Firefox flaw raises phishing fears

ZDNET ^ | 1/7/2005 | Ingrid Marson

[KwasiOwusu]

A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned.

The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, allows malicious hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.

Mikko Hypponen, director of antivirus research at software maker F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.

To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site.

[ShadowAce]

Absolutely.

[KwasiOwusu]

"Absolutely."


Riiight.
Show me the open source/free software that is running www.Microsoft.com
Just for starters.

[ShadowAce]

The TCP/IP stack that MS lifted (legally--it's under the BSD license). Without that, nothing on the Internet would run.

[ExDemSince92]

The idiot is simply trolling. Pay it no mind.

[KwasiOwusu]

"The TCP/IP stack that MS lifted "

TCP/IP stack is open source?
Since when?

That will be news to Vince Cerf who is generally credited with inventing TCP protocol.

"Q. "Who invented the Internet Protocol (IP)?"
A. In May, 1974, the Institute of Electrical and Electronic Engineers (IEEE) published a paper titled "A Protocol for Packet Network Interconnection." The paper's authors -- Vinton Cerf and Robert Kahn -- described a protocol called "TCP" that incorporated both connection-oriented and datagram services... (see below) "

http://compnetworking.about.com/od/networkprotocolsip/l/blfaq009.htm

How did the those wonderful open source magicians manage to invent somethinmg that had already been invented again?

[baseballfanjm]

I have read the thread, or else I wouldn't have suggested that you do so.

And the "you.... calling other people fanatics" thing was meant to imply that you display more fanatical behavior than most of your repliers.

[ShadowAce]

Here's the history of MS and TCP/IP.

[KwasiOwusu]

"I have read the thread, or else I wouldn't have suggested that you do so"

So have I.
You see, I helped create this thread.

"I have read the thread, or else I wouldn't have suggested that you do so"

I know what you meant.
Naturally I don't happen to agree with you on that one.

[ShadowAce]

TCP/IP stack is open source?
Since when?

Since you can download it from several sites off the net.

[baseballfanjm]

Alright then. No hard feelings.

[ShadowAce]

Bedtime for me. I may check in later this weekend.

[KwasiOwusu]

A few quotes from your site :

"Eventually the new, from scratch TCP/IP stack was done and shipped with NT 3.5 (the second version, despite the number) in late 1994. The same stack was also included with Windows 95. "

and

"And implying that the TCP/IP stack uses BSD code is also false"

Bottom line, TCP was NOT invented by any open source group whatsoever at all.
And Microsoft did rewrite Windows NT TCP/IP stack from scratch, by themselves.

[N3WBI3]

Wow you call a buch of people moronr, and clueless and they push back... go figure..

[N3WBI3]

Microsoft IIS runs more commercial sites than any other web server out there. That is where the real money is made.

Citibank, Wells Fargo, Ameritrade, Amazon,... If you want secure stable Internet transactions you want to use Unix.

Good point about dell, too bad their average server uptime is less than two months. Where as Citibank's 90 day moving average is more than three times that...

Also can you provide me with some evidence that Dell does more business transactions in a day than Citibank?

[KwasiOwusu]

Also can you provide me with some evidence that Dell does more business transactions in a day than Citibank?"

No one sells more per day on their web site than Dell does.
Citibank , Wells Fargo etc etc don't sell goods on their web sites.
They are banks.

"If you want secure stable Internet transactions you want to use Unix."

Rubbish Dell generates more secure, stable Internet transactions than anyone else. They use Windows.
Plus Dell is one of the most succesfull companies on the entire planet, and by far the mot successful PC seller in the history of mankind, and moving fast up the ladder in servers as well.
Nearly 54% of Fortune 1000 companies run their entire web site operations on Windows servers and IIS. Unix doesn't even come close. .

[KwasiOwusu]

"Wow you call a buch of people moronr, and clueless and they push back... go figure"

You are turning things the other way round.
I put in a post about the security weaknesses of Firefox, and as expected got deluged with attacks from the loony left, open source crazies.
Nothing new in that. Doesn't worry me much.
I have been fighting with open source crazies for years.
It's great fun.

[Pablo64]

Fortunately for me, anyway. I was ready to set a charge under it and figure out some kind of "accident" explanation for the insurance company.LOL!

What you spoke about may be part of the issue. I'm not sure really how to explain it. I have learned just enough about computers over the years to be dangerous, but not enough to really be of any help to myself. When I graduated high school and went to college, I bought a high end typewriter. My sister, who is four years younger, bought a typewriter with word processing capabilities (which was way cool then). As I left college personal computers were just starting to be more common, but I missed really getting to learn about them. I've had to "pick it up on the street corner", as they say.

My inlaw's computer still hangs and give them the "Blue Screen Of Death" once in a while, and a lot of times the error message will include something about a .dll file (I have no idea what one of those is).

I ended up restoring their computer twice using the HP recovery discs that came with it (3 disks, but you only use 2...?). First time without using the reformat option. When that didn't help, I ran it again using the reformat option from the recovery disk. Seems to have done much better, but still having some problems. Unfortunately, they are 500 miles away from us, so it's hard for me to try new things on it and they are not comfortable with me trying to talk them through it over the phone. I think they are starting to consider getting a new computer.

[Uncle Fud]

There is a Firefox extension called "ieview" at http://ieview.mozdev.org/ which solved this problem for me. Lets you shell out to IE to re-load the currently browsed site and drop right back to Firefox when finished.

[KwasiOwusu]

"Citibank, Wells Fargo, Ameritrade, Amazon,... "


BTW, if you want financial institutions, both the Nasdaq and the London Stock Exchange (www.londonstockexchange.com) run on Microsoft Windows. :)

As for Amazon, Barnes and Noble (bn.com) run their online business on Windows too.

[Robert A Cook PE]

A "DLL" is a linked Microsoft programming extension intimately associated with one or more executable programs.

Usually, they try to teach programmer to use DLL to do common repetitive task that several programs can later "share" -> Thus, programming time is reduced.

In theory.

Like any program, a DLL can become corrupt, or more likely, since its shared by different programs, program A, version 1, expects the DLL to do one thing; program B version 2, expects it to do another thing under different circumstances, and program D version 12 expects it to do a third thing under the same circumstances.