Skip to main content

broadband - News - Update on the IE vulnerability

Some facts:
An update on the recently reported IE vulnerability that lets people create fake sites that look real and disguise their true address. You can see the bug in action using this hoax site: here (designed by us). If you are on IE, and visit the 'site', your Address bar will be wrong (say symantec.com). But your status bar, once in the page, may show something is bogus. If you don't believe it is not Symantec, click the privacy link at the bottom of the page.

You can also see a demo of faking a secure page with padlock and valid certificate (but not one from paypal): here.

Some facts about the vulnerability:
# Once at a fake site, only File..Properties will reveal a strange URL that does not agree with the Address bar.
# It appears that basically all windows MSIE versions are vulnerable.
# If you use MSIE 'enhancers' such as IRider, you may be protected from the problem.
# With java script enabled, it is trivial for the hoax site to modify the MSIE 'Status bar' to show whatever it wishes.
# Examples have been posted of mostly obscuring the tell-tale info in the IE status bar at the bottom, after you are on a hoax site, even with javascript (Active-Scripting) turned off. "

Comments

Post a Comment

Popular posts from this blog

New York Post Online Edition

news : "December 29, 2003 -- WASHINGTON - Startling new Army statistics show that strife-torn Baghdad - considered the most dangerous city in the world - now has a lower murder rate than New York. The newest numbers, released by the Army's 1st Infantry Division, reveal that over the past three months, murders and other crimes in Baghdad are decreasing dramatically and that in the month of October, there were fewer murders per capita there than the Big Apple, Chicago, Los Angeles and Washington, D.C. The Bush administration and outside experts are touting these new figures as a sign that, eight months after the fall of Saddam Hussein, major progress is starting to be made in the oft-criticized effort by the United States and coalition partners to restore order and rebuild Iraq. 'If these numbers are accurate, they show that the systems we put in place four months ago to develop a police force based on the principles of a free and democratic society are starting to
Post a Comment
Read more
Post a Comment
Read more

The Jodie Lane Project Responds to City Council Testimony

The Jodie Lane Project : New York, NY -- February 12, 2004. The City Council Transportation Committee held a hearing today to investigate the causes of Jodie S. Lane’s tragic electrocution death on January 16th. The testimony revealed a startling lack of oversight on the part of the Public Services Commission, charged with overseeing Con Edison’s compliance with the National Electric Safety Code, last revised in 1913. With only 5 inspectors at their disposal, the Public Services Commission relies entirely on Con Edison to report safety problems. Because Con Edison only reports incidents resulting in injury or death, the PSC was aware of only 15 shock incidents in the last 5 years. Con Edison has acknowledged that it actually received 539 reports of shock incidents in the same period, effectively admitting to misleading the PSC by an order of magnitude. It is not only this discrepancy that is alarming, but also the fact that the Public Services Commission, charged with ensuring
1 comment
Read more