| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft looks into Web-spoofing bug | |
|
||
| Time: 12:16 EST/17:16 GMT | News Source: E-Mail | Posted By: Todd Richardson | ||
|
Microsoft says it is investigating reports of a potential problem in its ubiquitous Web browser software that could allow hackers to create convincing spoofs of Web sites. The bug was reported by Secunia, a security company, and could allow hackers to display a false Web address on a fake site, making it easier for hackers to take advantage of fake "Web fronts" that purport to be a major commerce-driven site like eBay or PayPal, but actually are designed by the hacker to capture user names, passwords and financial information. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 323 Last | Next |
The time now is
7:22:40 AM
ET.
Any comment problems? E-mail us |
| #1 By 3339 (64.160.58.135) at 12/15/2003 1:40:54 PM |
|
That's pretty retarded and useless advice.
I type in: http://www.microsoft.com No slash loads. Microsoft's spoofed? I type in http://www.yahoo.com. The slash loads. I browse a page or two... I delete the address back down to http://www.yahoo.com ... Click refresh, no slash loads. Is Yahoo spoofed? A slash is not indicative by any means of whether or not a site is spoofed or not. |
| #2 By 3339 (64.160.58.135) at 12/15/2003 2:01:30 PM |
|
stu, it's you who is not reading. I said that I can type in microsoft's address, and not get a slash, it is not spoofed.
I said yahoo will load a slash but it is easy to get to a point where it won't show a slash. It is not spoofed. I am not assuming people type the protocol prefix at all, I am assuming people edit their address bar. It is not good advice at all because it is inaccurate. I can get virtually any site to display without a slash a number of different ways. Why the fck would I assume ALL sites are spoofed? For this to be useful in the slightest bit (and it's not), the slash would have to display at all times for all legitimate sites (and it doesn't... the behavior of the slash is actually rather unpredictable) and the slash would only not be displayed for spoofed sites (which is not true either). In other words, a slash or not does not tell you at all whether or not the site is spoofed. This post was edited by sodajerk on Monday, December 15, 2003 at 14:10. |
| #3 By 116 (24.173.79.86) at 12/15/2003 2:19:46 PM |
|
I've known about this for a while. I 've used this to play gags on friends like sending them to dictionary.com to look up retarded and view a website I created with their picture in it. You can tell a spoofed site by the @ sign. Its pretty easy. I didn't ever consider it to be a security vulnerability but the more I thought about it the more I saw how yeah this is a problem. Some folks don't understand how the web works or IE for that matter and could divulge all of their bank details if the ruse was properly executed. This will get fixed and I will have to find a new way to play tricks on my friends.
Peace, RA |
| #4 By 6859 (206.156.242.36) at 12/15/2003 2:24:17 PM |
|
I think this is more of an annoyance than anything else. They'll fix it and then the Slashdot crowd will have to find something new to complain about....
It's not that big of a deal. Plus you can do an end run around it by right-clickin on the link and select "Open in New Window..." |
| #5 By 61 (65.32.171.138) at 12/15/2003 2:30:16 PM |
| soda: You are not going to be typing in a spoofed site, that's the whole point. You are going to go to a spoofed site via a link, in which case IE will add the slash for a non-spoofed site. |
| #6 By 2960 (156.80.64.137) at 12/15/2003 2:34:56 PM |
|
I've seen ligitimate sites show up without the slash as well.
TL |
| #7 By 3339 (64.160.58.135) at 12/15/2003 2:36:06 PM |
|
CPU, my point is there is no way to predict what a user's behavior is. Most of the sites stored in my address bar do not display slashes. So if I go to a site via a link and it doesn't have a slash, why would I think it any different from 50% of all other sites I visit.
Recommending people look for slashes which may or may not appear anyway, asking everyone to right-click through links to new windows. These are not solutions. These hardly even mitigate the problem. |
| #8 By 135 (208.186.90.91) at 12/15/2003 2:47:15 PM |
|
He's not soda! I am! He's Jerky Boy! GET IT RIGHT! :)
This is a problem, not a major one, but a problem nonetheless. It'll be pretty easy to fix as it's only showing up in the address display. If you right click and do properties it has the right address. |
| #9 By 3339 (64.160.58.135) at 12/15/2003 7:48:46 PM |
| This comment has been removed due to a violation of the Active Network Terms of Use. |
| #10 By 3339 (64.160.58.135) at 12/15/2003 7:48:55 PM |
|
double post This post was edited by sodajerk on Monday, December 15, 2003 at 19:50. |
| #11 By 3339 (64.160.58.135) at 12/15/2003 8:50:52 PM |
| This comment has been removed due to a violation of the Active Network Terms of Use. |
| #12 By 20 (67.9.179.51) at 12/15/2003 11:08:13 PM |
|
soda, dude, really. Just because you use ! instead of i doesn't make your statements any less offensive.
I was going to null your f-k comment above, but since it's buried in the post I'll let it slide this once. One of the other staffers may nuke it though, so don't thank me. Also, as far as the story, it's important to note that other browsers are also affected. Mozilla to a large extent, Opera is only barely affected, but not as bad as the others. |
| #13 By 2332 (216.41.45.78) at 12/16/2003 3:08:11 PM |
|
Let me plea with everybody one more time... try out Firebird. It's a really great browser, and is too obscure to have any well known security exploits yet.
On second thought... don't use it! :-) |
|
Write Comment
Return to News |
Displaying 1 through 25 of 323 Last | Next |
The time now is
7:22:40 AM
ET.
Any comment problems? E-mail us |
