Loading ...
Sorry, an error occurred while loading the content.

Explorer Security Flaw

Expand Messages
  • Gordon Lane
    Furhter to Judii s email from the other day, you now cann t even trust what is showing in the address bar. Type in those URLs and do not click on one from an
    Message 1 of 2 , Dec 24, 2003
    • 0 Attachment
      Furhter to Judii's email from the other day, you now cann't even trust what
      is showing in the address bar. Type in those URLs and do not click on one
      from an email

      IE Security Flaw Allows For Fake URLs http://link.surfsecret.com/?exX9Y The
      only way you can tell that the site you're giving your credit card to is to
      look at the domain in the address bar. Now there is a new flaw found in
      Internet Explorer that allows anybody to impersonate the URL of another site
      no matter what site you really might be on. A hacker can then make a site
      that looks like Paypal.com and even says Paypal.com in the address bar but
      is actually on the hacker's server somewhere else in the world.<br><br>The
      way it's done is by putting a strange character between the real URL (ex:
      hackersite.com) and the fake one (amazon.com) and the real URL won't be
      shown. So far there is no fix from Microsoft, although an independent
      security company is offering their own version of the fix. If you don't
      trust installing a non-Microsoft fix, you may just want to wait it out and
      just be careful until one does.<br><br><a href="
      http://link.surfsecret.com/?vfcNr">Test for the security flaw</a><br><a
      href=" http://link.surfsecret.com/?3FiHc">Fix Fro m Independent Security
      Company</a>

      Regards

      Gordon Lane
      Vice Chair - Facilities
      Editor Chinook

      Alberta Family Histories Society
      http://www.afhs.ab.ca

      Family website
      http://www.rumbolt.com

      http://www.afhs.ab.ca
    • Judith Rempel
      very good advice. I ve not been shy of purchasing items online until now - but I d wait until this goof is put to read before I do so again. I hear
      Message 2 of 2 , Dec 24, 2003
      • 0 Attachment
        very good advice. I've not been shy of purchasing items online until now -
        but I'd wait until this goof is put to read before I do so again. I hear
        (somewhere) that a fix is planned for January by Microsoft.

        BTW, as a web maker, I can tell you it is VERY easy to make a site look like
        a existing reputable site. It would take me less than an hour to replicate
        any site with 20 or fewer pp. More pp, once I got experienced.

        So, for the time being, I'm going to take the X-files' advice: "Trust no
        one".

        In Kinship,
        Judith Rempel, Webster
        judith@...

        and

        webster@...
        Alberta Family Histories Society
        http://www.afhs.ab.ca

        Canadian Genealogical Projects Register
        http://www.afhs.ab.ca/registry/

        1906 Census Transcription Centre
        http://www.afhs.ab.ca/data/census/1906/


        > -----Original Message-----
        > From: owner-compsigtips@...
        > [mailto:owner-compsigtips@...]On Behalf Of Gordon Lane
        > Sent: Wednesday, December 24, 2003 2:35 PM
        > To: compsigtips@...; dist-gen@...
        > Subject: Explorer Security Flaw
        >
        >
        > Furhter to Judii's email from the other day, you now cann't even
        > trust what
        > is showing in the address bar. Type in those URLs and do not click on one
        > from an email
        >
        > IE Security Flaw Allows For Fake URLs
        > http://link.surfsecret.com/?exX9Y The
        > only way you can tell that the site you're giving your credit
        > card to is to
        > look at the domain in the address bar. Now there is a new flaw found in
        > Internet Explorer that allows anybody to impersonate the URL of
        > another site
        > no matter what site you really might be on. A hacker can then make a site
        > that looks like Paypal.com and even says Paypal.com in the address bar but
        > is actually on the hacker's server somewhere else in the world.<br><br>The
        > way it's done is by putting a strange character between the real URL (ex:
        > hackersite.com) and the fake one (amazon.com) and the real URL won't be
        > shown. So far there is no fix from Microsoft, although an independent
        > security company is offering their own version of the fix. If you don't
        > trust installing a non-Microsoft fix, you may just want to wait it out and
        > just be careful until one does.<br><br><a href="
        > http://link.surfsecret.com/?vfcNr">Test for the security flaw</a><br><a
        > href=" http://link.surfsecret.com/?3FiHc">Fix Fro m Independent Security
        > Company</a>
        >
        > Regards
        >
        > Gordon Lane
        > Vice Chair - Facilities
        > Editor Chinook
        >
        > Alberta Family Histories Society
        > http://www.afhs.ab.ca
        >
        > Family website
        > http://www.rumbolt.com
        >
        > http://www.afhs.ab.ca
        >
        >
        > ____________________________________________________________
        > Free 20 MB Bannerless Domain Hosting, 1000 MB Data Transfer
        > 10 Personalized POP and Web E-mail Accounts, and more.
        > Get It Now At Doteasy.com http://www.doteasy.com/et/
        >

        http://www.afhs.ab.ca
      Your message has been successfully submitted and would be delivered to recipients shortly.