View Full Version : Internet Explorer address bar spoofing vulnerability
eclectica
2003-12-20, 04:14
On December 9th, Microsoft identified a security vulnerability (http://support.microsoft.com/?id=833786) in Internet Explorer. The vulernability allows a false address to be displayed in the address bar, so that one could be on a spoofed website without realizing it. Microsoft has not released a patch for it yet.
Since December 15th, a site called Openwares.org has been offering a patch of its own, and some people have been eager to download (http://www.openwares.org/index.php?option=com_remository&Itemid=&func=fileinfo&parent=folder&filecatid=17) it rather than wait for Microsoft to release a patch.
According to an article (http://www.theregister.co.uk/content/55/34618.html) released in The Register today, the patch that Openwares.org has released has several problems and vulnerabilities of its own that are worse than the problem it is supposed to fix.
The moral of the story is that it is safer to go without the security patch, than to trust an unknown third party to do an unofficial patch for you.
eclectica
2003-12-23, 02:10
According to a CNET article (http://news.com.com/2100-1002_3-5130708.html), openwares.org fixed their original patch and released a good one on Saturday December 20.
Criminal_Sniper
2004-01-02, 13:18
makes ya just want to sue microsoft
faster browsing?
even netscape is faster
not to mention opera and mozilla the best two
as well as some linux ones but mozilla is king there too for me
second thing i hate is home networking in xp home
now it says it works better
it would be very lucky if it works at all
i think we sue them for all of thier money and use it to make linux a bit better
this is just another problem
we have been sick of this for how long?
now if i could play mp3's in red hat (or if winex was better) at all windows would be almost useless
eclectica
2004-01-02, 17:17
Originally posted by Criminal_Sniper
now if i could play mp3's in red hat (or if winex was better) at all windows would be almost useless
I haven't gotten into Linux yet, but I'm hoping this year to check it out. I'm actually waiting for my laptop networking classes to be over so that I can format the hard drive and give it a go. Or perhaps my 6-year-old p2p rig running Windows Millennium, which I have been running nonstop for the last year, will break down sooner and I will buy a new computer (http://www.walmart.com/catalog/product.gsp?product_id=2293918&cat=96356&type=19&dept=3944) with Lindows installed from Walmart for only $200.
To me, the one that looks good for Linux distribution is Debian (http://www.debian.org/CD/vendors/), in which you can get a 7-CD set for like $15.
You mention Red Hat, and not being able to play mp3s on Linux, but I wasn't aware that Linux would have a problem playing mp3s. I know that the mp3 is not truly open source the way the ogg file is. I did some quick research on playing mp3s in Linux and I found that XMMS (http://www.xmms.org/download.php) is what you're looking for.
assorted
2004-02-05, 16:34
Here's a practical and fun application of this vulnerability I just did here:
http://www.freemichael.org/archives/000120.html
Its' more fun if you're not patched, but even if you are you'll get the idea.
eclectica
2004-02-05, 17:43
this:
http://www.mjnews.us%2Farchives%00@freemichael.org/mjnews/
http://www.mjnews.us%2Farchives%00@freemichael.org/mjnews/
shows up at this on the address bar:
http://www.mjnews.us/archives
http://www.mjnews.us/archives
Criminal_Sniper
2004-02-08, 13:47
ive got mp3;s working
but only under root
i have no permission in my account even though they are set
linux they say is not for newbies
but its so damn bad i dont know who could use it without being a vet
vBulletin® v3.8.3, Copyright ©2000-2010, Jelsoft Enterprises Ltd.