Slashdot Mirror


New IE Bug Hides Real Site Address

Norman at Davis writes "ZDNet is running a story on a new security flaw in Microsoft's Internet Explorer which could let hackers use a technique to display a false Web address on a fake site according to an advisory from the Danish security company Secunia. The Danes report that 'the vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.' PC World reports that 'Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch, a spokesperson says.' And for good measure, here's what Google news is covering on it right now."

10 of 683 comments (clear)

  1. Re:This bodes ill by glpierce · · Score: 5, Funny

    ...and Slashdot, where there are so many people trying to get you to look at goatse

    --
    G
  2. See also by lamery · · Score: 5, Funny

    http://www.microsoft.com/ie_advisory@%01goatse.cx

  3. That would explain a lot by Anonymous Coward · · Score: 5, Funny

    All that bizarre crap on the SCO website must actually be The Onion playing games...?

  4. Word from the Microsoft Information Minister by JavaSavant · · Score: 5, Funny

    There is no bug, and there will be no patches in December! We will reveal the vulnerabilities of the infidels and they shall tower over our own!

    I don't really get them sometimes, honestly. Is this sort of like their being a SARS outbreak in New York and the CDC saying that they won't look into it for a month?

  5. MicrowhocaresjustuseandOSOS by wud · · Score: 4, Funny

    'Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch

    lets just hope they release the patch on purpose this time

    --
    wud
  6. moderately critical by maharg · · Score: 3, Funny

    Secunia rated the vulnerability as "moderately critical."

    How long will it be before someone finds a "critically critical" uber-flaw.

    --

    $ strings FTP.EXE | grep Copyright
    @(#) Copyright (c) 1983 The Regents of the University of California.
  7. Re:Not patching this month...... by Pelorat · · Score: 5, Funny

    Actually, if they're going to break promises, that's a good one to start with.

  8. Re:Works fine on IE by maharg · · Score: 4, Funny

    mebbe someone spoofed your shortcut to point at Internet%20Explorer%01@Mozilla

    --

    $ strings FTP.EXE | grep Copyright
    @(#) Copyright (c) 1983 The Regents of the University of California.
  9. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  10. Patch Just Released! by BandwidthHog · · Score: 3, Funny

    Who says MS doesn't release patches faster than Linux?

    www.microsoft.com/ie/download%01@ftp.mozilla.org /p ub/mozilla.org/firebird/releases/0.7/MozillaFirebi rd-0.7-win32.zip

    --

    Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?