Dinkar
msg:591106 | 8:26 pm on Apr 17, 2006 (gmt 0) |
Try some alternate browser like FireFox.
|
trillianjedi
msg:591107 | 8:45 pm on Apr 17, 2006 (gmt 0) |
Ouch, that's nasty - thanks for the heads up.
|
tstaheli
msg:591108 | 9:16 pm on Apr 17, 2006 (gmt 0) |
Another day, another patch.
|
encyclo
msg:591109 | 9:25 pm on Apr 17, 2006 (gmt 0) |
| Try some alternate browser like FireFox |
|
But if you do, make sure you patch that too [webmasterworld.com]. :) Whilst IE vulnerabilities are much more frequent, the latest Firefox bug is much more serious than this particular IE one.
|
Jon_King
msg:591110 | 10:37 pm on Apr 17, 2006 (gmt 0) |
Thanks for that pageonresults. I do think that vulnerabilities are here to stay and appreciate WebmasterWorld especially for the members wise to this fact. I've long since moved-on from considering a secure OS. The complexity of what we want, makes that an impossibility. If we have the minds capable of securing a network decide what is possible and what's not, we would be secure but less useful. Be the judge, it's a crap shoot to me.
|
tsheridan
msg:591111 | 10:58 pm on Apr 17, 2006 (gmt 0) |
Mine says .google.ca - is this the same thing as .google.com, in this instance?
|
pageoneresults
msg:591112 | 11:20 pm on Apr 17, 2006 (gmt 0) |
| Mine says .google.ca - is this the same thing as .google.com, in this instance? |
|
Yes. If you were not open to this vulnerability, you would end up at the Secunia website. [secunia.com...]
|
Don_Hoagie
msg:591113 | 12:48 pm on Apr 18, 2006 (gmt 0) |
You know what would be a scary application of this? Tie it in with the hack that changes your browser's home page... imagine your homepage got taken over and yet it still rendered as google.com / yahoo.com / msn.com... How many Gmail / Yahoo Mail /Hotmail users would innocently input their user/pass to those spoofed pages? Google is my homepage, and I can tell you right now that I wouldn't have the slightest idea that I was getting conned if they designed the pages right. (And it's oh-so-tough to recreate Google pages, isn't it?)
|
donpps
msg:591114 | 1:37 pm on Apr 18, 2006 (gmt 0) |
I tried to manually change the google spoof page to https://www.google.com and got the original google page. Question: Are secure websites are protected from this vulnerability?
|
Xyzi
msg:591115 | 2:34 pm on Apr 18, 2006 (gmt 0) |
| You know what would be a scary application of this?... |
|
Actually that's already possible by just modifying the hosts-file.
|
mack
msg:591116 | 4:02 pm on Apr 18, 2006 (gmt 0) |
| Actually that's already possible by just modifying the hosts-file. |
|
Very true, and it would work with any browser the user had installed, not just IE. Address bar spoofing it a very similar concept, thankfully IE7 addresses this issue to an extent by letting you know in no uncertain terms that the certificate does not match the domain. By letting you know I mean red address bar and full page error message before it will let you proceed. Mack.
|
beebware
msg:591117 | 9:50 pm on Apr 18, 2006 (gmt 0) |
Actually, IE 6.0 on my Win XP SP2 box initally failed this exploit. I just got Google on the Google URL - however, moving the window aside, I had to dialog boxes asking me to "Allow sub-frames to navigate across different domains?". Clicking "No" keeps Google.co.uk shown in the URL bar with the contents of the site being Google - clicking "Yes" (to both dialog boxes) shows the exploit with Google.co.uk in the URL bar and Secunia's site in the window.
|
JudgeJeffries
msg:591118 | 1:44 am on Apr 19, 2006 (gmt 0) |
"disable active scripting"
How? Where? I cant find it.
|
Swanson
msg:591119 | 2:47 am on Apr 19, 2006 (gmt 0) |
I just tried it using IE 6 and it was fine - the URL was not Google in the address bar.
|
Swanson
msg:591120 | 2:51 am on Apr 19, 2006 (gmt 0) |
Just to clarify - XP Home with IE 6 fully patched.
|
pageoneresults
msg:591121 | 4:05 pm on Apr 19, 2006 (gmt 0) |
Quick question. Anyone having any problems with their IE after performing the above test from Secunia?
|
mack
msg:591122 | 4:13 pm on Apr 19, 2006 (gmt 0) |
I tried the test, and my system was found to be venerable. No ill effects since I tested though? What have you been seeing? Mack.
|
zafile
msg:591123 | 4:22 pm on Apr 19, 2006 (gmt 0) |
The Secunia alert seems valid for people with bad habits while browsing. People browsing porn should be worried about the vulnerability. However, the alert is mainly hype for Secunia. The link in the top of the WebmasterWorld homepage only enhances such hype. I think is time for WebmasterWorld to provide better and more relevant content in its homepage.
|
pageoneresults
msg:591124 | 4:23 pm on Apr 19, 2006 (gmt 0) |
| What have you been seeing? |
|
Well, yesterday I had some major issues with the temp cache (IE) being flooded. Also, something happened with my Norton Spam within Outlook although that may be unrelated. Since then, I've done full system scans for viruses, etc. All is well. After dumping the temp cache and reviewing all my running processes (just to be sure), things appear to be back to normal. I don't want to run the test again until I know for sure if others experienced any issues.
|
pageoneresults
msg:591125 | 4:25 pm on Apr 19, 2006 (gmt 0) |
| The Secunia alert seems valid for people with bad habits while browsing. People browsing porn should be worried about the vulnerability. |
|
Huh? Are you saying that this is linkbait for Secunia? And that the vulnerability only affects those browsing p*rn sites?
|
abacuss
msg:591126 | 9:40 am on Apr 22, 2006 (gmt 0) |
Thanks for the information.
|
wmuser
msg:591127 | 2:36 pm on Apr 23, 2006 (gmt 0) |
Hard to believe but there is still NO patch for it,IE is still vulnerable,tried it on my PC
|
whisky1
msg:591128 | 4:55 pm on Apr 30, 2006 (gmt 0) |
Thanks for the info and advice, i will use firefox first
|
|
