Slashdot Mirror


New IE Bug Hides Real Site Address

Norman at Davis writes "ZDNet is running a story on a new security flaw in Microsoft's Internet Explorer which could let hackers use a technique to display a false Web address on a fake site according to an advisory from the Danish security company Secunia. The Danes report that 'the vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.' PC World reports that 'Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch, a spokesperson says.' And for good measure, here's what Google news is covering on it right now."

5 of 683 comments (clear)

  1. Was i... by Anonymous Coward · · Score: -1, Redundant

    Was i the only person that first thought of all the goatse.cx links? I wonder how many trolls will post just for the hell of it.

  2. Re:The example misuse by Blue+Stone · · Score: -1, Redundant

    It also doesn't affect the Avant, IE6 browser overlay.
    In the test using Avant, the full bogus address is displayed, however, instead of the "%01@" that Mozilla displays, a "|" -type character is displayed.
    For those attatched to using IE, Avant, or one of the alternatives, might be a useful alternative.

    --
    Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
  3. Re:Goddamn it! by acabrera · · Score: -1, Redundant

    This is an actual conversation I had last night. Friend: Hey Me: Yeah Friend: I downloaded some banbus vid and it's said XviD on it and I can't play it, what's the fuck is wrong? Me: You need the XviD codec. It's like divx but it's not Friend: So how do I play this shit Me: Download MPlayer OS X [waits a few minutes... ] Friend: It's only for Mac. Me: Ok, download Mplayer that doesn't say OS X on it [waits a few minutes...] Friend: What the fuck is a tar file Me: It's like zip Friend: Ok [waits a few more minutes] Friend: Where the fuck is the exe? Me: There is none, compile it Friend: What? Me: compile it Friend: Do I do that from the command line Me: Yeah [waits a few more minutes] Friend: "compile *.tar" doesn't do anything Me: Are you using XP? Friend: yeah. you built my fucking computer asshole Me: Oh yeah, that's right. You're fucked. No porn for you Friend: You knew this all this time didn't you Me: yeah Friend: dick!

  4. Re:Goddamn it! by acabrera · · Score: -1, Redundant

    This is an actual conversation I had last night.

    Friend: Hey
    Me: Yeah
    Friend: I downloaded some banbus vid and it's said XviD on it and I can't play it, what's the fuck is wrong?
    Me: You need the XviD codec. It's like divx but it's not
    Friend: So how do I play this shit
    Me: Download MPlayer OS X
    [waits a few minutes... ]
    Friend: It's only for Mac.
    Me: Ok, download Mplayer that doesn't say OS X on it
    [waits a few minutes...]
    Friend: What the fuck is a tar file
    Me: It's like zip
    Friend: Ok
    [waits a few more minutes]
    Friend: Where the fuck is the exe?
    Me: There is none, compile it
    Friend: What?
    Me: compile it
    Friend: Do I do that from the command line
    Me: Yeah
    [waits a few more minutes]
    Friend: "compile *.tar" doesn't do anything
    Me: Are you using XP?
    Friend: yeah. you built my fucking computer asshole
    Me: Oh yeah, that's right. You're fucked. No porn for you
    Friend: You knew this all this time didn't you
    Me: yeah
    Friend: dick!

  5. Re:Firebird fails in the status bar, sort of by TheDormouse · · Score: 0, Redundant
    Bull. Firebird shows the full bogus address in the location bar on my machine. This is not a problem on Firebird at all.

    Go to this site to test the vulnerability.