On CNET: Keep your software up-to-date
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 47 of 52:
Next »
« Previous
IE Phishing Fix via Feature Removal is a Hoax
As a developer I was shocked to hear that an IE flaw where malicious web developer adds invalid characters to a URL thus causing an end user that does not know any better to go to a web site that is not the one they intended to go to, have anything to do with URL encoded logins?

In fact the ?Phishing flaw? (lets call it that) and the ability to encode a username and password in a URL is mutually exclusive of each other.

Allow me to prove it to you because talk is cheap. If you head over to my site http://www.jeremie.ca/test.html you see a link to Microsoft.com this link has been encoded to move you to another site but will display www.microsoft.com in the address bar if you did not apply the patch.


If you have applied the patch you can disable it by following the instructions at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q834489 or look up article Q834489 in Microsoft knowledge base.

Now head back to my site and you will see that clicking on that link no longer works even though you have disabled the patch!!!!

I?m not sure what Microsoft is up to, and I can only speculate but for the life of me I do not understand why every technology news site has not questioned MS about this so called patch.

I feel like screaming? ?You idiots! Microsoft fixed the problem but blamed something else!!!?

Davinci Jeremie
Posted by: Davinci_J   Posted on: 02/05/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

&itch..&itch...&itch  LinuxHippie | 02/04/04
Another way to say that  Chad_z | 02/04/04
here's a novell idea...  ryusen | 02/05/04
yea thats too bad  JoeMama_z | 02/04/04
when you use a browser  JWatson77 | 02/04/04
Whats your point?  rschror | 02/04/04
your pointless  stephen732@... | 02/04/04
Do a little research.  Immanuel Tranz-Mischen | 02/04/04
not until ms play fair  JWatson77 | 02/05/04
Please....  DarbyOhara | 02/05/04
I use Win2k pimple face  JWatson77 | 02/05/04
Umm...  TrollSlayer | 02/05/04
this was never a feature  JWatson77 | 02/04/04
Veeeeery Surprising  Bobby Sskcat | 02/04/04
This isn't the first time.  Immanuel Tranz-Mischen | 02/04/04
Thanks to wrong doers  Christian_<>< | 02/04/04
Message has been deleted.  Cardinal_Bill | 02/04/04
You left something out  vferrara | 02/05/04
So did you.  Immanuel Tranz-Mischen | 02/05/04
YOU left something out  B_HI | 02/11/04
Didn't fix a damned thing.  Yen_z | 02/04/04
Smiley Face got me.  Yen_z | 02/04/04
I tried out several of them  jfrankcarr | 02/04/04
MS putting ... security first (!)  michael-t | 02/04/04
What a stinkin' load...  TrollSlayer | 02/05/04
Addendum  TrollSlayer | 02/05/04
TrollSlayer??? More like Troll  PmAc_z | 02/05/04
Riiiiiiiiiiiiiggggggghhhhhtttt!  TrollSlayer | 02/05/04
Not quite...  wolf_z | 02/05/04
You are correct...  TrollSlayer | 02/05/04
One more thing!  TrollSlayer | 02/05/04
And another thing!  TrollSlayer | 02/05/04
We need a hero  BXLE | 02/05/04
Lazy developers  dscherf | 02/05/04
lazy  BXLE | 02/05/04
It was a jab  dscherf | 02/05/04
It is about time!  ShadeTree | 02/05/04
Really  russ@... | 02/05/04
What???  ShadeTree | 02/05/04
Flawed? Maybe...  Brett04_z | 02/05/04
Not exactly  MarcB_z | 02/05/04
Oh Well........  tslocum7 | 02/05/04
Security??????????????????????????  russ@... | 02/05/04
great - break (more) standards  bschlatzer@... | 02/05/04
IE Security Patch  Jaytmoon | 02/05/04
Stop Using IE! There Are Much Better Browsers Out There  brenthawkinsmd | 02/05/04
IE Phishing Fix via Feature Removal is a Hoax  Davinci_J | 02/05/04
Interesting  jfrankcarr | 02/06/04
Its Broke?  WillGates | 02/05/04
IE the best and only web-browser  Christian_<>< | 02/05/04
IE is crap.  Squire72 | 02/08/04
IE is no better actually  Aragorn_z | 02/09/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement