Slashdot Mirror
New IE Bug Hides Real Site Address
Norman at Davis writes "ZDNet is running a story on a new security flaw in Microsoft's Internet Explorer which could let hackers use a technique to display a false Web address on a fake site according to an advisory from the Danish security company Secunia. The Danes report that 'the vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.' PC World reports that 'Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch, a spokesperson says.' And for good measure, here's what Google news is covering on it right now."
...and Slashdot, where there are so many people trying to get you to look at goatse
G
http://www.microsoft.com/ie_advisory@%01goatse.cx
All that bizarre crap on the SCO website must actually be The Onion playing games...?
There is no bug, and there will be no patches in December! We will reveal the vulnerabilities of the infidels and they shall tower over our own!
I don't really get them sometimes, honestly. Is this sort of like their being a SARS outbreak in New York and the CDC saying that they won't look into it for a month?
'Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch
lets just hope they release the patch on purpose this time
wud
Secunia rated the vulnerability as "moderately critical."
How long will it be before someone finds a "critically critical" uber-flaw.
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
Actually, if they're going to break promises, that's a good one to start with.
As if anyone actually *trusts* their DNS server. HA!
yes, remove the free preinstalled browser completly, THEN download something else, are you going to teach my mom to use ftp.exe to get to mozilla.org for me, because i sure as hell ain't.
But I can't get it to work in Mozilla.
So how do I know it's real?
The opposite of progress is congress
Its Microsoft, we'll get the update on January 1 --- give people plenty of time to deploy the bug....
The views expressed are mine own and do not express the views of my employer.
That's pretty elite - can you post your config files on how to do that?
mebbe someone spoofed your shortcut to point at Internet%20Explorer%01@Mozilla
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
>Why people keep on using Internet Explorer is a mystery to me
Well then I guess most things are a mystery to you buddy!
Comment removed based on user account deletion
Yet again the grand tradition of
So
Happy
It's
Thursday
is upheld by Microsoft security bugs.
And of course, now that Microsoft is releasing patches on Tuesday, we also have
So
Happy
It's
Tuesday
as well.
Kudos to Microsoft!
www.eFax.com are spammers
Now go away, you are taking up the space of the Microsoft apologists and I can use a good laugh.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
It would be possible (trivial?) to put a feature in our favourite open source browser to give a security warning when you visit such a URL.
Why would you do that, since only IE is affected. It would be like Open Office popping up a window saying: "If this were MS Office you'd be infected by a VBR virus." While I agree that such a site would be suspicious, such a feature would add no functionality to the browser.
From now on this is the link I give my friends to download IE from: http://www.microsoft.com/internetexplorer/%01@mozi lla.org
I do. My company's DNS server is great.
It's a Windows XP server and it works almost everyday. Because it's not up all the time means my staff gets more done because they're not surfing the web on those 'off' days. Also because it's actually off more than on it must be more resistant to viruses: after all one cannot infect a machine that's not running! Oh, I'm happy with my DNS server.
Hang on, I just need to submit this bid before it closes.
There I now have a brand new in the box Lamborghini for only $258.79: this eBay stuff is great.
I feel sorry for you guys out there that don't run Windows servers.
When it comes to security, there is no one in Redmond that can even spell the word! Once you understand that all the problems are easy to understand.
Professional Politicians are not the solution, they ARE the problem.
Man and people say Slashdot users don't have a sense of humor .... oh wait.
Why patch??? This is CLEARLY a feature!
Find coupons in Greeley
yeah.. Click Here to Perform Test!
No this bodes ill for IE users. Intelligent people should be OK. Think of it as Darwinianism in action.
umm, where do you want to go today?
Who says MS doesn't release patches faster than Linux?
g /p ub/mozilla.org/firebird/releases/0.7/MozillaFirebi rd-0.7-win32.zip
www.microsoft.com/ie/download%01@ftp.mozilla.or
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
They have a totally different codebase - Microsoft just made use of a name with high brand recognition.
That's funny. I erased IE that day I bought my G4 because of its "High Brand Recognition".
check this posted to Full-Disclosure:
http://petard.freeshell.org/ms-announce.html
(be sure to use IE)
Microsoft Patching Condom - InternetNews.com
Squinting closely at my monitor I see it actually says:
"Microsoft's Patching Conundrum"
I really need to get new glasses.