New Explorer hole could be devastating

Infoworld ^ | 01/28/04 | Kieren McCarthy

[Nick Danger]

regard capillary assume baltic

[Golden Eagle]

Funny, I was just looking for your posting history, but it said:

This account has been banned or suspended.

Not surprising. In my opinion you should stay gone...

[Way2Serious]

The fact of the matter is that his original point -- that IE is somehow unique with this flaw -- is a pile of stinking Linux leavings...

Nick Danger demonstrated to me that IE fails to indicate spoofed URLs while Firebird does not. The analogy of not having an "idiot light" vs. not recognizing the "idiot light" seems appropriate. The evidence in Danger's favor is that a patch exists to make IE more like Firebird, rather than vice versa.

[Bush2000]

Nick Danger demonstrated to me that IE fails to indicate spoofed URLs while Firebird does not.

Per Nick, here are the URLs:

Firebird http://windowsupdate.microsoft.com%01@security.openwares.org/Update.htm
IE http://windowsupdate.microsoft.com

Clearly, the average person wouldn't be able to -- nor would they bother to -- distinguish between the two URLs.

[adam_az]

"Not surprising. In my opinion you should stay gone..."

If I wanted your opinion, I'd beat it outta ya. :)

Seriously though, I do hope we can disagree without resorting to childish antics. I wouldn't be happy if you were banned.... In fact, other than DUh trolls, the only person I've been happy to see banned was Illbay, and good riddance to him!

BTW, I was suspended for a day for breaking out with a quote from the film Goodfellas (a sanitized version of the "now go get your - shinebox!" quote.) I guess Admin Mod isn't a gangster flick fan.

[Way2Serious]

Clearly, the average person wouldn't be able to -- nor would they bother to -- distinguish between the two URLs."

But the deception is still there, regardless. And it took me all of a minute to discern it, once warned. It is you who inserted the qualifier "average person." It is the only way out of the argument for you, and a lame one at that.

So, what is Microsoft doing to help customers avoid or discern nefarious URL spoofing?

[cibco]

Marker...

[Bush2000]

But the deception is still there, regardless. And it took me all of a minute to discern it, once warned. It is you who inserted the qualifier "average person." It is the only way out of the argument for you, and a lame one at that.

No, it's not a lame argument. Again, look at the URLs:

Firebird http://windowsupdate.microsoft.com%01@security.openwares.org/Update.htm
IE http://windowsupdate.microsoft.com

Clearly, the average person cannot tell them apart. By your own admission, it took you a full minute to tell them apart. Do you seriously think that the average user is going to stare at a URL for a full minute before deciding that it's safe?!? Geezus. Of course not! They're going to look at the first portion of the URL, determine that it's where they thought they should be, and continue on. Your attack on common sense is baffling and pointless.

So, what is Microsoft doing to help customers avoid or discern nefarious URL spoofing?

They've already fixed the problem. See http://www.freerepublic.com/focus/f-news/1070394/posts. I'm not surprised that you don't know about it. You guys know how to attack -- but that's about it.

[Way2Serious]

They've already fixed the problem. See http://www.freerepublic.com/focus/f-news/1070394/posts. I'm not surprised that you don't know about it.

You bend over backwards to tell me it's not a problem, then you finally tell me "they fixed the problem." Was it a "problem" or not? You already know the answer. What a waste of time.

The reason I was blissfully ignorant of the "problem" is that I avoid IE like the plague. Who needs a browser that is a parasite on the OS?

[cibco]

bttt