| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Open source firm releases patch for IE spoofing flaw | |
|
||
| Time: 10:56 EST/15:56 GMT | News Source: E-Mail | Posted By: Robert Stein | ||
|
An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information. Openwares.org, a Vaunatian company, with branches in Israel, the US and France, released the patch and the source code for the same a couple of days back. The company has also set up two pages where users can test to see if they are vulnerable to the exploit, one a fake Microsoft Update example and the other an example of a fake PayPal site. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 148 Last | Next |
The time now is
3:23:43 AM
ET.
Any comment problems? E-mail us |
| #1 By 1989 (69.11.240.35) at 12/19/2003 11:09:36 AM |
| Don't know if it is true or not, but I read on Slashdot (I know...) that it really isn't a fix at all and contains a buffer overrun. |
| #2 By 19992 (164.214.4.61) at 12/19/2003 12:57:57 PM |
|
#2 If you don't trust them just download the source, view it yourself and if all is fine with it compile it and use it, if the code seems suspicious, don't use it.
Interesting that you deflect any mention of a problem with IE over to another program not mentioned anywhere in the article at all... This post was edited by happyguy on Friday, December 19, 2003 at 12:58. |
| #3 By 19992 (164.214.4.61) at 12/19/2003 1:28:43 PM |
|
#5 Yeah, it does look like it sends the addresses to openwares.org, but I haven't seen anything about a buffer overflow, can you site some sources on that?
He's not deflecting mention of the problem with IE. In fact, he mentioned the fact that there was a vulnerability, and that it's not as serious as openwares claims it is. True enough, I misworded my post, but parker does seem to be attempting to deflect attention away from the seriousness of the IE bug by involving a bug in a program that had absolutely nothing to do with this news article. |
| #4 By 12071 (203.217.24.43) at 12/21/2003 2:18:41 AM |
|
#16 Geez you whinge a lot! Would you like someone to re-write the patch in VB for you so that you can understand it? You're bitching that the patch is undocumented, there's really two things to say to that. First of all, if you know C++, then it's documented - the source code is simple enough to follow! Secondly, at least you have the source code (if you need it) to this patch, you have sweet jack all to the closed source program it patches.
Finally, at the time that you were busy posting your comment, v2 of the patch (including the source code) had already been released which fixed the buffer overflows and memory leaks that v1 had! That's not to say that v1 was good to be released - someone rushed in a bit too fast and they deserve everything they got for using strcpy!! |
|
Write Comment
Return to News |
Displaying 1 through 25 of 148 Last | Next |
The time now is
3:23:43 AM
ET.
Any comment problems? E-mail us |
