A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com.
Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)
posted by dejah420
on Dec 9, 2003 -
Microsoft to discontinue development of IE for the Mac... Surprisingly this apparently isn't being done because of the low market share for Macintosh, but rather as a side effect of the increasing integration (whether real or alleged) between IE and the Operating System, which on the Mac is closed, so MS can cease development as support for their claims of mandatory integration between browser & OS. I await the next step, mandatory integration between email & OS? IM? Media tools? Net access?
posted by jonson
on Jun 13, 2003 -
Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.
posted by mathowie
on Jul 12, 2002 -
Do you have a 'Super Cookie' ??? Another m$ screw-up... Very interesting since wmp just minutes before tried to access the net through my firewall that is set to block all except a few programs. If you're running mozilla his demo
doesn't hit but using msie it sures pulls up the ID# of my wmp... time to tighten things down again!!! Another blasted waste of time to fix what m$ should not have let out in the first place!!! Link via... Inflight Correction
posted by tilt
on Jan 17, 2002 -