- TalkBack 28 of 52:
- Next »
- « Previous
- Thread View
- Flat View
- Riiiiiiiiiiiiiggggggghhhhhtttt!
-
Let's take a look, shall we?
Put a link like this phishing scam URI into any other browser, and you get:
http://yourinfo.respectablecompany.com@stealyourinfo.net
The feature to allow "user : pass" between the htt:// and the @web.com parts also allow any text to be placed there as well. If the @web.com site does not need the login info or the login info is invalid - as in the case above with "yourinfo.respectablecompany.com", the extra info is ignored.
Granted, not the best idea in the world, but for sites that have standard http authentication type logins where security doesn't matter, and for FTP sites that allow annonymous login, this is ok.
Now we plug that same url into a Microsoft browser, and all that is displayed in the address bar is:
http://yourinfo.respectablecompany.com
The bug in IE truncates the @ symbol and everything thereafter, so if you clicked on a phishing link and checked the address bar to see if you were where you thought you were, the bug in IE obfuscates the real url you clicked on, making you think you are where you are not.
Oh, and name one browser (besided IE now) that does not support this standard url encoding feature. Go ahead... I'll wait...
Obviously you are not anywhere near technical or knowledgable enough to post here, you're just looking to get some attention. Go home.
Oh - and decent programmers use the feature where appropriate. Any feature can be missused in an insecure way - it's up to the web developer to be good enough to know when and how to use them so security is not an issue. MS seems to think we're not smart enough out here to use this particular feature appropriately. Well, that and they can't seem to (or don't want to) fix their own flaw... - Posted by: TrollSlayer Posted on: 02/05/04 You are currently: a Guest | Members login | Terms of Use
&itch..&itch...&itch
LinuxHippie | 02/04/04
|
Another way to say that
Chad_z | 02/04/04
|
here's a novell idea...
ryusen | 02/05/04
|
|
yea thats too bad
JoeMama_z | 02/04/04
|
|
when you use a browser
JWatson77 | 02/04/04
|
|
Whats your point?
rschror | 02/04/04
|
your pointless
stephen732@... | 02/04/04
|
|
Do a little research.
Immanuel Tranz-Mischen | 02/04/04
|
|
not until ms play fair
JWatson77 | 02/05/04
|
|
Please....
DarbyOhara | 02/05/04
|
|
I use Win2k pimple face
JWatson77 | 02/05/04
|
|
Umm...
TrollSlayer | 02/05/04
|
|
this was never a feature
JWatson77 | 02/04/04
|
|
Veeeeery Surprising
Bobby Sskcat | 02/04/04
|
|
This isn't the first time.
Immanuel Tranz-Mischen | 02/04/04
|
|
Thanks to wrong doers
Christian_<>< | 02/04/04
|
|
Message has been deleted.
Cardinal_Bill | 02/04/04
|
|
You left something out
vferrara | 02/05/04
|
|
So did you.
Immanuel Tranz-Mischen | 02/05/04
|
|
YOU left something out
B_HI | 02/11/04
|
|
Didn't fix a damned thing.
Yen_z | 02/04/04
|
|
Smiley Face got me.
Yen_z | 02/04/04
|
|
I tried out several of them
jfrankcarr | 02/04/04
|
|
MS putting ... security first (!)
michael-t | 02/04/04
|
|
What a stinkin' load...
TrollSlayer | 02/05/04
|
|
Addendum
TrollSlayer | 02/05/04
|
|
TrollSlayer??? More like Troll
PmAc_z | 02/05/04
|
|
Riiiiiiiiiiiiiggggggghhhhhtttt!
TrollSlayer | 02/05/04
|
|
Not quite...
wolf_z | 02/05/04
|
|
You are correct...
TrollSlayer | 02/05/04
|
|
One more thing!
TrollSlayer | 02/05/04
|
|
And another thing!
TrollSlayer | 02/05/04
|
|
We need a hero
BXLE | 02/05/04
|
|
Lazy developers
dscherf | 02/05/04
|
|
lazy
BXLE | 02/05/04
|
|
It was a jab
dscherf | 02/05/04
|
|
It is about time!
ShadeTree | 02/05/04
|
|
Really
russ@... | 02/05/04
|
|
What???
ShadeTree | 02/05/04
|
|
Flawed? Maybe...
Brett04_z | 02/05/04
|
|
Not exactly
MarcB_z | 02/05/04
|
|
Oh Well........
tslocum7 | 02/05/04
|
|
Security??????????????????????????
russ@... | 02/05/04
|
|
great - break (more) standards
bschlatzer@... | 02/05/04
|
|
IE Security Patch
Jaytmoon | 02/05/04
|
|
Stop Using IE! There Are Much Better Browsers Out There
brenthawkinsmd | 02/05/04
|
|
IE Phishing Fix via Feature Removal is a Hoax
Davinci_J | 02/05/04
|
|
Interesting
jfrankcarr | 02/06/04
|
|
Its Broke?
WillGates | 02/05/04
|
|
IE the best and only web-browser
Christian_<>< | 02/05/04
|
|
IE is crap.
Squire72 | 02/08/04
|
|
IE is no better actually
Aragorn_z | 02/09/04
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
- Building the Virtualized Enterprise with VMware Infrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
Enterprise Applications
- Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
- New Online Dashboard
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
