 
SKYHN
Lu.. Lu.. Lulululu
Premium
join:2001-09-16
99999 | The one thing to end all windows exploits: A patch that disables windows  | |
|
 | |
| | skiguy219
join:2001-02-01
Beaverton, OR
clubs: | Re: The one thing to end all windows exploits: I DONT GET HOW HARD THIS IS. Netscape just shows the true location in the address bar! Can a company who sells millions of dollars worth of software not figure that out!!!Come on, if one can why cant the other. | |
|
| 
rtcy
RTCY
Premium
join:1999-10-16
Norwalk, CA | ALL MICROSOFT NEEDS IS A LINK TO WWW.MOZILLA.ORG
and kill active X out of windows once and for all, they lost that battle. | |
|
| | 
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
edit:
January 30th, @09:32PM
| Re: The one thing to end all windows exploits: said by rtcy  :
and kill active X out of windows once and for all, they lost that battle.
sprithippt!!?!??
THEY DID?????
You do actually own a computer....right?
Now excuse me while I clean the Pepsi out of my keyboard, that was the single funniest thing I've read all day. ActiveX ...dead, ROFLMAO.
--
Japan-- Now with 30% more climbable telephone poles!! | |
|
| | | |
GNXPower
Got Boost?
Premium
join:2003-12-18
Huntington Beach, CA | I have the work around Not using IE. | |
|
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA | "Don't click links" Kinda like "Don't send links to your friends; instead, print out a web page and fax it to them" | |
|
SND2005
Premium
join:2001-09-15
Im Over Here
 ·CWLab
edit:
January 30th, @11:00AM
| Hmmm.... It sucks that M$ has such a crappy attitude towards this- if they would just fess up and fix the thing people would more highly regard them.
On the other hand though, it doesn't take much common sense to avoid this. Are people really so stupid and/or lazy as to not book mark a site?! Yes, its an exploit- but thinking wouldn't hurt either. I bet if people spent half as much time trying to crack other browsers and Linux that there would be just as many issues. So to all you smug users of other browsers- just wait, your time is coming. | |
|
| |
| | 
ikarus1
Premium
join:2002-10-23
Urbanna, VA
| Re: Hmmm.... said by Torn :
said by SND2005 :
I bet if people spent half as much time trying to crack other browsers and Linux that there would be just as many issues. So to all you smug users of other browsers- just wait, your time is coming.
Microsoft is a target, that's why.
Naw... Microsoft is a joke that is why. Look it is really simple. It really is, and you Microsux lovers are in serious denial...
We (Computer Scientists) have known for forty years that it was stupid to allow Joe $hit the RagMan... AKA LUSER to run with administrative privs on any system. Now, kiddies, the truth is Microsux knew that when they started down this path. They knew they shouldn't let, "Bubba LUSER", run with admin privs but they did not know how to get around the problems that would cause with MS-DOS apps and their installed base.... sooooo.... they just decided in their marketing driven engineering shop to IGNORE CONVENTIONAL PRUDENCE... They knew they shouldn't do it. They did it anyway. Now they are running on top of some forty or fifty million lines of code that was written on top assumptions which are known to be BAD PRACTICE. They aren't going to fix this problem because they can't fix it. Their system is a monolith, commonly recognized as BAD PRACTICE by the Computer Scientists world wide. Their monolith presumes the user at the console should have administrative rights, commonly recognized as BAD PRACTICE by Computer Scientists world wide.
Kiddies... this is not that hard to understand... but there are some who are so deeply in denial that saying it won't help... Microsloth knowingly screwed the pooch to ensure that they kept market share, with the mistaken belief that they could defy conventional wisdom and survive it. NOW YOU ARE PAYING THE PRICE... and kiddies, that is something you can't deny.
-m-
--
»www.freeantennas.com | |
|
| | | Freezone
join:2000-09-29
Southfield, MI
| Re: Hmmm.... said by ikarus1 :
Microsloth knowingly screwed the pooch to ensure that they kept market share, with the mistaken belief that they could defy conventional wisdom and survive it. NOW YOU ARE PAYING THE PRICE... and kiddies, that is something you can't deny.
-m-
Well, I am pissed I did not think of doing what MS did first  . Having Bill Gates money does not hurt at all. I am sure he losses sleep everynight with all the trouble he has caused.
Microsoft survived becuase they are a business. We had and have better OS made by scientist. Scientist are still pissed that us LUSER have the power that we have. For the better part of the last 40 years computing belonged only to the scientist. Companies like MS and Apple came and gave some of that power to the people.
I thank god for the PC, becuase I am glad the world of dumb terminals did not survive. Despite the constant problems with windows I will keep my computing power in my own controll thank you. | |
|
| | | |
ikarus1
Premium
join:2002-10-23
Urbanna, VA
| Re: Hmmm.... said by Freezone :
I thank god for the PC, becuase I am glad the world of dumb terminals did not survive. Despite the constant problems with windows I will keep my computing power in my own controll thank you.
No Bill will keep your computer in his control and let you think that you have control...
»www.nsclean.com/nsakey.html
-m-
--
»www.freeantennas.com | |
|
| | | | | Freezone
join:2000-09-29
Southfield, MI | Re: Hmmm.... Rather think I do then what your scientist had in store for me. Talk about big brother. | |
|
| | | | 
mujahid0
join:2003-08-09
Hayward, CA |  Bravo Freezone! Well said, I add my voice to yours!! | |
|
| | | roahboah
join:2000-08-18
Rumney, NH
| said by ikarus1 :
said by Torn :
said by SND2005 :
I bet if people spent half as much time trying to crack other browsers and Linux that there would be just as many issues. So to all you smug users of other browsers- just wait, your time is coming.
Microsoft is a target, that's why.
Naw... Microsoft is a joke that is why. Look it is really simple. It really is, and you Microsux lovers are in serious denial...
We (Computer Scientists) have known for forty years that it was stupid to allow Joe $hit the RagMan... AKA LUSER to run with administrative privs on any system. Now, kiddies, the truth is Microsux knew that when they started down this path. They knew they shouldn't let, "Bubba LUSER", run with admin privs but they did not know how to get around the problems that would cause with MS-DOS apps and their installed base.... sooooo.... they just decided in their marketing driven engineering shop to IGNORE CONVENTIONAL PRUDENCE... They knew they shouldn't do it. They did it anyway. Now they are running on top of some forty or fifty million lines of code that was written on top assumptions which are known to be BAD PRACTICE. They aren't going to fix this problem because they can't fix it. Their system is a monolith, commonly recognized as BAD PRACTICE by the Computer Scientists world wide. Their monolith presumes the user at the console should have administrative rights, commonly recognized as BAD PRACTICE by Computer Scientists world wide.
Kiddies... this is not that hard to understand... but there are some who are so deeply in denial that saying it won't help... Microsloth knowingly screwed the pooch to ensure that they kept market share, with the mistaken belief that they could defy conventional wisdom and survive it. NOW YOU ARE PAYING THE PRICE... and kiddies, that is something you can't deny.
-m-
Okay, great. Do you actually propose an alternative, or are you just pointing out Microsoft's apparent greed and/or sloth?
Thanks,
roah | |
|
| | | |
ikarus1
Premium
join:2002-10-23
Urbanna, VA
| Re: Hmmm.... said by roahboah :
said by ikarus1 :
said by Torn :
said by SND2005 :
I bet if people spent half as much time trying to crack other browsers and Linux that there would be just as many issues. So to all you smug users of other browsers- just wait, your time is coming.
Microsoft is a target, that's why.
Naw... Microsoft is a joke that is why. Look it is really simple. It really is, and you Microsux lovers are in serious denial...
We (Computer Scientists) have known for forty years that it was stupid to allow Joe $hit the RagMan... AKA LUSER to run with administrative privs on any system. Now, kiddies, the truth is Microsux knew that when they started down this path. They knew they shouldn't let, "Bubba LUSER", run with admin privs but they did not know how to get around the problems that would cause with MS-DOS apps and their installed base.... sooooo.... they just decided in their marketing driven engineering shop to IGNORE CONVENTIONAL PRUDENCE... They knew they shouldn't do it. They did it anyway. Now they are running on top of some forty or fifty million lines of code that was written on top assumptions which are known to be BAD PRACTICE. They aren't going to fix this problem because they can't fix it. Their system is a monolith, commonly recognized as BAD PRACTICE by the Computer Scientists world wide. Their monolith presumes the user at the console should have administrative rights, commonly recognized as BAD PRACTICE by Computer Scientists world wide.
Kiddies... this is not that hard to understand... but there are some who are so deeply in denial that saying it won't help... Microsloth knowingly screwed the pooch to ensure that they kept market share, with the mistaken belief that they could defy conventional wisdom and survive it. NOW YOU ARE PAYING THE PRICE... and kiddies, that is something you can't deny.
-m-
Okay, great. Do you actually propose an alternative, or are you just pointing out Microsoft's apparent greed and/or sloth?
Thanks,
roah
Sure. Linux and FreeBSD are both mature enough for the desktop, have excellent applications... shoot the other day I was running OpenOffice and working with Excel spread sheet files... OpenOffice is as good as MS Office and that is the application that is keeping business people from migrating to a free operating system.
It is like IBM is saying in their ads, "The Future is Open".
Get on board or get left behind.
-m-
--
»www.freeantennas.com | |
|
| | | | 
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| said by roahboah :
Okay, great. Do you actually propose an alternative, or are you just pointing out Microsoft's apparent greed and/or sloth?
It's called use an operating system that enforces privlege levels and separation. Any UNIX variant does this. And no, I'm not a Linux zealot. All you have to do is look at Apple's OS-X (built on top of BSD).
Hell, the people at MicroSoft that first came up with NT were ex-VAX people and knew better than to create the current mess. NT sorta used to have separation. Then, they decided, "let's take our consumer OS line and our business OS line and merge them." Unfortunately, in the process, they gutted the miniscule level of protection that was in their business OS line.
But hey, it shure duz play gamez real good.
Hope every last Windows user who doesn't protect themselves from MS design defects learns the hard way what crap they're using.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" | |
|
| | | | | 
anotamous
@66.168.x.x
| Re: Hmmm.... I don't suppose you've ever looked at a functioning active directory structure, have you? Don't bother answering... most people who sit back all smug in their guru chairs wouldn't dare dirty their hands on a Windows machine.
My company has been in business for over 22 years, and I have to deal with (read: fix) systems of all makes, running every OS you can think of. Yeah, I even have punks bringing in Solaris crap. Trust me, chief, the line seperating Operating Systems is getting thinner.
You say look at OS-X? I say look at 2k, XP, Longhorn, 2k3... they're all just Unix with a pretty shell. Sure, that'll probably give you a coronary or whatnot, but you can't deny the truth. Any tech worth two cents will agree. | |
|
| | | Beeper
Part Of The Problem
join:2001-09-27
Dayton, OH
clubs:
| said by ikarus1 :
We (Computer Scientists) have known for forty years that it was stupid to allow Joe $hit the RagMan...
Yours is the superior intellect.
--
Guaranteed Fear and Loathing. Abandon all hope. Prepare for the Weirdness. Get familiar with Cannibalism. | |
|
| | | |
ikarus1
Premium
join:2002-10-23
Urbanna, VA
| Re: Hmmm.... said by Beeper :
said by ikarus1 :
We (Computer Scientists) have known for forty years that it was stupid to allow Joe $hit the RagMan...
Yours is the superior intellect.
Education does not equate to intellect... Microsoft employees Computer Scientists as well...
You figure it out, it isn't really that difficult.
-m-
--
»www.freeantennas.com | |
|
| | |
BSDUser
@verizon.ne
| Computer scientist you are not, a prepubescent you are. Seriously, I bet you're a closet Windows user.
I use Microsoft Windows (notice the lack of script kiddie/Linux zealot mis-spelling(s) of Windows and Microsoft) and like it. I also use FreeBSD and Linux. (*Gasp*!) and love them as well. They have their places. If you don't like it, then don't use it. Simple huh?
Remember, Linux is for people who hate Windows. BSD is for people who love Unix. | |
|
| | | |
ikarus1
Premium
join:2002-10-23
Urbanna, VA
| Re: Hmmm.... said by BSDUser:
Computer scientist you are not, a prepubescent you are. Seriously, I bet you're a closet Windows user.
I use Microsoft Windows (notice the lack of script kiddie/Linux zealot mis-spelling(s) of Windows and Microsoft) and like it. I also use FreeBSD and Linux. (*Gasp*!) and love them as well. They have their places. If you don't like it, then don't use it. Simple huh?
Remember, Linux is for people who hate Windows. BSD is for people who love Unix.
said by BSDUser:
Computer scientist you are not, a prepubescent you are. Seriously, I bet you're a closet Windows user.
I use Microsoft Windows (notice the lack of script kiddie/Linux zealot mis-spelling(s) of Windows and Microsoft) and like it. I also use FreeBSD and Linux. (*Gasp*!) and love them as well. They have their places. If you don't like it, then don't use it. Simple huh?
Remember, Linux is for people who hate Windows. BSD is for people who love Unix.
Computer Scientist, I am. and child if we're remembering, let us remember that 'BSD' ain't System-V, and SCO is sueing for the right to take OpenSource off the net. If there is one thing I'll garauntee you it is that the *BSD you use DOES violate SCO's rights...
Duh... now go learn something and come back when you understand wheel...
-m-
--
»www.freeantennas.com | |
|
| | |
|
MacUser04
@12.151.x.x
| quote:
I bet if people spent half as much time trying to crack other browsers and Linux that there would be just as many issues. So to all you smug users of other browsers- just wait, your time is coming.
Bszzt, Wrong. It's because of poor code and security on the Windows side. UNIX'es are more secure and that's an undeniable fact. It has nothing to do with focusing attnetion on Windows. It has to do with the fact that on Windows security was an afterthought, where with UNIX'es it was the main goal.
Difference in development ideologies and the fact that UNIX has been around since the 60's make it a much more stable and secure platform than Windows can ever hope to be. | |
|
| |
SND2005
Premium
join:2001-09-15
Im Over Here
·CWLab
| Re: Hmmm.... Haaa haaa haaaaa haaaaa......You freakish people are so funny. This isn't even about a "who is better" type war as you all would like to make it. (Windows would appear to better if you look at sales.. )
The problems will come for whomever is the leader in the market- which is Mircosoft, so eat it. | |
|
| | |
MacUser04
@12.151.x.x | Re: Hmmm.... Being the leader does not mean they will always be a target. You can do things to minimize the risk of things happening but, sadly, M$ didn't choose to do that. | |
|
| | Talis
join:2001-06-21
Houston, TX
| said by MacUser04:
It has to do with the fact that on Windows security was an afterthought, where with UNIX'es it was the main goal.
Sooo.. they wrote security code just to write security code? What exactly were they securing? Maybe perhaps the OS was the main goal?
I don't mind a good 'UNIX IS GOD' rant - well maybe I do - but it should at least be semi-credible. | |
|
| | |
ikarus1
Premium
join:2002-10-23
Urbanna, VA
| Re: Hmmm.... said by Talis :
said by MacUser04:
It has to do with the fact that on Windows security was an afterthought, where with UNIX'es it was the main goal.
Sooo.. they wrote security code just to write security code? What exactly were they securing? Maybe perhaps the OS was the main goal?
I don't mind a good 'UNIX IS GOD' rant - well maybe I do - but it should at least be semi-credible.
Oh, Lord, Please deliver me from idiots... Naturally the object was to secure the OS first. What? Is it better to secure only user land? You do know what user land is, right? Oh, Doh?! (slapping my head violently) of course you don't know what user land is... you are a Microsoft Certified Systems Engineer... I knew that.
-m-
--
»www.freeantennas.com | |
|
| raye
Premium
join:2000-08-14
Orange, CA | If they begin targetting Mozilla, we canthten have a comparison as to how quickly the open-source community fixes its problems vs. the closed software community (i.e. Microsoft).
My money is on open-source. | |
|
nasadude
join:2001-10-05
Rockville, MD | like all good monopolies.... ...Microsoft could give a sh*t about their customers.
Besides, they're not interested in browsers anymore, they won that war. | |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| typical MS Typical Microsoft: break protocols, then claim it's sooooo much better for you. Market the heck out of it, then all but the sharp don't know any better. Dear MS: it's not rocket science; Mozilla for example has no problem with this, and we don't know what your problem is in obscuring stuff.
Actually, come to think of it, this is also right up their alley. Let's not show the user what the Web server sent you on an error; they probably can't handle that. No, let's put up our own "friendly" page with 3 paragraphs of cruft explaining what the problem might be instead, while the user has to wade through all that in order to find out what the problem really was. "Obscure as much of the real world as possible" is the Microsoft way, so it's no big surprise that they hide a NUL or SOH.
It's also soooo comforting to know that if it's two days after their monthly release cycle day when a new problem is discovered that my system will be broken in some way for another 28 or so days. I guess it's too "confusing" to have a properly working system.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here | |
|
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs:
·Embarq
| WtF? quote:
As a result, Microsoft will be eliminating the ability of IE to recognize the "@" character in URLS altogether - meaning websites that still use the character to denote user login information will need to change their ways once the next patch is applied. A second exploit that allows scammers to disguise true file extensions was unveiled earlier this week.
Huh? Mozilla firebird doesn't allow Phishing, yet I can still use username:password@domain-name.com. Why can't IE do the same.
--
Girls don't really like me That's why I hate myself Maybe it's cause of the way I look Or maybe it's something else »maxolasersquad.com | |
|
| Freezone
join:2000-09-29
Southfield, MI | Re: WtF? Ok i have to admit this is bad. | |
|
| | 
Morac
join:2001-08-30
Riverside, NJ | Re: WtF? It would be, if it were true. | |
|
Doctor Dan
Weapons Of Masturbation
Premium
join:2001-10-20
Papiopolis
 ·inmotionhosting
·Verizon Online DSL
| Not limited to IE... The [url]@[ip address] spoof problem is not limited to IE.
I tried the following on a Mac using Safari 1.0, IE 5.2.2, Mozilla 1.6, and Firebird 0.7:
»www.chase.com@158.171.210.42
and all the browsers redirected to 158.171.210.42 (Fleet Bank's website) rather than generating an error or displaying Chase Manhattan Bank's website.
- Dan
--
When are you going to let me out of this box? | |
|
|
See 9 replies to this post |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| Easy to to avoid being phished If you are going to a site that you fear may be a phishing exploit (site you don't trust)
Simply right click the link and goto properties there you will see "somedomain.com%01@realdomain.com" except the %01 will be a wild character more like ||. Haven't ran across the download phishing yet. Should be able to do the same on it though.
(smart site would disable right click if they're going to phish).
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? | |
|
| |
| | CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| Re: Easy to to avoid being phished That is true too. But that would be after you clicked on the phishing url and are on the fake site..
you could goto view and source on the suspected page. But that is a good idea if the site you went to isn't malicious. (ie. force itself upon you.)
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? | |
|
|
| |
tls663
Premium
join:2004-01-30
canada
| they're all bad So typical, and its not just Microsoft, its all software in general, why do they release the software/game then created patches, point releases, or my favorite the ever famous 'update'? Wouldn't it be better if they tested the product thouroughly first then release it? Could be a new idea.....maybe I'm onto something | |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ
·surpasshosting
| Uh, mozilla full time anyone? As a result, Microsoft will be eliminating the ability of IE to recognize the "@" character in URLS altogether - meaning websites that still use the character to denote user login information will need to change their ways once the next patch is applied.
Uh, bad idea.
--
I gots a nice site (I think). You can check it out by clicking the link. http://www.krahs-emag.com BTW, don't trust anything that bleeds for 7 days and doesn't die. | |
|
| |
| |
LifesTooShort
@68.21.x.x | They still need to support the @ symbol... I would expect that they will still allow the @ symbol in URL's, but not recognize it as a delimiter that implies any form of authentication. | |
|
| |
Pole883
Premium
join:2004-01-27
Schenectady, NY |  Can We Spell............
--
Pole883 | |
|
|
See 6 replies to this post |
|
tomkb
Premium
join:2000-11-15
Avon, OH
clubs: | A terrible use of this exploit I was purchasing something on ebay just today and the thought dawned on me.
What if one of these people scanned ebay all day long waiting for auctions to close and emailed phony invoices to the buyer to collect payment? | |
|
|
|
|
Microsoft Acknowledges Exploit
·
Old news and article is incorrect about MS's fix.