IE bug lets fake sites look real

***DeadAddict*** · December 11th, 2003, 12:31 AM

Microsoft on Tuesday said it was looking into reports of a potential bug in its Web browser that could help malicious hackers design convincing Web site spoofs.
to read more about it
http://zdnet.com.com/2100-1105_2-5119440.html

**Deimos326** · December 11th, 2003, 01:16 AM

yet another internet explorer bug

... Microsoft should just rewrite the whole browser, its such a piece of crap

**mandraketux** · December 11th, 2003, 01:43 AM

Originally posted here by Deimos326
yet another internet explorer bug ... Microsoft should just rewrite the whole browser, its such a piece of crap

They never wrote it in the first place. They re wrote another browser and named it IE.

**PoSer** · December 11th, 2003, 04:42 AM

if you want to avoid bugs in IE then you should try mozilla or opera both are great browsers that are less targeted than any thing micro$oft will ever put out.

**Sm0kinP0t** · December 16th, 2003, 05:01 PM

Anyone else sees the possiblities on this one? I can just see the complain@ebay.com mailbox filled with people claiming they did NOT choose to buy that expensive digi cam (Strangely, that happend exactly after they loged in ebay.com after being requested by email to do so :O ).

You can see a real time example from the guys at zapthedingbat (they discoverd it):
http://www.zapthedingbat.com/security/ex01/vun1.htm .

**Shaggy** · December 16th, 2003, 06:11 PM

Good post Dead Addict - this should get interesting. I can only imagine the extent that this will get exploited.

***Striek*** · December 16th, 2003, 07:04 PM

Sorry guys, but I'm with Microsoft on this one. This should have been reported directly to Microsoft so they could patch it without this ever becoming released into the wild and therefore a huge problem.

This moron is trying to make a political statement by explaining holes in Microsoft products. But to do that at the expense of an unknowing public is pathetic and arrogant. He is harming thousands of people merely to boost his own ego and take a swing at Microsoft.

Shame on him.

/edit
One more thing. Nobody but Microsoft has the source for IE. So what possible benefit could it be to release this exploit to anyone but them?
edit/

***phishphreek*** · December 17th, 2003, 06:21 AM

Wow... thats one hell of a bug.... I'm speechless...

Guess I'm going to have to go install mozilla on all my workstations now and restrict access to IE?
I'm tired of the fuc*in IE "bugs"!

Striek: I agree with you on this. (and on many other things) This is something that you don't let out. m$ should have a chance to patch something like this. This isn't some take over your machine vuln... this is a take over your bank account vuln!

***lumpyporridge*** · December 17th, 2003, 06:53 AM

"Microsoft did not set a timetable for its investigation, but said it MAY eventually release a patch to address the problem"
from zdnet article (emphasis mine)

ms has not had a very good rep for fixing bugs submitted to them , a few times people have gone public to force them to fix a problem. From the quote above it doesn't seem that they care too much. Nor does it increase my faith in them.

**valhallen** · December 17th, 2003, 07:43 AM

well not only did opera inform me that i was about to go to an address containg a password (thats what it assumes the bit before the @ is) but it displayed ::

http://www.microsoft.com@zaptheding.../ex01/vun2.htm

in the address bar - ahhh Opera how I love thee

but i do agree that this should have been given to m$ to fix first before going wild - but then again sometimes they have to be forced into action

v_Ln

Thread: IE bug lets fake sites look real

Thread Tools

Display

IE bug lets fake sites look real

Posting Permissions