 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
Microsoft looks into Web-spoofing bug | |
|
||
| Time: 12:16 EST/17:16 GMT | News Source: E-Mail | Posted By: Todd Richardson | ||
|
Microsoft says it is investigating reports of a potential problem in its ubiquitous Web browser software that could allow hackers to create convincing spoofs of Web sites. The bug was reported by Secunia, a security company, and could allow hackers to display a false Web address on a fake site, making it easier for hackers to take advantage of fake "Web fronts" that purport to be a major commerce-driven site like eBay or PayPal, but actually are designed by the hacker to capture user names, passwords and financial information. |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 13 of 13 |
This is an archived static copy of ActiveWin.com. |
| #2 By 3339 (64.160.58.135) at Monday, December 15, 2003 02:01:30 PM |
|
stu, it's you who is not reading. I said that I can type in microsoft's address, and not get a slash, it is not spoofed.
I said yahoo will load a slash but it is easy to get to a point where it won't show a slash. It is not spoofed. I am not assuming people type the protocol prefix at all, I am assuming people edit their address bar. It is not good advice at all because it is inaccurate. I can get virtually any site to display without a slash a number of different ways. Why the fck would I assume ALL sites are spoofed? For this to be useful in the slightest bit (and it's not), the slash would have to display at all times for all legitimate sites (and it doesn't... the behavior of the slash is actually rather unpredictable) and the slash would only not be displayed for spoofed sites (which is not true either). In other words, a slash or not does not tell you at all whether or not the site is spoofed. This post was edited by sodajerk on Monday, December 15, 2003 at 14:10. |
| #3 By 116 (24.173.79.86) at Monday, December 15, 2003 02:19:46 PM |
|
I've known about this for a while. I 've used this to play gags on friends like sending them to dictionary.com to look up retarded and view a website I created with their picture in it. You can tell a spoofed site by the @ sign. Its pretty easy. I didn't ever consider it to be a security vulnerability but the more I thought about it the more I saw how yeah this is a problem. Some folks don't understand how the web works or IE for that matter and could divulge all of their bank details if the ruse was properly executed. This will get fixed and I will have to find a new way to play tricks on my friends.
Peace, RA |
| #4 By 6859 (206.156.242.36) at Monday, December 15, 2003 02:24:17 PM |
|
I think this is more of an annoyance than anything else. They'll fix it and then the Slashdot crowd will have to find something new to complain about....
It's not that big of a deal. Plus you can do an end run around it by right-clickin on the link and select "Open in New Window..." |
| #5 By 61 (65.32.171.138) at Monday, December 15, 2003 02:30:16 PM |
| soda: You are not going to be typing in a spoofed site, that's the whole point. You are going to go to a spoofed site via a link, in which case IE will add the slash for a non-spoofed site. |
| #6 By 2960 (156.80.64.137) at Monday, December 15, 2003 02:34:56 PM |
|
I've seen ligitimate sites show up without the slash as well.
TL |
| #7 By 3339 (64.160.58.135) at Monday, December 15, 2003 02:36:06 PM |
|
CPU, my point is there is no way to predict what a user's behavior is. Most of the sites stored in my address bar do not display slashes. So if I go to a site via a link and it doesn't have a slash, why would I think it any different from 50% of all other sites I visit.
Recommending people look for slashes which may or may not appear anyway, asking everyone to right-click through links to new windows. These are not solutions. These hardly even mitigate the problem. |
| #8 By 135 (208.186.90.91) at Monday, December 15, 2003 02:47:15 PM |
|
He's not soda! I am! He's Jerky Boy! GET IT RIGHT! :)
This is a problem, not a major one, but a problem nonetheless. It'll be pretty easy to fix as it's only showing up in the address display. If you right click and do properties it has the right address. |
| #9 By 3339 (64.160.58.135) at Monday, December 15, 2003 07:48:46 PM |
| This comment has been removed due to a violation of the Active Network Terms of Use. |
| #10 By 3339 (64.160.58.135) at Monday, December 15, 2003 07:48:55 PM |
|
double post This post was edited by sodajerk on Monday, December 15, 2003 at 19:50. |
| #11 By 3339 (64.160.58.135) at Monday, December 15, 2003 08:50:52 PM |
| This comment has been removed due to a violation of the Active Network Terms of Use. |
| #12 By 20 (67.9.179.51) at Monday, December 15, 2003 11:08:13 PM |
|
soda, dude, really. Just because you use ! instead of i doesn't make your statements any less offensive.
I was going to null your f-k comment above, but since it's buried in the post I'll let it slide this once. One of the other staffers may nuke it though, so don't thank me. Also, as far as the story, it's important to note that other browsers are also affected. Mozilla to a large extent, Opera is only barely affected, but not as bad as the others. |
| #13 By 2332 (216.41.45.78) at Tuesday, December 16, 2003 03:08:11 PM |
|
Let me plea with everybody one more time... try out Firebird. It's a really great browser, and is too obscure to have any well known security exploits yet.
On second thought... don't use it! :-) |
