Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Spoofing Vulnerability in IE

Posted by CowboyNeal on from the url-b-gone dept.

Jimmy M. writes "A new vulnerability has been announced in Internet Explorer, also affecting XP SP2, which can very easily be exploited by a malicious web site to completely spoof the address bar. The vulnerability is very similar to another vulnerability disclosed just about a year ago called the '%00' vulnerability, which also was widely exploited by phishers. A demonstration is also available."

22 of 372 comments (clear)

  1. Surprisingly, a patch is already out by Anonymous Coward · · Score: 5, Funny

    Get it here

    1. Re:Surprisingly, a patch is already out by Thaidog · · Score: 2, Funny

      Your comment karma forcast prediction:
      25 - funny
      35 - troll
      Damn that's a lot of lane switching...

      --

      ||| I still can't believe Parkay's not butter.

    2. Re:Surprisingly, a patch is already out by Anonymous Coward · · Score: 3, Funny

      My work just installed software that disallows net access from any browser other than IE.
      Brilliant.

  2. No browser bug will ever affect me by Anonymous Coward · · Score: 1, Funny

    I use wget and read the raw html in a text editor.

    1. Re:No browser bug will ever affect me by Anonymous Coward · · Score: 1, Funny

      I use wget and read the raw html in a text editor.

      Me too. You'd think there's way to much information to decode the internet. But you get used to it. I don't even see the code anymore. All I see is blonde, brunette, red-head....

    2. Re:No browser bug will ever affect me by Anonymous Coward · · Score: 1, Funny

      And I have one for you: "Fiction" :( )@==8

  3. Re:That's nothing! by Anonymous Coward · · Score: 1, Funny

    Apparently it's been patched.

  4. No way... a bug in IE? by MrDomino · · Score: 2, Funny

    Next, we'll be reading about studies showing that two hydrogen atoms and one oxygen atom form a clear, wet substance.

  5. No way! by RealProgrammer · · Score: 3, Funny

    This is not a reason to use Firefox - it's useless in Firefox.

    I just clicked the demo link using Firefox 1.0, and nothing happened at ... all. Oh.

    Never mind.

    --
    sigs, as if you care.
  6. Wine Help by anagama · · Score: 4, Funny

    I really want to try this but I have such problems getting stuff to run in wine.

    --
    What changed under Obama? Nothing Good
  7. Re:Safari by 12ahead · · Score: 3, Funny

    I just tried it with a potatoe peel. Nothing. ;) As it said.. IE. Secunia does test these things on other browsers and as they have shown in the past they are likely to come up with cross-browser exploits in the future.

  8. Re:Microsoft is so sweet by ticklemeozmo · · Score: 5, Funny

    What OSS has to do is release ads to TELL people how bad IE is, not how good Mozilla is alongside. SCARE people into realizing that their entire way of life is AT RISK if they continue to use IE.

    Or maybe a simple 5 color-coded chart!

    RED - Browsing with IE
    ORANGE - something witty
    YELLOW - something wittier
    GREEN - Browsing with Firefox
    BLUE - Unplugging your network cable

    Firefox(tm). The next safest thing to unplugging your network connection.

    --
    When modding "Informative", please make sure it both has a source and IS actually informative.
  9. Re:Yet another reason... by azuroff · · Score: 5, Funny

    So, to check a Hotmail message, I just need to manually type

    http://by2fd.bay2.hotmail.msn.com/cgi-bin/getmsg ?m sg=MSG1103631600.24&start=3248752&len=4735&imgsafe =n&curmbox=F000000001&a=b2cbfd3baddabfc913aacc3f36 f8590f

    in my address bar....

    Thanks, Microsoft! I needed to brush up on my typing skills.

  10. Nelson Says: by djdavetrouble · · Score: 3, Funny

    (with pointed finger) Ha-Ha

    --
    music lover since 1969
  11. Re:Microsoft is so sweet by OldManAndTheC++ · · Score: 5, Funny

    RED - Browsing with IE
    ORANGE - Giving your cat a bath
    YELLOW - Cooking bacon in the nude
    GREEN - Browsing with Firefox
    BLUE - Unplugging your network cable

    --
    Soylent Green is peoplicious!
  12. Re:Microsoft is so sweet by mobby_6kl · · Score: 1, Funny

    GREEN - Browsing with Firefox
    BLUE - Unplugging your network cable
    ULTRAVIOLET - Browsing with Opera

    Opera(tm). The next, from the other side, safest thing to unplugging your network connection.

  13. Maybe it would be easier... by allanc · · Score: 3, Funny

    ...if they just posted news announcing days when vulerabilities aren't found in IE.

    --AC

  14. Re:Microsoft is so sweet by Axem · · Score: 3, Funny

    So we should be saying "OMG LINUX IS 578% MORE 1337 THAN TEH LEADING MONOPOLY!!!!" ?

    --
    We all live in a #FFFF00 submarine...
  15. Re:Microsoft is so sweet by Michalson · · Score: 4, Funny

    Good start. The main issues are that "1337", and "monopoly" may be confusing to your average consumer (they'll have no idea what "1337" is, and will be confused about why you are comparing your product to a board game)

    A fundemental rule of marketing is that your commercials should be understandable by your entire demographic (sometimes ad campaigns will use "inside jokes" if the demographic they are targeting is tight enough, but it's still risky). By using special words or concepts only known or believed by a small number of people will mean you risk (or nearly guarantee) having your commercial coming across to your audiance like The Architect from The Matrix trying to sell them car insurance - ..concordantly the 5% saved through a 2 driver plan inexorably causes a diminution of the overall non-fault accident premiums. Ergo those signing up before January 1st will...

  16. Re:Yet another reason... by Anonymous Coward · · Score: 1, Funny

    > By manually typing the URL in the address bar, you can verify
    > the information that Internet Explorer uses to access the
    > destination Web site. To do so, type the URL in the Address
    > bar, and then press ENTER

    Ironically MS themself break this with their hotmail service. When going to a link from a Hotmail email, the link is converted to a hotmail link followed by a seekrit ID key a hundred lines long, just to show you the (possibly spoofed) page with that hotmail header on it.

    MS, You fail it!

  17. MSIE's clock. by rice_burners_suck · · Score: 5, Funny
    Let's put one of these chain emails to good use:

    Bill Gates died and went to heaven. As he stood in front of St.Peter at the Pearly Gates, he saw a huge wall of clocks behind him. He asked, "What are all those clocks?"

    St. Peter answered, "Those are Software Vulnerability Clocks. Every computer program on Earth has a Software Vulnerability Clock. Every time a program is compromised due to a bug in the code, the hands on that program's clock will move.

    "Oh," said Bill, "which clock is that?"

    "That's the UNICOS clock. The hands have never moved, indicating that it was never compromised by an attacker."

    "Incredible," said Bill. "And which clock is that one?"

    St. Peter responded, "That's the OpenBSD clock. The hands have moved twice, telling us that the "Only one remote hole in the default install, in more than 8 years!" was compromised only two times in this operating system's life."

    "Where's Internet Explorer's clock?" asked Bill.

    "That's in Jesus' office. He's using it to drive the generators, which provide power for our celestial copy of Las Vegas."

    1. Re: MSIE's clock. by zeylisse · · Score: 2, Funny

      Bill Gates died and went to heaven. As he stood..

      nice try ;)