New IE Bug Hides Real Site Address

← Back to Stories (view on slashdot.org)

New IE Bug Hides Real Site Address

Posted by michael on Thursday December 11, 2003 @01:37AM from the can't-blame-the-user-for-this-one dept.

Norman at Davis writes "ZDNet is running a story on a new security flaw in Microsoft's Internet Explorer which could let hackers use a technique to display a false Web address on a fake site according to an advisory from the Danish security company Secunia. The Danes report that 'the vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.' PC World reports that 'Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch, a spokesperson says.' And for good measure, here's what Google news is covering on it right now."

5 of 683 comments (clear)

Min score:

Reason:

Sort:

coattails.net by Anonymous Coward · 2003-12-11 01:39 · Score: -1, Offtopic

revealed
In Soviet Russia... by -kertrats- · 2003-12-11 01:44 · Score: -1, Offtopic

Internet Explorer patches YOU!

--
The Braying and Neighing of Barnyard Animals Follows.
Re:Was i... by REBloomfield · 2003-12-11 01:49 · Score: -1, Offtopic

Doesn't work here, as Slashdot still pulls the [goatse.cx] bit from the end.
Re:Not patching this month...... by md81544 · 2003-12-11 02:11 · Score: -1, Offtopic

almost every site seems to render correctly with Gecko based browsers

Anyone else seeing that virtually EVERY site except Slashdot renders OK? I'm using Firebird 0.7 (on Linux) and sometimes when I refresh /. I get no text at all, other times text overlaps the sidebars. It all seems kind of random. Any kind souls got any suggestions / workarounds? It's kind of annoying. And YES I have tried Googling and searching /. to no avail :)
Mozilla's lack of common sense by Anonymous Coward · 2003-12-11 03:16 · Score: -1, Offtopic

why isnt this installer the most prominent thing on Mozilla's frontpage ? does anyone even understand marketing at Mozilla and the skill level of the average win32 user ?

"hey lets give the general public compressed zipfiles and let them figure it out and where to install it"

if developers want mozilla/phoenix to be popular they gotta make it really really easy to get installed by the average joe, they dont even know what a "zip" file is let alone extract and install it,create shortcuts etc etc they just want it easy

they could add an installer for Linux too so i can download a package, doubleclick it and it installed, no tar gz extracting and compiling so i have to have 5 copies of it over my drive just to install it

i know mozilla's developers are clever with code but when it comes to marketing and joe user usability it seems they even lack common sense