Firefox flaw raises phishing fears

ZDNET ^ | 1/7/2005 | Ingrid Marson

[KwasiOwusu]

A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned.

The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, allows malicious hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.

Mikko Hypponen, director of antivirus research at software maker F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.

To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site.

[KwasiOwusu]

"But I wouldn't quite say "rocks" just yet"

Its still listed on the Nasdaq, running smoothly and efficiently on Microsoft Windows.
Which is what we are talking about here.

"Even when you have multiple load-balanced, redundant servers, more down time still means more admin time, which means higher TCO"

Bottom line: NASDAQ has been running remarkably well on Windows Server for years, and hasn't been made unavailable due to computer outages that I know of.
If you do know of any, I'll be happy to concede the point.

[N3WBI3]

So Kwazy did dell sell 167 Million computers in the run up (sixty days) until christmas?? one hundred Billion dollars worth?

[KwasiOwusu]

"So Kwazy did dell sell 167 Million computers in the run up (sixty days) until christmas?? one hundred Billion dollars worth?"

Come , come, you can do better than that.
Its not so much the # of transactions, its a combination of the VALUES of those transactions as well the #'s.
Amazon's sales of books, DVD's etc etc averages say, $25?
Dell's sales of computers may average up to $800 each, if you add in servers bought by business from the Dell site.
Dell is dealing with far more cash transactions here.
Makes sense for Dell to have a rock solid platform to have their web transactions on: WINDOWS SERVERS.

[N3WBI3]

Its not so much the # of transactions, its a combination of the VALUES of those transactions as well the #'s.

This is what I mean by youre clueless when it comes to IT. I dont care if a transaction is for 10$ or 1000$, if its being done online it needs the same security. Transaction volume is what really taxes a system is the number of transactions whats the difference between 25$ and 1000$ on system resources? absolutly none they are both floats. You obviously love windows, good for you but I doubt you have ever been charged with maintaing a system with high up time and a load like Amazons..

Dell is dealing with far more cash transactions here.

? No dell is dealing with more cash, Amazon is dealing with mroe transactions, too hard for you to understand?

Makes sense for Dell to have a rock solid platform to have their web transactions on: WINDOWS SERVERS.

Come back after you buy a clue..

[N3WBI3]

Its not so much the # of transactions, its a combination of the VALUES of those transactions as well the #'s.

This is what I mean by youre clueless when it comes to IT. I dont care if a transaction is for 10$ or 1000$, if its being done online it needs the same security. Transaction volume is what really taxes a system is the number of transactions whats the difference between 25$ and 1000$ on system resources? absolutly none they are both floats. You obviously love windows, good for you but I doubt you have ever been charged with maintaing a system with high up time and a load like Amazons..

Dell is dealing with far more cash transactions here.

? No dell is dealing with more cash, Amazon is dealing with mroe transactions, too hard for you to understand?

Makes sense for Dell to have a rock solid platform to have their web transactions on: WINDOWS SERVERS.

Come back after you buy a clue..

[N3WBI3]

Makes sense for Dell to have a rock solid platform to have their web transactions on: WINDOWS SERVERS.

A website with a server uptime less than 25% that of Amazon, yea right 'rock solid'..

[beezdotcom]

The dog's name in the stoy was Precious, that's why he linked it. Not saying he was smart to do so...

[Balding_Eagle]

I used to hold software writers etc. in awe. Especially those who posted here at FR.

As this thread points out, they may be book smart, but real world stupid, as your reply #21 clearly shows.

After reading threads like this for several years now, I realize they're just average thinkers, and not much different than me when I fought with my childhood friends (sometimes real fist fights) about which tractor was better, John Deere, Farmall, or Allis Chalmers. The difference is, I grew up.

[KwasiOwusu]

" dont care if a transaction is for 10$ or 1000$, if its being done online it needs the same security"

You cannot be serious.
Lets just say a jewelery shop is selling diamond engagement rings.
Th one's costing say $2000 to say $5000 are usually kept in the open shop on display.
The $20,000 to say $100,000 ones are kept securely in a safe in an inner room at the back of the shop, with much more security.
If they should happen to have those super expensive diamond rungs costing a million dollars plus, they bring in massive well armed security guards to secure the joint.
What happens in real life shops is exactly the same thing that happens online.
$25 transactions are not the same as $800 transactions. I won't lose much sleep if I lose $25 buying a book at Amazon. However losing $800 is another matter altogether. You'll find that most of the population (apart from the open source crazies) and most consumers think exactly that way.

"? No dell is dealing with more cash, Amazon is dealing with more transactions, too hard for you to understand?

Again, in case you are still stone deaf, its a combination of # of transactions and the VALUES of those transactions.
And when you combine the two Dell totally SMOKES amazon.
They are not even in the same ball park. :)


"Come back after you buy a clue.."

You can never come back.
Why?
Because you can never have a clue.
Microsoft Windows RULES.
Get over it.

[TheOtherOne]

Firefox flaw raises phishing fears

They almost had the perfect title:

Firefox Flaw Furthers Phising Fears

[KwasiOwusu]

"A website with a server uptime less than 25% that of Amazon, yea right 'rock solid'"

A Dell web site that does to the tune of nearly $40 Billion worth of business selling expensive computers to consumers and the biggest businesses in the world including China, and Japan, as compared to Amazon selling an underwhelming $5 Billion worth of books , DVD's etc etc to consumers.
That's rock solid alright. :)

[KwasiOwusu]

"I used to hold software writers etc. in awe."

Never held software in awe.
My beef is with the open source, Microsoft-hating nuts and their hate-Gates, mostly hate-capitalism and hate-profits ideology.

[BigSkyFreeper]

First line of defense is the user behind the keyboard.

[N3WBI3]

Again, in case you are still stone deaf, its a combination of # of transactions and the VALUES of those transactions.

None of which actually affects the load on the server. The server load and performance metrics are determined by the number of transaction not a different bit order in a packet.

[N3WBI3]

What affects server load more? number of orders or the cost per item ordered?

[BigSkyFreeper]

A website [Dell] with a server uptime less than 25% that of Amazon, yea right 'rock solid'..

Your source of this information?

[BigSkyFreeper]

What affects server load more? number of orders or the cost per item ordered?

Moot point when you consider companies like Dell and Microsoft have redundancy built into their server farms.

[KwasiOwusu]

"What affects server load more? number of orders or the cost per item ordered?"

Wrong question.
Real question is: Which one will consumers require more security, stability, availability etc at, and which site do they need to have more confidence in? The site where they are spending $25 or the site where they are coughing up to the tune of $800?
The Dell site wins every time.

[BigSkyFreeper]

I could give you an example of "server load" bringing a server down. A few years ago, there was a coordinated Denial Of Service (DDOS) attack on three corporate servers; they included Yahoo, Amazon, and Microsoft. Ironically it occured on the very same day at the very same time. Yahoo and Amazon was saturated with so many packets they became "unreachable", while Microsoft kept churning away.

[BigSkyFreeper]

On a broader scale, the internet itself has redundancy built into it. If a portion of the internet comes down, the internet "heals thyself" and routes packets in a different path, unbeknownst to the internet user.