Slashdot Mirror


New IE Bug Hides Real Site Address

Norman at Davis writes "ZDNet is running a story on a new security flaw in Microsoft's Internet Explorer which could let hackers use a technique to display a false Web address on a fake site according to an advisory from the Danish security company Secunia. The Danes report that 'the vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.' PC World reports that 'Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch, a spokesperson says.' And for good measure, here's what Google news is covering on it right now."

11 of 683 comments (clear)

  1. TERROFCUK by Anonymous Coward · · Score: -1, Troll
    Hello, Sir! My name is Abdullah Kumr, I am a terrorist.Please HELP ME KILL ALL AMERICANS!!! My father was on the first plane that crashed in the WTC.
    I get a boner every time CNN plays that tape.

    If you wish to help me in my quest for WORLD SLAVERY, please purchase a kalashnikov at your nearest kalashnikov store and HELP ME KILL ALL AMERICANS!!!

  2. Not just an IE bug... by dnaumov · · Score: -1, Troll

    This is not just an IE bug. The same bug also applies to Mozilla (including the latest 1.6 BETA) and Opera.

  3. Re:This bodes ill by Anonymous Coward · · Score: -1, Troll

    > for paypal where there are so many redirect scams.

    Only in a world where people are too stupid or lazy to type

    www.paypal.com

  4. Cool ! by BESTouff · · Score: -1, Troll

    Many more friends for the goatse man ...

  5. Re:This bodes ill by Anonymous Coward · · Score: -1, Troll

    or makes one ill

  6. How do you want to camouflage goatse today? by carcosa30 · · Score: -1, Troll

    It's great that Microsoft is so in touch with the needs of the Internet community. Who would have thought they'd understand us so thoroughly as to anticipate our needs to camouflage goatse and tubgirl?

    --
    Intolerance for ambiguity is the mark of the authoritarian personality.
  7. Re:Not patching this month...... by Anonymous Coward · · Score: -1, Troll

    Why would anyone want to use a substandard, like firebird, browswer for anything? I mean if the thing isn't rendering pages correctly kick it to the curb and use one that works.

    That is a big part of the problem. People using shit that don't work and then bitch'n about it. Fuck it people, use IE or Mozilla like the rest of us and get on with it.

  8. Re:This bodes ill by Anonymous Coward · · Score: -1, Troll
  9. Re:Similar IE bug by Anonymous Coward · · Score: -1, Troll
  10. Re:You can do it with pure HTML... by Anonymous Coward · · Score: -1, Troll

    Maybe if yout coded it correctly you could you incompetent stooge.

  11. IE is okay in Linux by turniponion · · Score: 0, Troll

    Firebird 0.6 is okay
    Konquerer 2.2.2 is okay

    But hey, look at this:

    Internet Explorer 5 (5.00.2314.1003) installed in Linux/Xandros using Crossover 1.3.1 was not fooled either. This maybe is only a problem for windo$e??

    I used the test link: http://www.zapthedingbat.com/security/ex01/vun1.ht m

    --
    -Turnip Onion --- Neither micro nor $oft. Linux is a fine tool.