Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Firefox flaw raises phishing fears
ZDNET ^ | 1/7/2005 | Ingrid Marson

Posted on 01/07/2005 3:06:33 PM PST by KwasiOwusu

A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned.

The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, allows malicious hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download.

Mikko Hypponen, director of antivirus research at software maker F-Secure, said this bug could make Firefox users vulnerable to cybercriminals. "The most likely way we could see this exploited would be in phishing scams," he said.

To fall victim to such a scam, a Firefox user would have to click on a link in an e-mail that pointed to a spoofed Web site and then download malicious software from the site, which would appear to be downloaded from a legitimate site.

(Excerpt) Read more at news.zdnet.com ...


TOPICS: Technical
KEYWORDS: browsers; computersecurity; firefox; intertexplorer; kneepads; littleprecious; lowqualitycrap; microsoft; paidshill; redmondpayroll; trollfromredmond
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 221-223 next last
To: Arkinsaw

I have that trouble here on Freep pages. Sometimes all images won't fully load. I haven't done anything out of the ordinary either. I have the Image Toolbar extension, but uninstalled it as an experiment, and it wasn't the culprit.

There's been so many of the same type complaints here:

http://forums.mozillazine.org/index.php?sid=08a3e019a773279eadb9ced6cb6ad613


61 posted on 01/07/2005 4:30:04 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 55 | View Replies]

To: KwasiOwusu
Open source is the key to solving the problem. Without peer review of IE code, Microsoft will just keep doing what they always do, deny, stall and then admit there is a problem. Then they will "fix" the problem and open another can of worms.

Firefox does not share this problem as it is not "married" to the operating system. Peer review of the open source code remedies security fixes and product enhancement faster and more efficiently.

62 posted on 01/07/2005 4:30:55 PM PST by frog_jerk_2004
[ Post Reply | Private Reply | To 25 | View Replies]

To: mlbford2
Bad administrator. The tools for securing your box, network AND users are out for the taking, you just need an admin who knows how.

:O)

W

More people DIE in Ford Explorers and F-150's than any other pickup truck currently on the market.

...and that's Bill Gate's fault, too, right?
63 posted on 01/07/2005 4:33:33 PM PST by papasmurf (Dear Lord, Please make me the Commanding General In Iraq for just 3 months, Amen.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: JoJo Gunn
I have that trouble here on Freep pages. Sometimes all images won't fully load. I haven't done anything out of the ordinary either. I have the Image Toolbar extension, but uninstalled it as an experiment, and it wasn't the culprit.

I must be lucky. I spend most of my time here and have never had a problem like that with Firefox. I'm Windows XP Home, without SP2. Strange.
64 posted on 01/07/2005 4:34:41 PM PST by Arkinsaw
[ Post Reply | Private Reply | To 61 | View Replies]

To: JoJo Gunn
No offense if you love your HP, but I used to have a Pavillion running ME as well, and thankfully I forgot to re-route the phone line through the surge protector one day (after moving it for some other reasons) and a lightning strike toasted it. I say thankfully, because I had nothing but trouble with it. I heard later from someone who has forgotten more about computers than I will ever know (which is probably most people on this forum!) that HP did some kind of funky partitioning or something on the Pavillions and it caused some very unique kinds of problems. I know when I tried to clean up my in-law's computer over Christmas I could not get through a complete removal of quarrantined items after running Ad-Aware. They are both in their mid 60's and no than a GED between them, but decided to get into this "computer thing" a couple of years ago (when I had the HP) and so they didn't know what kind of crap can land on your hard drive just from surfing the web (heck, I wasn't even aware of the full extent until fairly recently). I think the problem we were having is that HP (at least on the Pavillions) writes a copy of everything to a recovery file or something like that (other FReepers probably know exactly) and when you try and clean out crap with a program like Ad-Aware, it hangs the computer because you're not supposed to be able to touch that part of the C: drive.

I don't know if that's it, but I know I will never, ever, get another HP for my home computer (my iPAQ seems to work just fine, so...??). Glad yours is working for you. Maybe if I had know about Firefox sooner.

65 posted on 01/07/2005 4:38:09 PM PST by Pablo64 ("Everything I say is fully substantiated by my own opinion.")
[ Post Reply | Private Reply | To 56 | View Replies]

To: recalcitrant
"Is this site still running on an apache 'open source' server, perl and mysql? Are we still on freeBSD or openBSD? You know, all of those evil commie open source programs for ignorant and rabid folks? "


So what?
You can do better than that.
President Bush's site run on Microsoft Windows. Dell runs on Windows. Its the Internet.
An operating system, language etc etc, is just that.
Do we have normal people with open source skills? You bet. beings.

My quote says:
"But yeah the open source fanatics sure are ignorant and rabid"

We are talking about open source bomb throwers and attack dogs here.

It's like trying to compare Zell Miller to Barbara Boxter because they are both in the RATS party.
Won't work.

"How many years you been programming in 'fanatic' programming languages now? "

Mow that is really pathetic.

Tell me, how many years have you spent doing life saving operations, or doing post surgery care to save people's lives?

There is world out there apart from hiding yourself in your unlit basement and crouching over a computer screen you know.
66 posted on 01/07/2005 4:39:03 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 54 | View Replies]

To: Dat Mon
"Ill just crawl off, lick my wounds, and reboot Windows 2000"

I am sure you are a very nice man, ..really.
Hey, we all choose the wrong software sometimes.
But we are not gonna hold it against you. :)
67 posted on 01/07/2005 4:41:54 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 60 | View Replies]

To: papasmurf

I guess you are right. I could hire a network admin for 40k yr.... or,,,, I could just use Firefox and problem solved. I'll have to think about that. Tough decision.


68 posted on 01/07/2005 4:43:45 PM PST by mlbford2 ("Never wrestle with a pig; you can't win, you just get filthy, and the pig loves it...")
[ Post Reply | Private Reply | To 63 | View Replies]

To: KwasiOwusu

"Tell me, how many years have you spent doing life saving operations, or doing post surgery care to save people's lives?"



uhm.. more than two decades now.
What's your point dipstick?

Here's mine:

Take your anti-open source agenda to some other site where the site owners, operators, and users haven't been plugged into it for close to a decade.

bye el dipster!


69 posted on 01/07/2005 4:45:22 PM PST by recalcitrant
[ Post Reply | Private Reply | To 66 | View Replies]

To: KwasiOwusu
Well, what I got from the artcle that a user must click on a link contained in a spam message.

Anyone stupid enough to do that deserves whatever they get.

As a technical guy myself, I have NO PITY, MERCY, OR REMORSE for stupid users who shouldn't be allowed to use any computational device more advanced than an abacus.

But then again, an abacus can break, and the users might choke on one of the counting beads. So I guess that's out.

>:D

70 posted on 01/07/2005 4:49:05 PM PST by FierceDraka ("I am not going to sit here, and listen to you BAD MOUTH the United States of America! Gentlemen!")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Arkinsaw
I must be lucky. I spend most of my time here and have never had a problem like that with Firefox. I'm Windows XP Home, without SP2. Strange.

I’m running ME, for what it’s worth. This started about 3 weeks ago, out of nowhere. It’s not specific to the Freep, but just to say that it happens even here. (To my tyro senses, this site is pretty straightforward).

What I likely should try is making a new profile and see if that doesn’t straighten it out.

71 posted on 01/07/2005 4:50:32 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 64 | View Replies]

To: KwasiOwusu
So what do you know about Opera?

BTW do you know of anyway to dump IE 6 from the winxp or am I stuck with it forever?

72 posted on 01/07/2005 4:50:38 PM PST by dts32041 (When did the Democratic party stop being the political arm of the KKK?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JoJo Gunn
I'm not really familiar with Firefox (am using Mozilla 1.7 here) but does it have a "Tools/Image_Manager/Manage_Image_Permissions" menu?

Maybe you're somehow blocking images from particular servers?

73 posted on 01/07/2005 4:54:47 PM PST by solitas ('Mystic' dual 500 G4's, OSX.3.7)
[ Post Reply | Private Reply | To 61 | View Replies]

To: frog_jerk_2004
"Open source is the key to solving the problem. Without peer review of IE code, Microsoft will just keep doing what they always do, deny, stall and then admit there is a problem"

I agree that Microsoft needs to be kept on it's toes, and the open source movement is doing an excellent job of it.

Let's face it, Microsoft hasn't really made any major upgrade to IE for years.

Firefox is going to force Microsoft out of it's complacency, which can only be good for consumers.

I am happy about that. Competition is great.

The thing that has always been getting me about this is, there are just to many "Microsoft is the Great Satan" nuts out there, which naturally brings a reaction from our side.

Has Microsoft done some "bad" things to its competitotrs before? YES
But then you could say that about almost every single corporation on the planet.
Just look at all the corporate malfeasance the New York Attorney General is uncovering against all kinds of firms right now.

Are some Microsoft products not as good as they could be? Again, YES.

But hey, even Toyota has been forced to recall thousands of vehicles more than a few times.

Recently Merck was forced to pull some drug from the market etc etc.

To err is human.
I think that the rhetoric of the open source side needs to get far less personal and just deal with the issues.
74 posted on 01/07/2005 4:54:51 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 62 | View Replies]

To: recalcitrant
"uhm.. more than two decades now"

Really?


And while you were about it, you played in the NBA, the NFL , MLB and managed to be a rocket scientist working for NASA for "more than two decades" too I take it?
We have a truly remarkable human here. :)

"Take your anti-open source agenda to some other site where the site owners, operators, and users haven't been plugged into it for close to a decade. "

It gives me am extra kick to trash open source at sites that have been "plugged into it for close to a decade"

Who knows?
They might even see the light and come back to the Microsoft fold.

Again, the fact that a site uses open source has no bearing whatsoever on what can be debated on that site.

Microsoft is trashed all the time on CNBC investment forums by open source crazies, in spite of the fact that both MSNBC and CNBC run on Microsoft Windows Servers.
75 posted on 01/07/2005 5:07:59 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 69 | View Replies]

To: KwasiOwusu
Just couldn't resist getting the Firefox evangelists' backs up.

Heh heh heh. I know how you feel. It's funny to see how passionate some people get about something silly like which web browser or OS they use.

It's always Windows vs Mac vs Linux vs OpenBSD, or IE vs Mozilla vs Opera vs Safari. It reminds me of "My dad can kick your dad's BUTT!"

Personally, I don't give a **** - they all have their good points and bad points. Just like with Ford, Chrysler, and GM vehicles, everybody's got a favorite, and thinks everybody else are idiots.

76 posted on 01/07/2005 5:11:05 PM PST by FierceDraka ("I am not going to sit here, and listen to you BAD MOUTH the United States of America! Gentlemen!")
[ Post Reply | Private Reply | To 10 | View Replies]

To: Pablo64
Thankfully?

As far as the partitions, do you mean more recently, as with XP? HP doesn't ship recovery discs anymore, and XP is supposed to be recovered from a protected partition.

But I could be wrong. I had a problem once with a full format and recover with the HP discs. Made it all the way through the two CD's and reboot, then comes the "updating system" box, and lo and behold there was another box with "long file name backup" and "couldn't open the file to restore from". Line 6 character 2 "profile" is null or not an object".

The URL pointed to a Windows>System .dll, a really long pathname, and it asked did I still want to run scripts. I clicked "yes" and went through several screens, and got to one HTML type without something on the page, can't remember which one, but I couldn't continue from that point.

What was strange was that a recovery without a format first went fine, but I feel it's a house of cards, and anyway, a problem needed fixing.

So what was a casual computer person supposed to do? HP gave the runaround about wanting money. So I paced the floor a while, and for some reason I had the thought to format before using the CD's. It assigned a new serial number to the HD and that worked.

So maybe we're talking the same thing?

Here's that pathname, if ever anyone else has this happen:

res://c:\WINDOWS\SYSTEM\SBUtils\swebctl.dll/105

77 posted on 01/07/2005 5:12:42 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 65 | View Replies]

To: recalcitrant
"What's your point dipstick? "

BTW, Mr "done every job on the planet for more than two decades", I wouldn't be so quick spewing out mindless abuse if I were you.

A guy like you, who makes things up on the fly, is just too vulnerable to counter attack.
78 posted on 01/07/2005 5:12:50 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 69 | View Replies]

To: goldstategop

"and Microsoft hasn't even pledged to make its browser more secure."

Don't know much about Microsoft, do you?


79 posted on 01/07/2005 5:15:16 PM PST by shellshocked
[ Post Reply | Private Reply | To 14 | View Replies]

To: Petronski
Burn 1000 copies of Knoppix and hand them out at your local mall. LOL

Bwaw haw haw! Good one!

80 posted on 01/07/2005 5:15:41 PM PST by FierceDraka ("I am not going to sit here, and listen to you BAD MOUTH the United States of America! Gentlemen!")
[ Post Reply | Private Reply | To 59 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 221-223 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson