Er, on IE6.0.2800.1106.xpsp2....this shows up as https://www.let_me_steal_your_money.com/ in the address line. Guess it don't work as advertised. Maybe we should all upgrade? ;)
R -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Exibar Sent: December 10, 2003 7:55 AM To: Feher Tamas; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability I can see many people getting duped with this: https://[EMAIL PROTECTED] so I completely know where you're coming from. exibar ----- Original Message ----- From: "Feher Tamas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 10, 2003 3:23 AM Subject: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability > >Proof-of-Concept here: > >http://www.zapthedingbat.com/security/ex01/vun1.htm > > > >Vendor Notified 09 December, 2003 > > Unless the bug has already been exploited by malicious people, it was > a highly irresponsible act to disclose it to the public, without giving > Microsoft a reasonable timeframe to produce a fix. It may even qualify > as a crime! > > Considering the simplicity of this URL faking trick, it will be certainly see > active use by scammers during this Christmas shopping season and > thousands of people will be robbed of their online banking accounts, > etc. The money will boost organized crime and the whole society will > suffer. A patch would give customers at least a theoretical chance to > protect themselves and the community. > > I certainly would not object to ZapDingbat getting sued for a few billion > bucks by M$ or the US Gov't sending him to a long recreation at > Guantanamo Bay. People like him discredit security research like > nothing else and his acts contribute towards legislation that will curb > people's right to investigate code. > > Regards: Tamas Feher. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
