New Spoofing Vulnerability in IE
Jimmy M. writes "A new vulnerability has been announced in Internet Explorer, also affecting XP SP2, which can very easily be exploited by a malicious web site to completely spoof the address bar. The vulnerability is very similar to another vulnerability disclosed just about a year ago called the '%00' vulnerability, which also was widely exploited by phishers. A demonstration is also available."
...people start banging on Firefox hard enough to expose vulnerabilities?
Or, is Mozilla just that good at plugging leaks before they happen?
What OSS has to do is release ads to TELL people how bad IE is
never mention your competitor in advertising
no such thing as bad publicity, people tend to forget the details but "brand reinforcement" still applies, if you have to mention your competitor then it implies your product wont/cant stand up on its own merits = you have LOST
just an anon advertising exec
Not only the existence of the bug, but Microsoft's attitude towards the last one like this.
From Microsoft Help & Support. "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself. By manually typing the URL in the address bar, you can verify the information that Internet Explorer uses to access the destination Web site. To do so, type the URL in the Address bar, and then press ENTER."
Just defeat the purpose of hyperlinks. Thanks MS!
Disable ActiveX and this wont work. This exploit depends on ActiveX to run.
Your hair look like poop, Bob! - Wanker.
In the NYT ad, they should've added every IE bug that's been discovered since Firefox was released. I mean they are probably the biggest contributors to FF's popularity.
"Plans are for fools! Oglethorpe, the plutonian (Aqua Teen Hunger Force)
Where I work, we have code reviews, automated code scrubbers, and extensize QA, and we're a relatively small shop compared to them.
I know they're trying, otherwise it would be a lot worse, and SP2 did a good bit to improve things, so I can't be that hard on them.
Jerry
http://www.syslog.org/
Customers and potential customers should complain to those banks and bill-pay services about these security problems.
I won't use a bank or financial service that requires IE.
Comparing your product to a specific competitor in a commercial suggests to the viewer that you are either neck and neck or more frequently that you're in the #2 position. If you are the actual market leader, or you want to be the leader, you *don't* want to send that kind of message.
Negatively advertising about your competitor (talking about why their product is bad, rather then why yours is good) is bad no matter what position in the market you're in. Instead of saying you're the underdog but people should try you out, you're saying your competitor is bad, so you're all that's left. People aren't interested in leftovers and those winning by default. If Firefox wants to successfully advertise, it should be talking about "faster browsing" without actually mentioning what it is being compared to, let alone naming Microsoft or IE.
And that boys and girls is why the basement dwelling me too fanatics who crowd around OSS are doing far more harm to OSS adoption then good. No business is going to suddenly switch to open source as long as "OMG M$ IS TEH SUX0RS!!!!!!!" is the message crowding out any intelligent and level headed promotion of true technical and cost superiority.
I trying Firefox currently. While it passed the test for this new attack, it vulnerable to at least one other attack described by Secunia: http://secunia.com/multiple_browsers_window_inject ion_vulnerability_test/
Anyone know the score? What is Firefox vulnerable to and when will it updated?
ShoutingMan.com