Full Disclosure mailing list archives
Re: Re: Internet Explorer URL parsing vulnerability
From: "Clint Bodungen" <clint () secureconsulting com>
Date: Wed, 10 Dec 2003 09:05:28 -0600
Please see my original post... oh wait... I'll paste it. I don't really think it will make that much of a difference their profits considering anyone dumb enough to fall for those scams isn't going to know the difference between an IP address in the URL box and a "spoofed" domain. I had a client fall for an eBay scam and the end resulting domain in the URL box was damn near www.robbingyoublinddamngringo.com. I can see where a more effective scam would be, like you hinted at, the infamous microsoft security update emails. ----- Original Message ----- From: "Feher Tamas" <etomcat () freemail hu> To: <full-disclosure () lists netsys com> Sent: Wednesday, December 10, 2003 2:23 AM Subject: [Full-disclosure] Re: Internet Explorer URL parsing vulnerability
Unless the bug has already been exploited by malicious people, it was a highly irresponsible act to disclose it to the public, without giving Microsoft a reasonable timeframe to produce a fix. It may even qualify as a crime! Considering the simplicity of this URL faking trick, it will be certainly
see
active use by scammers during this Christmas shopping season and thousands of people will be robbed of their online banking accounts, etc. The money will boost organized crime and the whole society will suffer. A patch would give customers at least a theoretical chance to protect themselves and the community. I certainly would not object to ZapDingbat getting sued for a few billion bucks by M$ or the US Gov't sending him to a long recreation at Guantanamo Bay. People like him discredit security research like nothing else and his acts contribute towards legislation that will curb people's right to investigate code. Regards: Tamas Feher. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: FWD: Internet Explorer URL parsing vulnerability, (continued)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
- RES: RE: FWD: Internet Explorer URL parsing vulnerability Cleber P. de Souza (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Frank de Wit (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Jedi/Sector One (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Ricardo Moura (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)
- RE: Re: Internet Explorer URL parsing vulnerability Rui Pereira (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
- RE: Re: Internet Explorer URL parsing vulnerability Rui Pereira (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Exibar (Dec 10)