Hi,

For those who likes to bash IE, read this at this link

http://www.techweb.com/wire/security/59301618

On Tue, 8 Feb 2005 11:10:23 +0900, "jeffrey"
<(E-Mail Removed)> wrote:

>Hi,
>
>For those who likes to bash IE, read this at this link
>
>http://www.techweb.com/wire/security/59301618


Yep, had to laugh that one!

Also here:

Serious vulnerability hits non-Microsoft browsers

http://www.computerweekly.com/articl...&liFlavourID=1

Marc Liron
Microsoft MVP
www.updatexp.com
www.podcasting-101.com

I tried the example, dusting off a rarely used copy of Mozilla 1.6 to do it.

the example for spoofing paypal.com uses a cyrillic 'a', which is much smaller
than the other characters in the url. Will anybody fall for something that
looks so obvioulsy rwong? Maybe. But I can Xerox a dollar bill, and replace
George Washington's face with Moe Howard, and some people will fall for that,
too.

This hardly compares to the many serious security flaws that turn up all the
time in microsoft software.



On Tue, 8 Feb 2005 11:10:23 +0900, "jeffrey" <(E-Mail Removed)>
wrote:

>Hi,
>
>For those who likes to bash IE, read this at this link
>
>http://www.techweb.com/wire/security/59301618

here's a screen shot, if anyone is interested:

http://img226.exs.cx/img226/9417/secunia2gt.jpg

I suppose if you don't look closely at it, you can be fooled.

What solution could there be except not to have such lookalike characters
allowed...

In article <#r$(E-Mail Removed)>, jeffrey says...

> For those who likes to bash IE, read this at this link

> http://www.techweb.com/wire/security/59301618

If that is the worst flaw in Firefox, et. al., then I will stay with it,
thank you very much; MSIE still has the "DestructiveX" flaw, a much more
serious disability.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Al <(E-Mail Removed)> wrote:
> I tried the example, dusting off a rarely used copy of Mozilla 1.6 to do it.

> the example for spoofing paypal.com uses a cyrillic 'a', which is much smaller
> than the other characters in the url. Will anybody fall for something that
> looks so obvioulsy rwong? Maybe. But I can Xerox a dollar bill, and replace
> George Washington's face with Moe Howard, and some people will fall for that,
> too.

It all depends on the fonts you're using. Using the default font for
Firefox -- whatever that happens to be on my system -- the spoof is
pretty convincing. I can't detect any difference between the two a's.

--
Gary L. Smith (E-Mail Removed)
Columbus, Ohio