Phishing Patch Detection

  • Thread starter Thread starter Michael
  • Start date Start date
M

Michael

Hi All,

Is there a way to detect if someone has updated their IE
with the Phishing patch? We use the http://user:pwd@URL
method of logging into our website, so we want to be able
to detect if the browser is able to hande that URL format
and provide different URLs (one with the user/pwd and one
without) depending on their browser.

Is there a special version number or something?

Hope you can help,
Michael
 
Michael, just found this in one of the posted message.

Quote


Colm,

That's the VERY first reasonable workaround I've seen. THANK YOU for
sharing!!!

(e-mail address removed) (Colm Ward) wrote in message
Hi

In response to the recent Microsoft IE update:
http://support.microsoft.com/?kbid=834489

I devised a workaround solution to the login problem this update
causes which I thought I would share, it seems to work with most
browsers.

Instead of trying to directly access a protected resource like this:
http://username:[email protected]/protected/index.html

first, go through a redirect page. The redirect page will have the
following in the <head>:

<meta http-equiv="Refresh" content="3;
URL=http://www.somehost.com/protected/index.html">

And further down the page will have a very small transparent image
like this:
<img src="http://username:[email protected]/protected/image.gif"
width="1" height="1">

The image must be in the protected folder.

With this arrangement, eveyone who doesnt have an IE browser with the
latest security update will get through after a 3 second delay. Their
browser will have authenticated them on accessing the image, so 3
seconds later when the page is looked for the browser won't need to
present the popup login dialog.

And everyone who does have a browser with the security update will
still get in, only they will be presented with the popup login dialog
because their browser wont be able to find the image (that's why it's
1x1 and transparent). Its a little more troublesome for these users,
but at least they still get in, rather than being presented with "The
page cannot be displayed".

take it easy
Colm
--

Unquote.

Henri Leboeuf
Web page: http://www.generation.net/~hleboeuf/index.htm
 
Glad I could help, but the flowers goes to the previous poster.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top