l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2003 Dec 11 21:49

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] New phishing vulnerability
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] New phishing vulnerability



At 03:53 PM 12/11/03 -0800, you wrote:
>On Thu, 2003-12-11 at 15:47, Larry Ozeran wrote:
>> At 11:25 PM 12/9/03 -0600, you wrote:
>> >> I use old browsers. MSIE 5.50 and Netscape 4.77 both work OK for me.
>> >> (i.e.
http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm
>> >> displays on the address line for both)
>> >
>> <snip>
>> 
>> >On IE 5.0 on Windows, there was nothing after http://www.microsoft.com ...
>> and actually, if I go into the URL bar on IE and type
>> http://www.microsoft.com, I will see in the history, almost the same link I
>> see in Mozilla, except with the %01 replaced by a box (standard unprintable
>> character)
>> 
>> On IE 5.5 in Windows, I get the full address. Maybe MS fixed it in 5.5,
>> then for some reason unfixed in 6.0?
>
>You can't replicate the problem by just pasting the link above into your
address
>bar. You need to access the link from here:
>
>http://www.zapthedingbat.com/security/ex01/vun1.htm
>
>Press the "Test Exploit" button.

The effect appears to require active script. Even going to that link, IE
5.5 won't go anywhere from the button with scripting turned off (how I
default my browsers). It happens to be one of my pet peeves when coders use
scripting when a simple link will do.

In NS 4.77, there is no button even with scripting on.

>
>> _______________________________________________
>> vox-tech mailing list
>> vox-tech@lists.lugod.org
>> http://lists.lugod.org/mailman/listinfo/vox-tech
>-- 
>R. Douglas Barbieri
>doug@dooglio.net
>http://www.dooglio.net
>
>GPG Fingerprint : FE6A 6A57 2B95 7594 E534  BFEE 45F1 9E5E F30A 8A27
>MIT.edu recv-key: C55B91D4
>GPG Public key  : http://www.dooglio.net/dooglio.asc
>
>Attachment Converted: "e:\eudora\attach\signature1.asc"
>

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.