private Reply | To 137 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160 ... 221-223 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson