Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Phishing Flaw in Internet Explorer

Zonk posted more than 8 years ago | from the another-week-a-new-vulnerability dept.

274

JimmyM writes "Secunia reports on a new vulnerability in Internet Explorer. From the piece: 'This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.' According to several (german) media outlets this is already being exploited by phishing sites. Secunia has a test you can try to see if you are vulnerable."

cancel ×

274 comments

Sorry! There are no comments related to the filter you selected.

Why?? (2, Insightful)

liliafan (454080) | more than 8 years ago | (#15078147)

I know IE is supposed to still be the most popular web browser there is, but my site shows firefox is in much higher use (roughly 96%). But I guess that since over 97% of hits to my site have been from slashdot that isn't so unusual, I was suprised to see that 98% of visitors used windows.

Why are people still using IE, even the most uneducated users must have heard of alternative browsers by now. I am not specifically advocating any particular browser, I use firefox, but I have heard great reports about opera. Geez these days I would use lynx over IE (and quite often do). We hear about new vulnerabilities in IE all the time IE users get a clue.

Re:Why?? (5, Insightful)

LunaticTippy (872397) | more than 8 years ago | (#15078180)

I'll tell you why.

It's the default browser.

I make it a point to install firefox and remove all shortcuts to IE on any machine I have to fix, except for at work, where we have a couple of IE-only apps. (don't ask)

The average (I don't want to say idiot) user simply doesn't think or know about other browsers. We need to remember that the typical user doesn't live in "our" world.

Re:Why?? (1)

liliafan (454080) | more than 8 years ago | (#15078204)

I understand lack of user education but surely there is no one that hasn't at least heard of firefox by now, I mean if you have been on the web for more than a week you must have at least seen a link, there is news almost weekly on new IE vulnerabilities, when will the average user become educated and what more can us geeks do to push this?

Re:Why?? (4, Insightful)

LunaticTippy (872397) | more than 8 years ago | (#15078333)

I try to think of my mother as a typical user. She can just barely get around on a computer. I (and many of her friends and relatives) try to educate as best as we can, but it is slow. She still sends out chain letters, including the shergold one. She needed me to help her install flash to see a stupid website. I told her she could print out documents at kinko's and she showed up there with her files at home.

Things have improved over the years. There are many competent users now. But we can't get complacent. People bring their computers to work for me to fix. It's the same thing every time. These are typical users.

Re:Why?? (2, Insightful)

Cruian (947046) | more than 8 years ago | (#15078363)

Some people are used to Internet Explorer and its behavior. They can't get used to Firefox or similar browsers. I have tried to teach a few people to use Firefox, but they need the same lesson every time they sit down in front of it. Most of the alternate browsers have tabs, which seems to be the main cause for confusion that I have seen. Are there any alternate browsers that by default don't use tabs? I know you can get similar behavior with Firefox and probably others, but it is annoying to change preferences for just 10 minutes. We could try to give more in depth lessons on alternate browsers, and their benefits. Also, an index card with any differences from IE may prevent repeated lessons.

Re:Why?? (0)

Anonymous Coward | more than 8 years ago | (#15078209)

My guess (and this is probably only one possible factor), is that many people surf the web from their place of employment during the day. In alot of cases, their employers only allow internet explorer on their machines so that is why the statistics for browser traffic tend to (barely) favor internet explorer. I would be interested in seeing statistics comparing browser useage and time of day.

Re:Why?? (1)

liliafan (454080) | more than 8 years ago | (#15078331)

Hmmm good point, I may try and track that statistic.

Re:Why?? (3, Insightful)

ZachPruckowski (918562) | more than 8 years ago | (#15078249)

People keep IE because of two factors:

1) A lot of users only know how IE does things. It could be scary to have to deal with a different layout, or a different set of commands, or a different method of bookmarking or whatever.

2) They don't want to take the time. It takes like 10 minutes to download Firefox, then time to install, and then they have to set it as the default browser, and change shortcuts, and then get all their bookmarks and passwords and everything into Firefox, so it is honestly not a 3 minute process, more like 30 minutes, and more if you take into account getting the right extensions, like ad-block and flashblock and noscript

Fundamentally, the problem is that most users don't see computers as something to configure, they see it as a tool to use. They don't bother with the "Top 10 list for making Windows faster" because it requires registry edits or going deep into the preferences or something. They're not dumb, it's just that computers aren't their field, and they don't like the idea of spending an hour changing something.

Re:Why?? (4, Insightful)

ThinkFr33ly (902481) | more than 8 years ago | (#15078293)

You're missing the biggest factor.

Most people just don't care what browsering they're using. They just want to check their e-mail and go to myspace. It's as simple as that.

Many of the don't even know what a "browser" is. They call it "The Internet".

That's why people don't switch to Firefox.

Re:Why?? (1)

ZachPruckowski (918562) | more than 8 years ago | (#15078336)

The original poster claimed that people knew the difference between IE and Firefox. I gave him that assumption, which you are correct in disputing. I just like to argue on the grounds of "even if you're right, I still win" as a strategy. So even if everyone knows what FF is, my point still stands.

Re:Why?? (1)

liliafan (454080) | more than 8 years ago | (#15078507)

I agree with the points you make, I just find it so frustrating that people won't learn.

Re:Why?? (1)

E. Edward Grey (815075) | more than 8 years ago | (#15078402)

Oh, and also: most internal company websites are not standards-compliant and therefore require IE to display information correctly. Shit, I'm a VOIP guy and even Cisco's web applets don't work correctly unless you use IE.

Corporate Policy (3, Informative)

Valdrax (32670) | more than 8 years ago | (#15078277)

I have to use Explorer at work. A defect tracking system and a time tracking system at work both refuse connections from anything that doesn't identify itself as Explorer, and one of them (I can't remember which) doesn't work if you set up Firefox to pretend to be Explorer.

So, I use Avant -- a wrapper around Explorer that gives multiple tabs and can block ads & pop-ups. It seem invulnerable to this bug, incidentally. Supposedly Netscape 7 can use Explorer for certain websites and the Mozilla rendering engine for others, but I couldn't figure out how to get to work exactly how I wanted, so I punted. I've been pretty happy with Avant since then, but I prefer Firefox for home.

Re:Corporate Policy (1)

gnud (934243) | more than 8 years ago | (#15078508)

Supposedly Netscape 7 can use Explorer for certain websites and the Mozilla rendering engine for others[...]
IE Tab [mozilla.org] offers that functionanlity as a FF plugin.

Re:Corporate Policy (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15078532)

Maxthon, another IE shell, doesn't seem that vulnerable. With default settings, only the google page opened.
With AdHunter Disabled (namely the auto popup blocker bit) , 3 tabs opened: google, and moments later the two secunia pages.
Only after unticking 'Ignore window ID assignment' in Options did all 3 load in the same tab.

Test I can try? (5, Funny)

stunt_penguin (906223) | more than 8 years ago | (#15078164)

1. Look up in top left hand corner of browser.
2. If icon is a blue 'e' then you're vulnerable.

That is all.

/ms troll

Re:Test I can try? (2, Funny)

jammindice (786569) | more than 8 years ago | (#15078184)

Not even the beta IE 7 i have is working right, thank god firefox tested good, otherwise i might have to switch to lynx!!!

Re:Test I can try? (0)

Anonymous Coward | more than 8 years ago | (#15078490)

Interestingly enough, firefox flashed the google address - and Google's page - before going back to secunia. And Konqueror just went to www.google.com (default policy blocked the popup window from secunia)

Re:Test I can try? (0)

Anonymous Coward | more than 8 years ago | (#15078453)

This is an ironic topic.

Umm... (2, Funny)

atrader42 (687933) | more than 8 years ago | (#15078455)

When I run IE, the icon in the top left is an arrow pointing left...does that mean I'm ok and Paypal really does need me to confirm my account details several times a day?

Re:Umm... (1)

stunt_penguin (906223) | more than 8 years ago | (#15078505)

Absolutely, shopper. You may continue to enter personal information at will :o)

Flaw in IE.... Commence Circle Jerk..... (1)

kurt_ram (906111) | more than 8 years ago | (#15078165)

haha.. losers.

Just load Maxthon! (1)

KennyP (724304) | more than 8 years ago | (#15078169)

And IE doesn't have that flaw anymore.

My Address bar showed Google, and the page displayed was Google.

Done and done!

Visualize Whirled P.'s

Wonderful (0)

Anonymous Coward | more than 8 years ago | (#15078173)

This is great news. Now I have one more thing to show my firefox sceptics.

Here is somthing to show to Linux and Be skeptics. (0)

Anonymous Coward | more than 8 years ago | (#15078233)

I was looking for pictures of dandelions and found a picture of San Francisco Queer Long-hairs (a website on just that topic of frolicking adulterated men), whereas two of those weirdos have either a LINUX or a BeOS shirt: here [sfqueerlonghair.org] .

Say no to Quaker gOatse(s).

Bug fixed in IE7b2 (3, Informative)

LocalH (28506) | more than 8 years ago | (#15078177)

I just tested it in IE7b2 and got the correct results, showing the Secunia URL and not Google's.

Re:Bug fixed in IE7b2 (2, Informative)

Krach42 (227798) | more than 8 years ago | (#15078317)

I just checked in IE6, and I thought that the bug was gone, but it just turns out that if you don't stay in the window, it doesn't work. If the window loses focus, then the test will fail, even inside a vulnerable IE window.

I retested keeping focus in the window, and confirmed the bug.

Re:Bug fixed in IE7b2 (0)

Anonymous Coward | more than 8 years ago | (#15078449)

"The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (March edition). Other versions may also be affected."

http://secunia.com/advisories/19521/ [secunia.com]

In other news (0, Funny)

Anonymous Coward | more than 8 years ago | (#15078178)

Water is wet.

huh (0)

Anonymous Coward | more than 8 years ago | (#15078179)

this is not news..its bound to happen sooner or later..its IE

Does not work on IE 6.0.2800.1106 on Win2K (1)

fatboy (6851) | more than 8 years ago | (#15078187)

Is this a bug in XP or something?

Re:Does not work on IE 6.0.2800.1106 on Win2K (1)

Riddlefox (798679) | more than 8 years ago | (#15078226)

Just tested on IE 6.0.2900 ... on XP, and the flaw does not work. I see the Secunia site, with a Secunia address bar. Even have active scripting turned on.

Re:Does not work on IE 6.0.2800.1106 on Win2K (1)

110010001000 (697113) | more than 8 years ago | (#15078271)

This flaw works on 6.0.2800.1106 on Win2k for me.

It doesnt work in IE7 beta 2 though.

Re:Does not work on IE 6.0.2800.1106 on Win2K (1)

LunaticTippy (872397) | more than 8 years ago | (#15078404)

Bug works just fine on my XP2 IE IE 6.0.2800.2180. Glad I don't use IE, that's frickin scary.

Yes, it does: IE 6.0.2800.1106 on Win2K (1)

JasonKChapman (842766) | more than 8 years ago | (#15078389)

Is this a bug in XP or something?

It works on mine, and it's apparently the same version. IE 6.0.2800.1106 and Win2k. Since it's using Flash, it may be dependent on which Flash player version is installed.

Works in Win2k here (0)

Anonymous Coward | more than 8 years ago | (#15078536)

Works here, Win2k 5.00.2195, IE 6.0.2800.1106. I see Google.com in the address bar but the content is from Secunia.

Firefox (0)

Anonymous Coward | more than 8 years ago | (#15078188)

I just went there through Firefox (ver 1.5.0.1) and got the same result as if I went through IE. This doesn't sit well with me.

Re:Firefox (1)

ZachPruckowski (918562) | more than 8 years ago | (#15078304)

really? I just did it in a build optimized for my G4 on my iBook, and the google address came up for a second then went to the right Secunia web address, which is the correct behavior.

Deerpark G4, Mac OS 10.4.5 Had to disable noscript in order to do the test though. I did have adblock and flashblock still on.

Re:Firefox (1)

chill (34294) | more than 8 years ago | (#15078315)

I just went there through Firefox (ver 1.5.0.1) and got the same result as if I went through IE. This doesn't sit well with me.

Funny, I didn't. I did get an "open this with..." dialog for a Flash file, which I ignored, so that could be it.

Re:Firefox (1)

ZachPruckowski (918562) | more than 8 years ago | (#15078382)

I have the flash-player extension or something, so it gave a flash-icon (click to play) for a second, then switched to just the Secunia text, so either it auto-executed (annoying, but not troubling), or it didn't play the flash.

Re:Firefox (1)

ZachPruckowski (918562) | more than 8 years ago | (#15078400)

Further review indicates that the script opens Google, redirects or opens another secunia page, then goes to the test page with the text, and the intermediary page has some Flash on it, which displays a big red-on-grey "Secunia" sign.

Confirmed vulnerable (2, Funny)

paulproteus (112149) | more than 8 years ago | (#15078194)

I tested this attack in Internet Explorer 6 on Ubuntu 5.10 running the current Wine deb from winehq.

Re:Confirmed vulnerable (0)

Anonymous Coward | more than 8 years ago | (#15078234)

I use Mozilla normally but decided to try it with my copy of IE and it didn't work. IE6 w/ WinXP SP2, at least my copy, is not vulnerable.

Re:Confirmed vulnerable (1)

astrosmash (3561) | more than 8 years ago | (#15078285)

That's cute.

Re:Confirmed vulnerable (1)

JabberWokky (19442) | more than 8 years ago | (#15078500)

Heh. Same here, using the (k)Ubuntu current deb. The exploit works fine. It doesn't in Konqueror, for what it's worth.

I kind of which there was a way to change the location bar within the domain -- or at least give a dynamic "bookmark" url. That way AJAX and framed content could change the url based on what was being displayed so that the user could bookmark and come back to something inside the site.

--
Evan

IE versions (1)

cpearson (809811) | more than 8 years ago | (#15078198)

Which versions of IE does the flaw effect. No problem here with 6.0

Montana News RSS Reader [billingsbulletin.com]

Re:IE versions (1)

lifeisgreat (947143) | more than 8 years ago | (#15078228)

It didn't do anything to IE 5.0 either. I never bothered to update IE on this w2k box, it seems most new vulnerabilities are 6.x-specific.

Re:IE versions (1)

matth (22742) | more than 8 years ago | (#15078383)

I hope that was a joke, because if you didn't upgrade to IE 6.0+ you have no updates installed on your box!

Re:IE versions (1)

Reziac (43301) | more than 8 years ago | (#15078407)

At the Win2K tech info tour, M$ handed out an IE5 CD that they told us was the Win2K team's internal version, rewhacked to suit themselves. The exact version number is 5.00.2314.1003c. It seems to lack a lot of the problems and vulnerabilities seen in other versions.

At any rate, I just tested it, and it did display the correct address, tho it couldn't see any of the web page itself other than a whopping big "SECUNIA" banner.

I also tested Netscape 3.04 and Mozilla 1.5, and neither was vulnerable. NS3 did briefly show google.com in the address bar, but corrected itself before displaying the actual page. Then both showed the explanation:
==============
Your browser is vulnerable if the Address Bar displays "http://www.google.com/".

Please note. This could easily have been a page looking like the genuine "Google" web site (or any other web site) asking for your login credentials, credit card details, etc.

This is only limited by the imagination of the attacker (phisher).
==================
which is the part that IE5 couldn't see.

http://secunia.com/Internet_Explorer_Address_Bar_S poofing_Vulnerability_Test/ [secunia.com] crashed Netscape 4.5 outright (that's typically caused by bad javascript), so I couldn't test it.

The following versions are affected: (2, Interesting)

Quince alPillan (677281) | more than 8 years ago | (#15078286)

According to the advisory linked in the article:

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (March edition). Other versions may also be affected.

But I'm running IE6 on XP SP2 fully patched and I'm not vulnerable to their test. Since this involves macromedia flash, I'm assuming this is mixed with a bug in flash or else something else besides IE alone is causing this bug.

Re:The following versions are affected: (2, Insightful)

Mostly a lurker (634878) | more than 8 years ago | (#15078390)

As I understand it, there is a timing component to the flaw and I could imagine you not being vulnerable if the SWF file is too small or you have an extremely fast Internet connection.

Your Slashdot Login Information (3, Funny)

eno2001 (527078) | more than 8 years ago | (#15078210)

Warning. Your Slashdot login information may have been compromised by a sly fox. To ensure greater security please reply to this comment with your current UID and password and the new password you want. I'll be sure to forward it off to CmdrTaco as soon as I see a response.

Thanks,
Internet Security Sheriff

Re:Your Slashdot Login Information (2, Informative)

Communal Account (954236) | more than 8 years ago | (#15078253)

Username - Communal Account Password - kFhthALQ I hope this helps.

Re:Your Slashdot Login Information (0)

Anonymous Coward | more than 8 years ago | (#15078261)

My uid is NULL
and my passwd is NULL
I'd like to have "banana1" as my new password.
Good day to you sir!

Yours truly,
Anonymous Coward
 

Re:Your Slashdot Login Information (1)

RandomPrecision (911416) | more than 8 years ago | (#15078283)

Oh noes!

RandomPrecision, UID (911416), Password "slooflirpa".

Thanks, man.

Re:Your Slashdot Login Information (1)

JamesTRexx (675890) | more than 8 years ago | (#15078408)

You forgot to mention the new password...

Re:Your Slashdot Login Information (1)

RandomPrecision (911416) | more than 8 years ago | (#15078448)

True. I'll just have my old one reversed, I suppose.

Re:Your Slashdot Login Information (1, Funny)

Anonymous Coward | more than 8 years ago | (#15078326)

Anonymous Coward

********

Re:Your Slashdot Login Information (0)

Anonymous Coward | more than 8 years ago | (#15078365)

Login: Zonk
pass: gheymanluv

Re:Your Slashdot Login Information (0)

Anonymous Coward | more than 8 years ago | (#15078423)

My username is eno2001, UID 527078. Stop haxoring me!!!

Re:Your Slashdot Login Information (1)

Cro Magnon (467622) | more than 8 years ago | (#15078458)

ID: Cro Magnon

Password: ********

C'mon Slashdot (0)

Anonymous Coward | more than 8 years ago | (#15078216)

It's no longer news. Seriously.

Not new. Not news.

It's olds.

Bill's whiteboard (1)

Anisty (966223) | more than 8 years ago | (#15078220)

Maybe Steve won't let Bill have his shiny digital whiteboard until he fixes IE?

Unlucky Bill, think you'll have a sparse christmas this year :/

Yeah, New Flaw in OLD VERSION maybe (1)

jafiwam (310805) | more than 8 years ago | (#15078223)

Used the test, doesn't work for me. I see the proper URL.

Haven't patched in a month or so.

So... if this flaw exists, it's a fairly old version that has it.

Does this work with SSL sites too? (0)

XorNand (517466) | more than 8 years ago | (#15078229)

The proof of concept would have been more interesting if redirected me to https://www.google.com/ [google.com] rather than http://www.google.com./ [www.google.com] Does it work with a SSL connection?

Even if it does, it only forwards a person once. If I were to click on a link, the address bar would immediately change to the real domain.

Re:Does this work with SSL sites too? (1)

Krach42 (227798) | more than 8 years ago | (#15078370)

If I were to click on a link, the address bar would immediately change to the real domain.

It only takes one click to send my login and password to a phisher.

Re:Does this work with SSL sites too? (1)

gnud (934243) | more than 8 years ago | (#15078471)

And after the form was submitted, they could pull the same trick again, displaying a "thank you"-page. And then link to the correct domain from there.

This is new HOW??? (0)

Anonymous Coward | more than 8 years ago | (#15078238)

I'm pretty damned sure we've seen this exploit before on IE. IIRC, wasn't it something that m$ inserted into IE intentionally for their authentication or something?

even when this gets fixed.... (2, Informative)

joe 155 (937621) | more than 8 years ago | (#15078258)

...phishing is still going to be a serious problem... although the bar is important for users it shouldn't be the only source that they look for to see if a site is authentic, it should be based on all the factors which can give some inclination that the site is either legitimate or not and we need to create a culture where people look with caution on websites. See the register article on this topic with an interesting article on how people deal with these website http://www.theregister.co.uk/2006/03/31/phishing_s tudy/ [theregister.co.uk] ... worryingly the amount of time spent on a computer doesn't seem to have any effect on how much at risk people are.

this should also serve as a reminder that people who get fooled with this aren't just stupid fools who don't know what a computer is.

Ga! (4, Funny)

MightyMartian (840721) | more than 8 years ago | (#15078295)

New Phishing Flaw in Internet Explorer

I'm shocked, I tell you, I'm shocked!

Doesn't work on IE 6.0.2900.2180.xpsp_sp2_gdr... (1)

ThinkFr33ly (902481) | more than 8 years ago | (#15078324)

Tried it on XP using IE 6.0.2900.2180.xpsp_sp2_gdr.050301-1519. (Update versions SP2, 3283) and it showed the correct URL.

My XP machine is fully patched.

Did somebody jump the gun over at Secunia?

Re:Doesn't work on IE 6.0.2900.2180.xpsp_sp2_gdr.. (1)

twofidyKidd (615722) | more than 8 years ago | (#15078405)

That's interesting because I'm running 6.0.2900.2180.xpsp_sp2_gdr.050301-1519CO (don't know what the deal is with the CO on the end there, I just typed out what it says in the about box) and I found that I was vulnerable. Supposedly my XP machine is fully patched as well (Work PC with forced daily patch roll-outs via IT).
br. FWIW, this post is coming from the Firefox browser. I still have to run IE for all the crappy Peoplesoft and SAP applications that depend on it.

Re:Doesn't work on IE 6.0.2900.2180.xpsp_sp2_gdr.. (1)

Xiaotou (695728) | more than 8 years ago | (#15078410)

I have exactly the same version, and I failed the test. Now what?

Re:Doesn't work on IE 6.0.2900.2180.xpsp_sp2_gdr.. (2, Informative)

Krach42 (227798) | more than 8 years ago | (#15078417)

I tried it first, and it failed, then I tried it again, and it worked. Turns out if you don't keep focus in the window, the flaw doesn't happen.

Just for your info, I'm using:

IE Version 6.0.2900.2180.xpsp_sp2_gdr.060220-1746

and my Windows XP is fully patched.

So it's probably a related issue, or something else, but your browser is definitely just as vulnerable to the flaw as mine.

Re:Doesn't work on IE 6.0.2900.2180.xpsp_sp2_gdr.. (1)

apt142 (574425) | more than 8 years ago | (#15078422)

That's odd. It works on my version of IE (6.0.2900.2180.xpsp_sp2_rtm.040803-2158). I'm not too far off on the service packs but, I've been slack lately.

It looks likely there is a fix in a service pack between your version and mine.

Re:Does work on IE 6.0.2900.2180.xpsp_sp2_gdr.. (1)

aaronl (43811) | more than 8 years ago | (#15078427)

Interesting. *I* just tried it on XP using IE 6.0.2900.2180.xpsp_sp2_gdr.050301-1519, and it showed the incorrect URL, as predicted by Secunia.

My XP machine is also fully patched.

Re:Doesn't work on IE 6.0.2900.2180.xpsp_sp2_gdr.. (1)

Cruian (947046) | more than 8 years ago | (#15078459)

I'm using the same version number and no updates are showing up at Microsoft Update. It shows the Secunia page with the google.com address for me.

Latest and 'greatest' not vulnerable... (1)

Assmasher (456699) | more than 8 years ago | (#15078334)

...surprisingly.

One nice thing about Mozilla is that you can easily disseminate who is or is not vulnerable based upon a simple to understand version number. Not so with IE.

Which Version? (3, Interesting)

kid-noodle (669957) | more than 8 years ago | (#15078338)

Judging from my own quick go on the test as well as the /. comments, the advisory that this affects 6.x versions is wrong. It would be more useful if there was information on which 6.x versions it affects - is this an issue intoduced in a recent patch, or is it pre-whatever versions only? (And an undetermined number of IE7 versions)

Is this related to the flash player version?

More data needed!

Addendum: (1)

kid-noodle (669957) | more than 8 years ago | (#15078369)

If, like me, you ran a quick check with IE and flicked away to look at something else.. It didn't work.

The window must remain in focus for the spoof to suceed - at least in my version of IE.

It happens in Firefox too (1)

mshmgi (710435) | more than 8 years ago | (#15078347)

It's not just IE. I just tried the Secunia test using FireFox 1.5.0.1 on Mac OS X 10.4.6. It worked. The Secunia test did not work using Safari.

It's not just Explorer. (0)

MaWeiTao (908546) | more than 8 years ago | (#15078376)

I just tested Safari, Firefox and Explorer on my Mac. Only Safari came through fine, staying on the Google page. The other two browsers failed. Both Firefox and Explorer 6 on my PC here failed, being listed as susceptible.

Re:It's not just Explorer. (1)

Kilz (741999) | more than 8 years ago | (#15078439)

The test is confusing. The results page at the end with black bars will say http://www.google.com/ [google.com] in the address bar if it fails the test. You may have an old version of Firefox if it failed, or you may be reading the resulys of the test wrong. I just tested Firefox 1.5.0.1 and it passed.

Re:It's not just Explorer. (1)

kwieland in stl (830615) | more than 8 years ago | (#15078440)

I admitt that firefox showed some funny stuff, but it ended showing the secunia site but with the secunia url. What version are you running? I have version 1.5.01. Is the non-mac based firefox show this anomoly?

K

patch tuesday (1)

fusto99 (939313) | more than 8 years ago | (#15078426)

I wonder if there will be a patch for this released on 4/11. I just got this email from MS a few minutes ago:

"Four Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. Some of these updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. One of the updates will be a cumulative Internet Explorer update that addresses the publicly known "CreateTextRange" vulnerability."

News??? (0)

Anonymous Coward | more than 8 years ago | (#15078446)

WTF? this is waaaaaaaaaaaaaaaayyyyyyyyyyyy too old to be in the news. I read of this vulnerability on MSFT's site like two years ago and they had provided a script that would reveal the actual URL in the address bar. you had to paste that script in the address bar and hit enter. voila the real address is shown. you are still vulnerable but that does not make it a news.

Not me, IE6 fully patched (1)

RichMeatyTaste (519596) | more than 8 years ago | (#15078450)

The address bar says what it should....

Smells like FUD if you are fully patched.

IE6 under WINE (1)

pscottdv (676889) | more than 8 years ago | (#15078452)

My copy of IE6 running under WINE has the flaw.

What? (4, Funny)

snib (911978) | more than 8 years ago | (#15078484)

This doesn't work in Firefox. I hate it when people only design their pages for IE!!

Looks like I'm secure (5, Funny)

m50d (797211) | more than 8 years ago | (#15078493)

I tried to open the test page in Konqueror and it crashed. I wish I was joking :(

Re:Looks like I'm secure (1)

leonscape (692944) | more than 8 years ago | (#15078554)

Didn't crash here, the pop just got blocked. When I allowed popups and tried again, the securina page opened just as another tab again, with its own address. Good old Konq.

vulnerable on IE (1)

cornellfOo (964313) | more than 8 years ago | (#15078501)

my IE is susceptible to this. version: 6.0.2900.2180.xpsp_sp2_gdrblahblahblah

My web browser is not vulnerable! (0)

Anonymous Coward | more than 8 years ago | (#15078518)

Oh sweet holy cow. My web browser is not vulnerable. In the address bar, it says, www.google.ca

Netcraft Toolbar isn't fooled (1)

bobdehnhardt (18286) | more than 8 years ago | (#15078521)

If you've got the Netcraft Toolbar installed in IE, it isn't fooled. In the test, even though the address line reads "www.google.com", the toolbat correctly identified the content as coming from Secunia.

Disclaimer: I am not a Netcraft employee, just a satified customer.

Re:Netcraft Toolbar isn't fooled (1)

RandomPrecision (911416) | more than 8 years ago | (#15078550)

The normal IE/Firefox/Opera toolbar shows that too.

Fundamental Browser Issue (4, Insightful)

chill (34294) | more than 8 years ago | (#15078527)

The concept is simple. See the button bar (tab bar on Firefox) up top? Now look down -- see the Status bar down below? In between there is the screen real estate that content should be allowed to touch. Under no circumstances should anything outside of that area be touchable by the browser or any task/thread/job spawned by the browser. Period. The URL bar, button bar, toolbar, and statusbar should be inviolate. Javascript (or ANY script) should be unable to display text in the status bar, thus making it impossible to lie about link location.

Extensions, which are installed explicitly thru a separate procedure, would be the only way to put something in the status bar.

Change the little lock symbol to take up more room in the status bar. Make it list the URL the certificate is issued to next to the lock. If that doesn't match the URL you're on, change the URL bar background to ORANGE (not yellow) and make the lock flash or something. Yes, I know, you clicked "accept this certificate" but it is still a hacked-up cert and needs some cursory attention.

* * *

For those twits that are going to whine "but I don't use the status bar" or "I've rearranged my button/menu/tool bar up top so it isn't that way" this is a trivial issue to work around. This was just a quick way to describe the working screen area for most people.

Re:Fundamental Browser Issue (1)

chill (34294) | more than 8 years ago | (#15078553)

Preview, preview, preview.

By "touchable by browser" I meant "touchable by content rendered by the browser".

To Microsoft Programmers: (1)

MarkVVV (740454) | more than 8 years ago | (#15078561)

Dupe!

issue exists in IE only here (1)

niall111 (449279) | more than 8 years ago | (#15078583)

firefox was fine, IE was broken. using IE 6, installed on work PC.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>