 
n2jtx
join:2001-01-13
Glen Head, NY |  It makes you wonder...
| |
|
 | 
ArchAngel21x
MacFan Pro
Premium
join:2001-10-28
Lincoln, NE | Re: It makes you wonder... This is what I wonder. What is the incentive to delay making a patch for a problem, known or unknown? | |
|
| 
Nam Vet
Premium
join:2001-12-03
Allentown, PA | LOL its M$, Does anyone really believe that they will fix this before 2006? | |
|
| | 
Jeremy341
Bye
Premium
join:2000-01-06
localhost
| Re: It makes you wonder... said by Nam Vet  :
LOL its M$, Does anyone really believe that they will fix this before 2006?
It's already been fixed in SP2. And considering the fact that SP2 is coming out this year, I'll have to disagree with you. | |
|
| no_coin
join:2002-10-17
Tyngsboro, MA | HERE'S THE PATCH:
download and install Mozilla or FireBird or other non-microsoft browser  | |
|
| | 
VWSpeedRacer
join:2002-10-06
Essex Junction, VT
clubs:
| Re: It makes you wonder... Already there. In fact, the first time I got one of the scam emails and clicked the link trying to fish it out, I thought it was so blatently obvious (because I could see the whole url) that I thought only a moron would fall for it.
A month or so later I saw the scheme behind it posted here and felt bad for all the other uneducated folks out there...
--
Daniel Gwozdz (VW Speed Racer)The Online Reader's Society --- Water-cooled Volkswagen World | |
|
neftv
join:2000-10-01
Broomall, PA | Wow my antivirus caught it When I clicked on "demonstrated here" my antivirus reported a trojan but it could not clean it or move it. | |
|
Morac
join:2001-08-30
Riverside, NJ
 ·Comcast
| Microsoft's Solution "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself." - »support.microsoft.com/default.as···];833786 | |
|
| 
SpyderWoman
Premium
join:2002-06-11
Mustang, OK
clubs:
| Re: Microsoft's Solution Talk about an "educate the user" problem!! Microsoft's recommendation begins with:
"Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information."
Well, it's already been demonstrated in our Security forum that the lock can be spoofed. So that's not a safe indicator. The Microsoft article goes on to say to then right click on the lock symbol and check the source of the digital signature. I'm not certain but what that couldn't be spoofed up or obfuscated enough to confuse most users.
Most of the people "falling" for these phishing expeditions do not have the knowledge available right here in this forum: they are trusting their email to be a "what you see is what you get" thing, and while you and I know it's not that way, they don't.
Does anyone really think that the general public is going to get that boned up on this stuff? Heck, 90% of them never heard the simple guideline: "most legitimate businesses won't even ask you to update over the internet via email" much less the stronger guideline "when in doubt, don't until after YOU VERIFY either by email or phone call, that the request is legitimate". | |
|
| | |
| | | 
Omega
Displaced Ohioan
Premium
join:2002-07-30
Cheyenne, WY
clubs: | Re: Microsoft's Solution The way I do it is just look at the status bar at the bottom of IE. It shows you the true link. | |
|
| | | |
Morac
join:2001-08-30
Riverside, NJ
·Comcast
| Re: Microsoft's Solution said by Omega :
The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.
There's a very easy way to stop the real address from showing up in the status bar. Just add a NULL character (%00) after the %01 character in the URL. Then the fake URL will show in the status bar.
Or use scripting to obscure it.
Either way, looking at the status bar doesn't guarantee you're going to a real site. | |
|
| ParanoiaInc
join:2002-08-28
Tucker, GA | True, but for those in a rush this is still a major problem when the fake links start infecting search engines. | |
|
banditws6
Shrinking Time and Distance
join:2001-08-18
Naples, FL
·Comcast
| What's with Microsoft? My parents nearly fell victim to one of these new phishing scams while I was sitting in the same room over the Christmas holidays. They had received some kind of email from Earthlink (their dialup ISP) claiming that their credit card did not go through on the last attempt to automatically bill, and that they needed to go to a web page and enter a new credit card. My dad was actually going to do it, but at the last minute he decided to get my mom and ask her to make sure the credit card he was entering was a good one to use.
Hearing that, I happened to take an interest in what he was doing and was immediately suspicious. But the "padlock" icon in the browser was on, and the URL bar showed an address at earthlink.net. Must be all right, I thought. But then I remembered the new phishing scams -- which I read about here on DSLR -- and so I went back to the email and checked the source code. Sure enough, it utilized this exploit to pass a false Earthlink URL to the browser. If I hadn't been a frequent visitor of this site, I might have allowed my dad to submit his credit card info to the scammers! Fortunately I caught it and was able to stop my parents from proceeding before they submitted the form.
That Microsoft blithely ignores this problem is sheer stupidity. On my home computer, I've switched to Mozilla Firebird full-time and I'm not missing IE in the slightest. In fact, using Firebird has allowed me to see just how poorly IE interprets a lot of CSS and other markup!
--
"I'll follow the law until it's just stupid." -Ted Nugent | |
|
| attsbcisgay
join:2003-03-18
Beverly Hills, CA
| Re: What's with Microsoft? Dude, everythng in life is a scam including milk, bread and butter. What took you so long to realize this???
Sheepers, jeeper, deeper!
 :D:D:D | |
|
woody7
Premium
join:2000-10-13
Torrance, CA
 ·EarthLink
·DSL EXTREME
| Hmmmmmmmmmmmmm...... Just don't use IE...I get this scam with CitiBank, Earthlink, etc.....they look pretty real, I use FireBird, and if there is a problem with the billing,they can contact me by mail or phone....but what I see as another concern, is that if it wasn't for DSLR, I wouldn't know about this ......Earthlink has never alerted me to the scam.....nor CitiBank....I don't even hear about it on tv...............Just my thoughts
--
BlooMe | |
|
| Zunger
join:2003-08-24
Fayetteville, AR
| Re: Hmmmmmmmmmmmmm...... Anyone who falls more most of these exploits must not be able to read. On most things you signup for (paypal for example) it clearly says it will never emailing you asking for this. But people are still falling for it, maybe they need to offer a crash course on reading on dslr. | |
|
| | Sunburn
join:2000-10-05
Denver, CO | Re: Hmmmmmmmmmmmmm...... You do not need to know how to read, just use Firebird. It does it all for you. | |
|
| | | 
nklb
Premium
join:2000-11-17
Ann Arbor, MI
clubs:
| Re: Hmmmmmmmmmmmmm...... Dont rely just on firebird though- you still need your wits about you.
While firebird currently has a good track record (in fact it's all I use), that still doesnt mean there arent any problems with it. Just because they arent known doesnt mean they arent there
As it is though, I trust firebird a LOT more than IE (IE is just junk, imho)
--
for all your Linux questions | |
|
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
·Qwest.net
| Sad I just told my parents not to use their credit cards on the
net at all. but to look them up on Qwestdex, or Verison Superpages and call them.
It is really sad that Microsoft in their arrogance threatens
the trust of online transactions E-commerce has been trying to sell to the public for years. I always just call to make
any purchases I want, I like talking to the company anyway
you can really get a feel for an outfit by how they treat you on the phone.
--
Remember when hacking a loogy it comes not so much from the lungs but from the soul. | |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| third party? I don't use I.E. on a regular basis, so I'm not so vigilant about its problems, but I was wondering about those third-party patch guys...have they tried again? I don't remember their domain name. Last I read, their patch had buffer overflow problems, so I wonder if they've had a re-release.
Open source...yeah, right. I couldn't find any source when I looked at their site.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here | |
|
nascar24
join:2000-12-20
Sterling Heights, MI
1 edit | Firebird! Firebird appears to be the correct answer:D
Great browser, If people would just start dumping IE MS might get off their butt and start some innovation | |
|
| 
affliction
@bc.ca
| Re: Firebird! MSIE is still overall the best browser I've used; pretty much every site on the Web is designed for it, and it is integrated into the Windows shell, which means faster load time, less RAM usage, and less chance of it going FUBAR. I have an address box on my taskbar; I just type in the URL, hit Enter, and BAM! -- IE opens up and takes me there instantly.
Besides, I'm not too mad at Microfluff right now; they're (allegedly) hard at work on Longhorn. If the end result is as good as Windows 95 was, then I'll forgive them.
However, I don't see the point in this new "monthly patch" strategy. Why should I have to wait as many as 31 days to have my computer secured just because some morons are too lazy to check Windows Update every few weeks? | |
|
| | nascar24
join:2000-12-20
Sterling Heights, MI | Re: Firebird! IE was the best browser when they still were updating it with new features. It no longer is. Firebird blows it away when it comes to new innovative features. Yes since everyone uses IE the wonderful ad companies own you. | |
|
| attsbcisgay
join:2003-03-18
Beverly Hills, CA
| said by nascar24 :
Firebird appears to be the correct answer:D
Great browser, If people would just start dumping IE MS might get off their butt and start some innovation
You cannot get rid of IE, it was integrated into windows since the rise of 98...
PLUS IE owns your soul if you use windows, if you're with Mac, then they can't tough you.
yea MICROSOFT the is soul sucker of all user.
Bill Gate, he is a dick.
BTW, the patch, update at microsoft is only good if you don't have a firewall. and its very time consuming, plus added 300mb to my hd space, which took freakin 1 hours to update that crap... anyway windows Fvcked up and I had to reinstall everything.
Windows is EVIL, NAZI OS. | |
|
rid0617
join:2003-07-20
Greer, SC | Don't use IE I don't use IE unless its one of the banking sites that don't accept firebird. And then I type in the complete address. Don't have that much spare money to lose to wait on Micro$oft | |
|
| attsbcisgay
join:2003-03-18
Beverly Hills, CA
1 edit | Re: Don't use IE You'll have to get rid of windoze to not use IE. | |
|
lefty1
join:2002-10-25
Clay, NY | Patch is available You can download a free patch for this flaw in IE by going to »www.openwares.org. Be sure to type the address; don't just click on the link. | |
|
rcarter3
Nap Time Yet?
join:2001-11-01
Royal, AR
clubs:
| openwares patch for the phishing exploit I have to say that the current patch from '»www.openwares.org' seems to work correctly on my system using I.E. 6.0 under the XP-Pro OS. Just a note for those who do chose to use IE verses any of the other browsers mentioned in this thread
--
Teamwork Is Essential It Allows You To Blame others | |
|
nklb
Premium
join:2000-11-17
Ann Arbor, MI
clubs:
| Take a look at this Just paste the following into your location bar:
javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");
Found this at »support.microsoft.com/?id=833786
--
for all your Linux questions | |
|
Affliction
@bc.ca
 from:
rchandra
| I have a suggestion for Microsoft. When something this critical comes up, don't explain how it works; just patch it. | |
|
lefty1
join:2002-10-25
Clay, NY
| Patch Netcaptor (»www.netcaptor.com), a modified version of IE, claims to have fixed that vulnerability as well. Plus, with a built-in pop-up blocker and tabbed browsing, it's arguably the best alternative to IE. | |
|
|
rcarter3
Nap Time Yet?
join:2001-11-01
Royal, AR
clubs:
| Re: Patch said by lefty1 :
Netcaptor (»www.netcaptor.com), a modified version of IE, claims to have fixed that vulnerability as well. Plus, with a built-in pop-up blocker and tabbed browsing, it's arguably the best alternative to IE.
Tried out this browser alternative and for all the alternatives I have tried, it seems to be a nice setup save for the advertisements on the top line of the browser window which, while not really annoying to me, are noticable. This can be removed with an upgrade to the pro version for a approx 30$ (U.S.) fee, which to me makes it less desirable but for the amount of set up you have to do to make it functional and its ease of transfer from IE to netcaptor its a very nice alternative to IE. Thanks for pointing me in that direction. I am going to give it a go for a few days and see how it works. P.S. the way netcaptor solves phishing is my being able to display the
%01 in the addy thus revealing the rest of the address like in the link from broadbandreports.com which is netcaptor displays as www.symantec.com�@i.dslr.net/symantec/www.symantec.com/index.html in the netcaptor address line and the status bar when you hover over a link on the test page from broadbandreports.com
--
Teamwork Is Essential It Allows You To Blame others | |
|
| | nascar24
join:2000-12-20
Sterling Heights, MI | Re: Patch Costs money though, You get the same from Firebird for free. | |
|
| jconnell
join:2002-06-04
Newark, DE | If you want a good free alternative IE based browser with those features and more try MyIE2. | |
|
|
|
|
No Phishing Exploit Patch
·