April 6th, 2006, 08:55 PM
New Phishing Flaw in Internet Explorer
I just read this on Slashdot, thought I would share.
Maybe not a pressing issue, but interesting anyway!
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
, The Art of War
April 6th, 2006, 09:26 PM
Strange, firefox throws up a different result each time for me - it will either just go straight to Google - and say google in the address bar - or it will go to secunia site - say google.com in the address bar for a second or two and then change to the correct URL and prompt me to D/L a .fla file.
What happens with y'all?
April 6th, 2006, 11:28 PM
Fully patched IE with XP home (patched) is vulnerable
secunias web site warning
and the address bar shows google
Your browser is vulnerable if the Address Bar displays "http://www.google.com/".
How people treat you is their karma- how you react is yours-Wayne Dyer
April 6th, 2006, 11:37 PM
Debian Sarge with KDE 3.5 (from backports.com) and Mozilla Firefox 126.96.36.199 is not vulnerable. Hmmmm.
But then, we knew that.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
April 7th, 2006, 05:51 AM
The url does look a bit off. A few %20 or %3 jumping in the bar but nothing to say its google or so.
April 7th, 2006, 08:41 AM
The test worked in my fully patched IE (WinXP pro NL) but the netcraft toolbar did show it as SECUNIA..
So antiphishing tools prove their worth..
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio
the best station for C64 Remixes !
April 7th, 2006, 10:37 AM
In answer to Nokia's question, I tried it with Firefox 1.07 and Win 2000 SP4 updated a few hours ago and it goes to Secunia every time.
April 7th, 2006, 01:46 PM
No probs with FF, but had to set the security level on IE to medium and mark prompt on the scripting options before it would go to the Secunia site....now I am okay....
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
April 7th, 2006, 10:06 PM
my default settings in this box all browsers .including IE..went to secunia...
It is your security settings.. Just tested on a clean installed system with ALL patches applied BUT default security setting .. and yes ie failed the test..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
April 9th, 2006, 05:09 AM
my bar in firefox took me to yahoo and said res2res is not a registered protocol
work it harder, make it better, do it faster, makes us stronger