Skip to main content

broadband - News - Update on the IE vulnerability

Some facts:
An update on the recently reported IE vulnerability that lets people create fake sites that look real and disguise their true address. You can see the bug in action using this hoax site: here (designed by us). If you are on IE, and visit the 'site', your Address bar will be wrong (say symantec.com). But your status bar, once in the page, may show something is bogus. If you don't believe it is not Symantec, click the privacy link at the bottom of the page.

You can also see a demo of faking a secure page with padlock and valid certificate (but not one from paypal): here.

Some facts about the vulnerability:
# Once at a fake site, only File..Properties will reveal a strange URL that does not agree with the Address bar.
# It appears that basically all windows MSIE versions are vulnerable.
# If you use MSIE 'enhancers' such as IRider, you may be protected from the problem.
# With java script enabled, it is trivial for the hoax site to modify the MSIE 'Status bar' to show whatever it wishes.
# Examples have been posted of mostly obscuring the tell-tale info in the IE status bar at the bottom, after you are on a hoax site, even with javascript (Active-Scripting) turned off. "

Comments

Post a Comment

Popular posts from this blog

georgelazenby: Rusomaniacal batshittery

Яџѕѕіаиѕ. Yes, I know that spells Ytdzdziais, don't bother me with details. If Тетяіѕ can do it, I can too. "We went up a short incline. This brought us to an ordinary glass door. We knocked. We waited. We waited. We noticed the doorbell. We rang. We waited. Eventually we grew bold and entered. This brought us into a narrow hallway that had all the indications of being nothing more than drywall, veneer and ceiling tile. We said 'Hello....?' No one answered our question. We proceeded down the hallway flanked by doors, unsure as to whether the desire not to surprise someone for the sake of politeness overrode the rudeness of opening a closed door. At an impasse, we kept walking down the hallway, not opening any doors. But, we rapidly became trapped, when we realized that the only way out of this hallway was to open a door. Because it seemed the least likely to be the entrance to an office, bathroom or weird eastern European slave dungeon, we chose the last door the h...
Post a Comment
Read more

New York Post Online Edition

news : "December 29, 2003 -- WASHINGTON - Startling new Army statistics show that strife-torn Baghdad - considered the most dangerous city in the world - now has a lower murder rate than New York. The newest numbers, released by the Army's 1st Infantry Division, reveal that over the past three months, murders and other crimes in Baghdad are decreasing dramatically and that in the month of October, there were fewer murders per capita there than the Big Apple, Chicago, Los Angeles and Washington, D.C. The Bush administration and outside experts are touting these new figures as a sign that, eight months after the fall of Saddam Hussein, major progress is starting to be made in the oft-criticized effort by the United States and coalition partners to restore order and rebuild Iraq. 'If these numbers are accurate, they show that the systems we put in place four months ago to develop a police force based on the principles of a free and democratic society are starting to ...
Post a Comment
Read more

Josh Nimoy @ ITP - BallDroppings

Josh Nimoy @ ITP - BallDroppings : "BallDroppings is an addicting and noisy play-toy. It can also be seen as an emergence game. My brother Marc takes this software seriously as an audio-visual performance instrument. Balls fall from the top of the screen and bounce off the lines you are drawing with the mouse. The balls make a percussive and melodic sound, whose pitch depends on how fast the ball is moving when it hits the line."
Post a Comment
Read more