| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Powerful Flaw Found in IE | |
|
||
| Time: 18:12 EST/23:12 GMT | News Source: PC World | Posted By: Matthew Sabean | ||
|
A newly discovered vulnerability in Microsoft's Internet Explorer browser could be a powerful new tool for scammers, allowing them to convincingly mask the real origin of Web pages used to trick targets into revealing sensitive information.Attackers could use a specially crafted URL to display a different domain name in the address bar than the Web page's actual location. This practice is known as "spoofing." Spoofing is a favorite tactic of spammers hoping to con users out of passwords and other personal details with e-mails pretending to be from banks, e-commerce sites, software vendors, and other trusted institutions. The vulnerability afflicts several versions of Internet Explorer, including a fully patched edition of the software's latest release. Several other popular browsers, including Mozilla and Opera, are not affected and correctly display the actual location of sites taking advantage of the URL hack. Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch, a spokesperson says. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 317 Last | Next |
The time now is
12:36:16 PM
ET.
Any comment problems? E-mail us |
| #1 By 2332 (65.221.182.2) at 12/10/2003 10:57:00 PM |
|
Wow... that's a pretty nasty one. It would almost certainly get a lot of people... including me, probably.
Luckily, I haven't used IE for about 3 months now. (Aside from trips to Windows Update.) Go Firebird. :-) |
| #2 By 2332 (65.221.182.2) at 12/11/2003 1:10:57 AM |
|
Why would that bother you more than the IE one? How is it worse? In one scenario, it's very likely that users will be fooled into giving away very sensitive information. In the other scenario, there is the potential for a hacker to gain access to a machine which may or may not have sensitive information on it.
Both are bad. If anything, the IE one is worse because there is no workaround. If you use IE, you're vulnerable. Nothing you can do until MS patches. (And it will be at least a month until that happens since MS said there will be no critical patches in December.) At any rate, my Java is always disabled... and that's not a big deal since very few people use applets these days anyway. |
| #3 By 12071 (203.173.24.63) at 12/11/2003 8:51:46 AM |
|
#2 Words cannot describe how ignorant you are.
Let's see, if you: RUN JAVA: FireBird: You may be exploitable (depending on what JRE you have installed) Internet Explorer: You are exploitable by this very same bug AS well as the one this story is about AS well as all those outstanding exploits!!! DISABLE JAVA: FireBird: You are safe Internet Explorer: You are exploitable by the bug this story mentions. Do humor us here Parker, how is using Internet Explorer equivalent? It's not... you're just pulling at straws trying to show us that something else out there has a bug... good on you.. you really managed to get our attaention off this serious IE bug... umm, actually no you didn't! |
| #4 By 2332 (216.41.45.78) at 12/11/2003 11:43:02 AM |
|
#8 - The ability to destroy a PC or take it over completely is a much more dangerous bug than the minor issue with IE
Why? People who setup web sites took exploit the IE flaw are very likely to obtain credit card numbers, social security numbers, and plenty of other very private information. With this information, I can completely destroy your credit history. I can basically ruin your life for several years. With the Java flaw, I might be able to do that... depending on if the user has stored this information on their machine. Even if I "destroyed" your machine, at worst, that's a couple of days of rebuilding time. Maybe you lost some documents if you didn't have backups. Or for many users, it might be a hundred bucks to get a support agent to restore their machine. How exactly is the IE issue minor? Oh right ...I know I know. Micro$oft is the devil ... blah blah blah. Come on Parker. Don't be retarded. I'm one of the most staunch defenders of Microsoft. Christ, look at my web site! I've practically got an MS logo branded on my ass. That doesn't mean I'm going to downplay or try to shift focus away from an obviously bad bug. The difference between my defence of Microsoft and your's is that mine is based in reason, and your's is based in dogma. You're not helping. |
| #5 By 6859 (206.156.242.36) at 12/11/2003 11:57:41 AM |
|
Don't know why, exactly... but every exploit listed doesn't affect this system. The URLs match and there's no redirection. Must be one of the previous patches I have on here.
If any of you are so bored as to research (as I am not), here's the patches on this system: Version: 6.0.2800.1106 Cipher Strength: 128-bit Update Versions: SP1; Q328389; Q328970; Q324929; Q810847; Q813951; Q813489; Q330994; Q818529; Q822925; Q828750; Q813502; Q827667; Q826940; Q827057; Q824145 Windows 2000 SP4 |
| #6 By 2332 (216.41.45.78) at 12/11/2003 1:41:41 PM |
| Hmmm... interesting. I've got the latest and greatest patches as well, but the exploit works on my system. |
| #7 By 12071 (203.185.215.149) at 12/11/2003 9:54:08 PM |
|
#13 "Remeber it's an IE bug, not an OS level bug."
IE forms part of the OS - it's not a separate application. |
| #8 By 2332 (65.221.182.2) at 12/12/2003 1:00:05 AM |
|
#12 - I reason that a patch for this issue will be out by next month and anyone with Window Update turned on will be patched by the 15th of January.
What, exactly, does that have to do with the bug itself being less dangerous than the java bug? Does the fact that you have no argument about the actual bug forced you to start talking about how fast it well get patched? Nice try. I reason that there is no publicity for the Java exploit and that there is no patch management software that will update the exploitable java VM that is packaged with hundreds of applications. Ok, but that's completely beside the point. I notice that you only mention these factors after I showed how stupid your argument was. Again, nice try. I therefore reason that the java exploit will make Linux and Windows vulnerable for the life of most peoples PC's ... not just for the next 30 days. Again, that has nothing to do with the bug itself. I've always maintained that Windows is just as secure, if not more secure, than Linux. But again, you are trying to change your "reasoning" because your original argument is baloney, and you know it. I therefore reason that the java exploit is thousands of times more dangerous. A thousand times huh? Wow, your quantitative skills are astounding. And I finally reason that RMD is full of it ... Ah... that's what I was waiting for. The obligatory ad hominem attack at the end of an obviously weak argument. I'll throw one right back for fun: you have a weak mind. You fall back on dogma to avoid having to think for yourself. Escape this hole before you fall deeper into it. |
| #9 By 2332 (65.221.182.2) at 12/13/2003 4:08:08 AM |
|
#18 - Good job at ignoring the majority of my post. Nonetheless, I'll address yours.
To exploit the IE bug you have to convince someone to visit your website, and then not figure out it really isn't the website you really meant to go to and then try and log into the site with some information that you care about. A trivial task. It would take the better part of an hour to completely duplicate Amazon.com. I could then pay a few hundred dollars to get spammers to send out a billion e-mails that look like ads for Amazon.com. When the users enter their info I'll have tens of thousands of credit card numbers. The thing that makes this bug so dangerous is how easy it is for ANYBODY to exploit it. To exploit the java bug, you have to convince someone to visit your website and then you own their machine. Actually, there are several other factors to consider. First, they need java turned on. Not a big deal. Second, you would need to either find an existing exploit, or write your own. Writing your own is by no means a trivial task. Lastly, even if you "owned" their machine, there is no certainty that you would do any real damage. At worst, you could do the same as I could do with the URL bug. But more likely, you would delete some documents and force people to format their machine. Both are bad. But, again, the java one is not worse than the IE one. If anything, the fact that the IE URL bug is so incredibly trivial to exploit means that it will be exploited FAR more often than the java bug. It will therefore be more dangerous. Aren't you bright enough to notice the difference? Well... my IQ has been measured at between 135 and 145. I was valedictorian of my high school. I had a 3.97 GPA through 4 years of college, which I attended with a full scholarship. I'm a member of several honor societies, including Phi Beta Kappa and the National Honor Society. I was given many awards for academic excellence, including an Outstanding Undergraduate Scholar award and a Fulbright Scholarship. I'm soon starting classes at MIT for graduate school to study evolutionary biology. Oh, and my coworkers call me Cliff because I know so much random crap. (Cliff as in Cliff Klavin from Cheers.) What about you? Are you bright enough to know when you're wrong and just stop making yourself look stupid? |
| #11 By 3935593 (178.159.37.16) at 8/7/2021 7:11:58 AM |
|
generic viagra (sildenafil citrate) <a href=" http://viagracnd.com/# ">phone number for cheap viagras in fl</a> - generic viagra uk next day delivery
https://viagracnd.com/# over the counter viagra for sale next day generic viagra bwgqapn <a href=http://viagracnd.com/#>cheapest viagra online without prescription</a> real viagra for sale |
|
Write Comment
Return to News |
Displaying 1 through 25 of 317 Last | Next |
The time now is
12:36:16 PM
ET.
Any comment problems? E-mail us |
