Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Spoofing Update (IE 6)

    I just read an article that talked about an IE vulnerability that MS hasn't addressed yet. However, I just read this in a forum here & don't know how valid it is. They suggest downloading a patch from OpenWares. Anyone know if this is a good idea or not?

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Spoofing Update (IE 6)

    This issue exists. There's an eWEEK article discussing it, too. But I don't think it's serious enough to load an EXE file from a website I've never head of!!!!!

  3. #3
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spoofing Update (IE 6)

    Phil

    My 2p worth is that if Microsoft haven't provided a fix yet, and they actually write the source code of IE, then I would rather wait for them to do so than rely on a fix of unknown provenance by someone of unknown skills. But maybe I've just stopped living dangerously!
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  4. #4
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spoofing Update (IE 6)

    Thanks to both of you for responding. I actually tried to reply before, but the Lounge was unresponsive. I shall await MS for one of their critical updates. I'm pretty careful about clicking links anyhow.
    Cheers,

  5. #5
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spoofing Update (IE 6)

    Phil--

    It's very valid and they have a KB reacting to it but no patch yet. They provide several steps you can take in the KB. In the meantime they urge IE users to read email in plain text--not to click IE webpage hyperlinks but to manually type every hyperlink in--talk about a time consuming and cumbersome work-around, and you can take a look at the other measures they offer. They also screen shot some measures in the second link. Open Wares put out a patch and then withdrew its first one because of an equally big exploit--this is their 2nd--I'd wait.

    833786: Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks

    Microsoft releases details of IE spoofing flaw, no patch yet December 16, 2003

    Microsoft Security: Shop Safely on Line How To Avoid Attacks Including Spoofs

    So this could be one more reason for the Mozilla Boosters in the Lounge to cheer Mozailla couldn't it? A lot of people though run 3 or 4 Browsers--Avant, Mozilla, Opera, IE.

    Here's how you can ask the guys who run MS security very soon "Where's this patch? What's up with this spoof? How worried are you guys?" The 3 guys besides Scott Charney most responsible for running security at MS are going to be doing webcasts during the next couple weeks via Live Meeting and you can type in questions and they always answer them all:

    <A target="_blank" HREF="http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032241586&Culture=en-US">TechNet Security Webcast: Information about Microsoft

  6. #6
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spoofing Update (IE 6)

    HI SMBP:
    Thank you for the research & additional information.

  7. #7
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spoofing Update (IE 6)

    I suspect MS will come out with something real soon and it seems to make sense to wait for them. If I can get any more specific info next week from them, I'll be sure to pass it on.

    SMBP

  8. #8
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spoofing Update (IE 6)

    Phil--

    In cleaning up some windows I ran across this additional bit of info. I don't know if you use Mozilla, and I could put something in the other browsers area that I don't frequent much but this article says Mozilla Firebird is also impacted by this--at least Firebird .7 on both Windows and Penguin boxes:

    URL spoofing flaw could be used in bank scams

    Of course I got there by clicking an IE link on my original web page. I really feel like the guys should feel that say I'm going to eat as much meat as I can who understand the odds are terribly terribly small for BSE/CJD--but oblivious to the USDA's own hardly publicized study that 35% of the powercut trimmed meat had brain and spinal cord remnants in it.

    I just honestly could not take the precautions prescribed as far as right clicking every link I want to click of a hyperlink in a browser window even from so-called trusted cites-- then pasting them into the address bar--I guess those could be spoofed and then pasting the link into my browser. It just takes too long--a habit I can't break so while I don't look over my shoulder in fear here I'd sure appreciate a fix. Some of the other measures in the KB we all take already.

    SMBP

  9. #9
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Spoofing Update (IE 6)

    I lost the connection when you started talking about mad cow disease...

    I think the general answer is just to always be VERY skeptical about your e-mail and unknown web sites. This won't always be enough, but if you think of them as telemarketers calling, it helps put you in the right frame of mind. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  10. #10
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spoofing Update (IE 6)

    There is also no harm in adopting a "Don't call me. I'll call you" policy for any online financial transaction. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>
    Gre

  11. #11
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spoofing Update (IE 6)

    Jefferson--

    That's always good conventional wisdom and I've seen you impart a lot of great specific wisdom when it comes to security settings and habits with respect to IE and Outlook. The Austrailian site headed their link with respect to banking, but unless I misunderstand the problem with this security flaw and we know it's not the first that has done this is that it doesn't allow simple prudence and common sense to work for you. If you're cruising around to different favorite sites, and you are used to hitting a hyperlink here or a hyperlink there, this offers the possibility that the hyperlink could be spoofing your old friend and be malicious.

    Let's say you go to a "reputable site" like Extreme Tech or Woody's newsletters. You know the people and you're comfortable so you click away. Those may not be great hypotheticals because in the real world Woody's is probably deploying state of the art security as is PC Mag/Ziff Davis' lab for those sites. So maybe security of the site's servers is critical in the equation.

    But the point of the MSKB that says we don't have a fix yet is that to be literally sure you don't click a malicious hyperlink you should manually or right click verify the url so that the hyperlink doesn't run a malicious one.

    My Mad Cow analogy without going to current events/ politics of using an erratic meat inspection mode to try to spell medical efficacy is that from a viral prion standpoint there is not sufficient screening. The Nobel Prize winning prion virologist from California Dr. Pruisner has made this abundantly clear. But the mantra has been "look at the odds--they are are infinitely small of actually getting Mad Cow/BCE/CJD from a Big Mac."

    I was making the anlogy that I am not going to verify every url in every hyperlink I click in web pages. as Microsoft suggests I do in that MSKB. I'm going to just click them and hope that Microsoft comes up with a fix soon. I don't know the odds. I didn't use the patch that's out there and I could get a lot of laughs from some people--I'm waiting for MS because I actually trust their patch more then a company I don't know--or the devil I know a little better.

    I don't even know the equation for figuring the odds of my getting a malicious hyperlink. I think as you always say Firewall Definition Firewall Definition will help make the odds higher for this spoof to hit me but I dunno.

    SMBP

  12. #12
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Spoofing Update (IE 6)

    I don't think the risk of your regular websites being hacked with sketchy URLs is even on the radar.

  13. #13
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spoofing Update (IE 6)

    So it's not on your radar, but it's on Microsoft's (the current manufacturer) of IE radar because they have put up a web site on the spoof and they have constructed what I'd call a preliminary KB that has no fix yet directed directly at the vulnerability that caused Phil to start this thread.

    PC World called it a Powerful flaw so It must be on their radar as well:

    Powerful Flaw Found in IE: Hole could allow scammers to hide the true address of Web pages. December 10, 2003

    I was merely posting in response to Phil's post and getting information. The article I mentioned said sites as common as Ebay could be involved. I did not see the words sketchy are "even on the radar" anywhere in the MSKB. Microsoft has set up a site on the spoof and they are developing a patch for this. Both these activities cost money, and I don't believe they are purely PR manuevers.

    The first Open Ware fix had flaws:

    [url=http://lists.netsys.com/pipermail/full-disclosure/2003-December/014933.html]

    I posted this on the Mozilla section of the Lounge --i.e. other browsers because there are some experts that say Mozilla .7 is involved but apparently Wylly and Unk think that's not the case. Whether or not I use Mozilla is off point, because in fact there have been thousands of Lounge Posts that warn of exploits where the poster does not lab test the exploit, doesn't know how to lab test the exploit, is not a buffer overflow, packet inspection or security specialist, or an IT professional in all cases, but is trying to respond with information they read from what they thought might be a credible source.

    I did not start the thread--I just responded with the latest info that Microsoft posted. So it's not on your radar, but it is on Microsoft's radar and they make IE. They didn't want to see another view, so they locked the thread after expressing their views. Other views are being expressed on security sites as to both Mozilla Firebird .7 and IE.

    I noticed Mozillas was mentioned and I was chastized on the other browser threads that since I don't run Mozailla I could not know anything about the exploit. People post all the time on security threats. The majority are not security specialists or in lab testing environments. I don't run Mozilla, but I have. As far as I know it takes a few seconds and a few mouse clicks to run it.

    The KB that Microsoft put out didn't have anything about radar and risks so basically Microsoft thinks it is a significant risk and you didn't say why you don't.

    A lot of reputable Security sites and web media have given it significant attention. And PC World did call it "Powerful"

    SMBP

  14. #14
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Spoofing Update (IE 6)

    I wasn't talking about the URL vulnerability not being a problem, obviously it's a disaster. However, you hypothesized that web sites you visit and trust might be hacked with bad URLs. THAT is what I am saying is an immeasurably small risk. Please read my posts more carefully before blasting me with half page responses.

  15. #15
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spoofing Update (IE 6)

    I can't make the distinction you're making between "the URL vulnerability" --which I take to mean that you can get in trouble clicking on hyperlinks on a web page and sites being hacked with URL's. Please help me out with the difference.

    SMBP

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •