Skip to main content

broadband - News - Update on the IE vulnerability

Some facts:
An update on the recently reported IE vulnerability that lets people create fake sites that look real and disguise their true address. You can see the bug in action using this hoax site: here (designed by us). If you are on IE, and visit the 'site', your Address bar will be wrong (say symantec.com). But your status bar, once in the page, may show something is bogus. If you don't believe it is not Symantec, click the privacy link at the bottom of the page.

You can also see a demo of faking a secure page with padlock and valid certificate (but not one from paypal): here.

Some facts about the vulnerability:
# Once at a fake site, only File..Properties will reveal a strange URL that does not agree with the Address bar.
# It appears that basically all windows MSIE versions are vulnerable.
# If you use MSIE 'enhancers' such as IRider, you may be protected from the problem.
# With java script enabled, it is trivial for the hoax site to modify the MSIE 'Status bar' to show whatever it wishes.
# Examples have been posted of mostly obscuring the tell-tale info in the IE status bar at the bottom, after you are on a hoax site, even with javascript (Active-Scripting) turned off. "

Comments

Post a Comment

Popular posts from this blog

New York Post Online Edition

news : "December 29, 2003 -- WASHINGTON - Startling new Army statistics show that strife-torn Baghdad - considered the most dangerous city in the world - now has a lower murder rate than New York. The newest numbers, released by the Army's 1st Infantry Division, reveal that over the past three months, murders and other crimes in Baghdad are decreasing dramatically and that in the month of October, there were fewer murders per capita there than the Big Apple, Chicago, Los Angeles and Washington, D.C. The Bush administration and outside experts are touting these new figures as a sign that, eight months after the fall of Saddam Hussein, major progress is starting to be made in the oft-criticized effort by the United States and coalition partners to restore order and rebuild Iraq. 'If these numbers are accurate, they show that the systems we put in place four months ago to develop a police force based on the principles of a free and democratic society are starting to
Post a Comment
Read more
Post a Comment
Read more
Forum: The fish that threatened national security : "At La Guardia we proceeded to security and the X-ray inspection point run by the Transportation Security Administration. I have learned by now that, post-9/11, a traveler is better off safe than sorry when proceeding through security. I wasn't prepared, however, for the TSA to stop me right at the entrance, proclaiming that no small pets, including fish, were permitted through security. I had, however, just received the blessing of the ticket agents at US Airways and pre-assured MJ's travels with Pittsburgh International Airport security weeks before our travel date. I tried to explain this to the screener who stood between me and the gates, but she would have none of it. I was led back to the US Airways ticket counter, stocking-footed and alone, where the agents reasserted that they did not see a problem for me to have a fish on board, properly packaged in plastic fish bag and secured with a rubber band as MJ was.
Post a Comment
Read more