Archive of the former Yahoo!Groups mailing list: Homebrew PCBs
Subject: Huge security holes in Internet Exploiter - way Off Topic but important
From: Steve Greenfield <alienrelics@...>
Date: 2004-01-30
For a crook, spoofing is simple if the end user is using Internet Exploiter. Thanks a lot, Sir Bill Gates. Didn't he just issue a press release that stressed how much more secure Microsoft software is than that stinky ol' Linux?
Look at the link just below this paragraph. Click on it. If you are using IE, the press says the URL will say http://www.citibank.com but you'll see it clearly is not.
http://www.citibank.com
That's how simple it is. All other browsers will show this as the location: http://www.citibank.com%01@...
Link to ZDNet article.
This bug was reported in December but is -still- not fixed. It allows a malicious website to fake the URL. So, for instance, you look at the Location bar and it sayshttps://www.amazon.com/blahbhal/order.html so you think you aresave, but you could really be athttp://www.screwyou.ru/scamthesuckers/stealcreditcards.html.
It gets worse, there's another big security hole in Microsoft Internet Explorer that has not been fixed yet:Link to Article
It means someone can make a link to an executable (like a virus or worm) -look- like it's just a TXT, or PDF, or JPG, or anything else they want.
For those of you who may not be aware of this, there are alternatives to Microsoft's browser. Netscape, Opera, and Mozilla spring to mind. I run Netscape 7 and everything works fine. My wife cannot get into one online game site without Internet Explorer, but that may be because every other browser but Internet Explorer blocks the site's spyware!
And use common sense when you receive an attachment, link, or eCard. Worms and viruses fake return emails, so just because it seems to come from a friend doesn't mean it did. I've received many emails supposedly from me! Opening an unexpected attachment, as one pundit put it, is like chewing on a urinal cake. Don't be surprised if you catch something!
Steve Greenfield, posting in HTML to illustrate a point
---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
[Non-text portions of this message have been removed]