Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
No relief from Microsoft phishing bug
Kevin Poulsen, SecurityFocus 2004-01-13

Tuesday's edition of Microsoft's monthly bundle of security advisories features an omission that should keep online fraud artists and identity thieves happy: over one month after its discovery, there is no official patch available for a bug in Internet Explorer that lets swindlers pass off counterfeit websites as the real thing.

Comments Mode:
No relief from Microsoft phishing bug 2004-01-14
Anonymous
Konqueror under linux is also vulnerable... so it is not just windows IE...

[ more ]  [ reply ]
No relief from Microsoft phishing bug 2004-01-14
Anonymous
"The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them," the company advises."

Just use another browser I am very happy

with Mozilla myself. It should not take 2

months to fix a security hole.

...

[ more ]  [ reply ]
No relief from Microsoft phishing bug 2004-01-14
Anonymous
Don't use IE... sounds like relief to me!...

[ more ]  [ reply ]
No relief from Microsoft phishing bug 2004-01-15
Coldman
The advice from Microsoft is quite reasonable, but it seems that some misinterpret it: "...to help protect yourself from **malicious** hyperlinks is not to click them..." - they are talking about _malicious_ links, so the irony from Mr. Cooper makes a little sense (or not at all). There is another a...

[ more ]  [ reply ]
No relief from Microsoft phishing bug 2004-01-15
Anonymous
stop clicking links on the web...

Sounds to me like...

customer: My Windowws just crashed what do i do?

MS: There is no fix for that yet but we have a workaround, stop using your computer.

What a dumb answer from a "thrustworthy computing company"....

[ more ]  [ reply ]
No relief from Microsoft phishing bug - does this still work ? 2004-01-16
Anonymous
Tried it out between 2 of my websites, it's not working for me (the address shown in the bar is the correct one, not the one before the %01).

Same result with the test link provided in the article.

Besides, if you look at the status bar when the mouse is over the "fake" link, it shows the real tar...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus