Domain: openwares.org
Stories and comments across the archive that link to openwares.org.
Comments · 17
-
Baldfaced
-
Re:Doubledge sword
This is truly amazing stuff. I expect a windows knock-off around 2007-2008.
How about now? Aqua Dock (http://www.openwares.org/index.php?option=com_rem ository&Itemid=26&func=fileinfo&parent=category&fi lecatid=29)is quite impressive...
How about a nice article about it? http://www.theregister.co.uk/2002/11/22/ruin_your_ pc/ -
There is a patch available
You can even test your browser http://security.openwares.org How come these people can fix it but M$ can't
-
INSTALL THE DAMN PATCH !!!
/. users need to keep their eyes open for patches!! The patch was releasd some time back and
/. did a story on it too. OpenWares.org Look for the IE patch. It was released Dec 2003 "This patch addresses a vulnerability in Microsoft Internet Explorer that could allow Hackers and con-artists to to display a fake URL in the address and status bars. The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL. " -
Re:It's like the auto industry.It has some extra spaces added by
/. -
Re:Hey, morons
Just point your browser to http://www.openwares.org/cgi-bin/exploit.cgi?unkn
o wn&unknown to see the page. -
A feature (RFC) not a bug
Is the "@-spoof" really a spoof? According to RFC2396, section 3.2.2 "Server-based Naming Authority", this is a feature of the URI and not a bug or a spoof.
Certainly it can be made to fool even an enlightened user, but isn't it wrong to cripple a browser's ability to adhere to the "Uniform Resource Identifiers (URI): Generic Syntax" RFC -- and even more so with spyware
;)Browsing the "test page" at Openwares with my Konqueror gives me the spoof page. Good. That just means that Konqueror is RFC2396-compliant (but should i patch anyway?
;).I first came across this "bug" about two years ago when i was forwarded an "authentic" page from Microsoft Support: Q209354 - HOWTO (mirror). It took me a while to realize that nobody at M$ was going to be fired for this type of creativity.
See The Reg for an article for some coverage -- although the host hwnd.net is off the net, so you can't really try to get spoofed.
- ~llauren
-
Re:Hey, morons
You do realize this patch phones home, don't you? Slashdot just advertised a piece of spyware. It phones home to validate every URL. Read the website.
The patch is open source. I don't even know if you are right in your statement but if you are, then download the source and change the way it works! Or live in fear... -
Re:Oh, I agree.
Too bad Mozilla fails the url spoof exploit as well... just try the tests here
-
Re:How were they able to make such a patch...
From looking at the source it's not actually a patch so much as a 'wedge'. It creates a typelib (or COM object of some sort) that registers itself with the system. By doing this it hooks into the IE API, such that it is called every time a URL is visited. If it detects that the URL contains the spoof, it redirects you to their site, where a CGI script gives you an IE-error-like page: For example if the faked part of the URL was 'fake.com' and the real site was 'real.com' it would redirect you to http://www.openwares.org/cgi-bin/exploit.cgi?true
. com&http://fake.com
So this is not so much a patch as a 'workaround'. It doesn't fix anything, it just intercepts those URLs and warns you about it. -
Re:How were they able to make such a patch...
Wrong.
:) The URL I found in the source code is http://www.openwares.org/cgi-bin/exploit.cgi? .. try it with http://www.openwares.org/cgi-bin/exploit.cgi?slash dot.org. It's the error page that the program displays when it hits a probable exploit. The program does the checking in your computer and when the link doesn't have %00 or %01, it just shows it normally. Only when it does see a %00 or %01, it sends the link to the above mentioned page.
If you ask me, maybe they want to have a record of which evil Paypal clone-sites are taking advantage of the exploit so they can tell the cops. Maybe they want to make it easy to tell the users that "MS has issued an update for this problem, please download it!", but of course maybe they want to display ads on that error page (Heh I would do the same).
But no, URLs that are okay are not being sent to that site. -
Re:How were they able to make such a patch...It only redirects if the address seems like it contains illegal caracters (and thus tries to spoof the address), not for all webpages accessed.
See http://www.openwares.org/cgi-bin/exploit.cgi?slas
h dot.org&www.goatse.cx for instance.It might log the addresses attempting to spoof webpages, but I'm all for that. And at least this explains clearly that a spoof was attempted through this exploit. I think it's better than just correcting the string, which would access a spoofed webpage anyways, even if showing the right address at the top... which of course would not work as well but many would still fall for it no matter, especially since it probably would look like http://www.paypal.com@paypal.something.net/ which would seem legitimate to the casual looker.
-
Re:UmmmIt only redirects if the address being accessed contains illegal caracters (%01 or %02). I agree it seems like a cheap way to get free publicity, but at least it clearly tells that an attack was attempted.
See http://www.openwares.org/cgi-bin/exploit.cgi?slas
h dot.org&www.goatse.cx for instance.It's a bit ugly but better IMHO than accessing anyways a spoofed webpage. Consider that the average Joe very well might put his credit card info on a page that looks like PayPal even though the address shown is "http://www.paypal.com@www.h4x0r3d.com/buy.cgi?". Many wouldn't be able to tell the difference...
-
Crikey, mate.
That's not a link! This is a link:
http://www.openwares.org/downloads/IEpatch.EXE
P.S. I haven't actually tried the executable out, I just added the clickable goodness. I also couldn't pass up the chance to make a Crocodile Dundee joke.
-
Acceptance?This is great that they did this but perhaps resources would be better spent developing for Mozilla? It will be interesting to see how Microsoft react to this. Why is the group releasing this on their own? Was Microsoft contacted?
Unfortunately, with this being an unofficial release, I don't see many people likely to utilize this until it is released by Microsoft. In the meantime, I am enjoying reading this in Mozilla
:) -
New patched released, not by Microsoft ; )
While the big boys at Redmond scratch their balls all day tring to come up with their next licensing scheme, an unknown outfit that goes by the name of Opensoft has released a security patch that fixes the new IE flaw that allows scammers to spoof the address bar. The patch, its source code, and detailed explanation of the bug including an example can be found at security.openwares.org
-
New patched released, not by Microsoft ; )
While the big boys at Redmond scratch their balls all day tring to come up with their next licensing scheme, an unknown outfit that goes by the name of Opensoft has released a security patch that fixes the new IE flaw that allows scammers to spoof the address bar. The patch, its source code, and detailed explanation of the bug including an example can be found at security.openwares.org