IE Exploit

[whipped]

Not really something to worry us people that know how to use these computer things, but maybe something to warn parents, grandparents and baby aliens about.

Hi,

An issue was identified yesterday with Internet Explorer and the way it
displays URLs in the address bar.

From the original Bugtraq posting:

"By opening a window using the http://user@domain nomenclature an
attacker can hide the real location of the page by including a 0x01
character after the "@" character. Internet Explorer doesn't display the
rest of the URL making the page appear to be at a different domain. "

Proof of Concept http://www.zapthedingbat.com/security/ex01/vun1.htm

This is particularly pertinent given the recent spate of emails from
fraudulent online banking sites, such as those pretending to be Natwest.
This problem makes these types of scams a great deal harder for end
users to spot, as it is now possible to have eg www.natwest.com appear
in the address bar when the end user is looking at a fraudulent site.

There is as yet no fix from Microsoft for this issue, nor is there a
workaround for Internet Explorer. As soon as one becomes available we'll
let you know.

 

[Xavier]

nice, now even more plebs will know how to use it heh

 

[Sharma]

Even more reasons to not use IE.

Mozilla all the way!

 

[Xavier]

Firebird y'mean

Mozilla < Firebird

 

[whipped]

Opera

 

[Cdr]

IE!

shit.

 

[Tom]

The thing is, I tried all of those browsers, and found the IE interface much easier and more pleasant to use. I'm not saying the others are bad, but IMO IE is a much better product, for all its faults.

Mind you, one thing I want is a 'http://www' button to the left of the address bar, so I don't have to type those www's.

 

[Cdr]

Ummm I thought you could? Just type yahoo.com or game.net into the address bar and it'd work?

Edit// Seems to work with google.com, yahoo.com, game.net, bbc.com

 

[Tom]

nah

 

[Cdr]

Odd. Worked on mine

 

[Tom]

try bbc.co.uk it won't work

 

[Cdr]

heh true true.

bbc.com did tho, which redirects you to bbc.co.uk....

 

[Tom]

They probably own the http://bbc.com domain, and redirect it. It doesn't mean that IE is automagically putting the www in.

 

[Cdr]

Still, it would be nice to have an auto-insert http://www.

 

[Tom]

Stop nicking my ideas you tart

 

[Cdr]

My idea now!

*runs off to the patent office*

mwhahahahaha!

 

[Tom]

*emails goatse and tubgirl images to cdr*

 

[evilmonkeh]

ctrl + enter?

 

[doh_boy]

I find firebird easier, quicker and a lot less trouble.

 

[Ch3tan]

Firebirds interface is very similar to ie's, but just a little better.

 

[FatBusinessman]

Originally posted by evilmonkeh
ctrl + enter?

What he said. Also, in Firebird, Shift-Enter adds www.domain.net, and Ctrl-Shift-Enter adds www.domain.org.

Ha!