The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

.NET Buzz Forum
Nasty new IE vulnerability

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Merill Fernando

Posts: 589
Nickname: merill
Registered: Sep, 2003

Merill Fernando is an MCSD in .NET and a Microsoft Certfied Trainer
Nasty new IE vulnerability Posted: Dec 11, 2003 7:59 AM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by Merill Fernando.
Original Post: Nasty new IE vulnerability
Feed Title: Merill Fernando's Blog
Feed URL: http://www.merill.net/blogxbrowsing.asmx/GetRss?
Feed Description: Merill is a Software Architect at Business Technology Alliance. Merilll is an MCSD in .NET and a Microsoft Certfied Trainer. In this feed he will be regularly posting on the challenges faced when migrating from a Microsoft DNA architecture to Microsoft .NET 		Latest .NET Buzz Posts
Latest .NET Buzz Posts by Merill Fernando
Latest Posts From Merill Fernando's Blog

Advertisement

Most people reading are probably aware of the common trick whereby spammers and other assorted ne'er-do-wells publish URLs with usernames that look like hostnames to fool people in to trusting a malicious site - for example, http://www.microsoft.com&session%123123123@simon.incutio.com. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com.

Today's new Internet Explorer vulnerability makes the problem a hundred times worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch for a while either; the guy who discovered the bug released it to BugTraq on the same day he notified the vendor.


[Simon Willison's Weblog]

Read: Nasty new IE vulnerability

Topic: Excellent tip to parse some controls in a Datagrid Previous Topic   Next Topic Topic: Reset Local or Domain Admin Passwords
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use