New IE Bug Hides Real Site Address

Posted by michael on Thursday December 11, 2003 @01:37AM from the can't-blame-the-user-for-this-one dept.

Norman at Davis writes "ZDNet is running a story on a new security flaw in Microsoft's Internet Explorer which could let hackers use a technique to display a false Web address on a fake site according to an advisory from the Danish security company Secunia. The Danes report that 'the vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.' PC World reports that 'Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch, a spokesperson says.' And for good measure, here's what Google news is covering on it right now."

3 of 683 comments (clear)

Min score:

Reason:

Sort:

Crap like this..... by Conspiracy_Of_Doves · 2003-12-11 01:45 · Score: 0, Flamebait

Is why I never use IE unless I absolutly have to.

On my computer, IE doesn't even have access to get through Zonealarm.

--

Technoli
Why is it slashdot never reports...... by Anonymous Coward · 2003-12-11 02:09 · Score: 0, Flamebait

security issues in other browsers? IE may have its problems but it is the most powerful and standards compliant browser available at the moment. Mozilla may be an alternative one day but not at the moment.
Re:Not patching this month...... by Matrix272 · 2003-12-11 03:08 · Score: 0, Flamebait

Still this seems like a major flaw - For the last 3 months I've been recommending to all my friends and family to start using Mozilla. Not saying it's perfect but there's a lot less flaws than IE.

Does it have fewer flaws, or does it have fewer users to report the flaws?

--
"It's better to have a gun and not need it than need a gun and not have it." ~ Christian Slater, True Romance