bigc73542
January 17th, 2004, 09:27 PM
Link to story: http://www.dslreports.com/shownews/37301
-{ Quote: "No Phishing Exploit Patch
Microsoft fails to release IE fix
Written by Karl Bode
The recently discussed Internet Explorer exploit (demonstrated here (http://www.dslreports.com/shownews/36402)) - that allows scammers to fake secure sites - won't be seeing a fix this month by Microsoft. Their security bulletin for January doesn't even mention the flaw, which has given birth to an unlimited wave of new "phishing" scams. The January update does offer a patch - which patches a previous patch - and aims to resolve an OS buffer overrun vulnerability, but the company has been oddly quiet about the IE exploit.
The rather simple exploit allows a scammer to present a completely bogus link/website as both genuine and secure, a tactic that has made scams such as those long-seen by customers of Earthlink and Paypal that much more potent. The exploit takes advantage of the fact that the Internet Explorer address bar is incapable of displaying the special character "%01", or any data that comes afterwards; allowing scammers obfuscate the true website address rather easily.
Users are sent an e-mail informing them...
.
.
." }-
-{ Quote: "No Phishing Exploit Patch
Microsoft fails to release IE fix
Written by Karl Bode
The recently discussed Internet Explorer exploit (demonstrated here (http://www.dslreports.com/shownews/36402)) - that allows scammers to fake secure sites - won't be seeing a fix this month by Microsoft. Their security bulletin for January doesn't even mention the flaw, which has given birth to an unlimited wave of new "phishing" scams. The January update does offer a patch - which patches a previous patch - and aims to resolve an OS buffer overrun vulnerability, but the company has been oddly quiet about the IE exploit.
The rather simple exploit allows a scammer to present a completely bogus link/website as both genuine and secure, a tactic that has made scams such as those long-seen by customers of Earthlink and Paypal that much more potent. The exploit takes advantage of the fact that the Internet Explorer address bar is incapable of displaying the special character "%01", or any data that comes afterwards; allowing scammers obfuscate the true website address rather easily.
Users are sent an e-mail informing them...
.
.
." }-