- Posts: 1700
- Thank you received: 0
Sahir's Blogspot
20 years 3 months ago #2529
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Sahir's Blogspot
Hmm quite a hubbub.. it appears that the anti-virus scanners have started reporting the IE url spoofing exploit as malicious code. This is a good thing, as the only two reasons that code would be on the web is either to demonstrate the vulnerability, or to exploit it.
Anyway I suppose the purpose I posted the link for -- to draw awareness to the issue -- has been fulfilled. However Microsoft has still to patch this vulnerability.. I can't for the life of me see why its taking them so long as it is probably being rampantly exploited already.
Given that my blog makes it clear that its a demonstration, I'm not going to pull the link just yet, what I have done is move it to another page, so anyone who wants to check out the demo will have to knowingly click that link first. I will also post a warning at the top of the page to let other visitors know that their virus scanner might go off.
Thanks for the info Cheetah, I apologise if I came across bluntly in my original response, I was kind of caught off guard when I read your post and credibility is a serious issue when you're involved with security. The last thing I would want people to think is that my weblog was trying to exploit something !
Anyway, now that thats all done with (hopefully
).....
Cheers,
Anyway I suppose the purpose I posted the link for -- to draw awareness to the issue -- has been fulfilled. However Microsoft has still to patch this vulnerability.. I can't for the life of me see why its taking them so long as it is probably being rampantly exploited already.
Given that my blog makes it clear that its a demonstration, I'm not going to pull the link just yet, what I have done is move it to another page, so anyone who wants to check out the demo will have to knowingly click that link first. I will also post a warning at the top of the page to let other visitors know that their virus scanner might go off.
Thanks for the info Cheetah, I apologise if I came across bluntly in my original response, I was kind of caught off guard when I read your post and credibility is a serious issue when you're involved with security. The last thing I would want people to think is that my weblog was trying to exploit something !
Anyway, now that thats all done with (hopefully
).....Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
20 years 2 months ago #2591
by Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
Replied by Cheetah on topic Re: Sahir's Blogspot
nnbnbHi Guys,
I saw the blogspot, thats nice
Please dont take my comments personaly; as mentioned previously, it was just constructive, IMHO.
Finally, we have the patch from MS. For your convinience I am pasting 2 lines extracted from the patch page. You may find more info from the MS Page.
support.microsoft.com/default.aspx?scid=kb ;[ln];833786
- Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information.
- Do not click any hyperlinks that you do not trust. Type them in the Address bar yourself.
Regards
-Cheetah
I saw the blogspot, thats nice
Please dont take my comments personaly; as mentioned previously, it was just constructive, IMHO.Finally, we have the patch from MS. For your convinience I am pasting 2 lines extracted from the patch page.
You may find more info from the MS Page.support.microsoft.com/default.aspx?scid=kb ;[ln];833786
- Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information.
- Do not click any hyperlinks that you do not trust. Type them in the Address bar yourself.
Regards
-Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
20 years 2 months ago #2593
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Sahir's Blogspot
Mmm.. theres still no patch for the vulnerability.. they've just given a couple of ways that you can try and protect yourself against being fooled. If they expect people to never click links but to type the URL in manually instead, what is the point of the world wide web ?
The sooner they release an Internet Explorer patch for this, the safer we'll all be. I for one don't go around looking at the source code for every single HTML page I visit.. and I'm one of the paranoid few
Joe User will pay the price for this. Its just too simple to execute, and too easy to abuse. A half-wit could think of ways to exploit something this stupid.
When they came out with the last cumulative Internet Explorer patch, I was hoping to see this one among the list.
The sooner they release an Internet Explorer patch for this, the safer we'll all be. I for one don't go around looking at the source code for every single HTML page I visit.. and I'm one of the paranoid few
Joe User will pay the price for this. Its just too simple to execute, and too easy to abuse. A half-wit could think of ways to exploit something this stupid.
When they came out with the last cumulative Internet Explorer patch, I was hoping to see this one among the list.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
20 years 2 months ago #2608
by Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
Replied by Cheetah on topic Re: Sahir's Blogspot
Hi Sahirh
That was a sarcastic post. HA HA Got that wink there LoL
Anyone reading Douglas Adams?
-Cheetah
That was a sarcastic post. HA HA Got that wink there
LoLAnyone reading Douglas Adams?
-Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
20 years 2 months ago #2613
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Sahir's Blogspot
Ahh just noticed that little yellow guy there !
Read Hitchikers Guide years ago...
Read Hitchikers Guide years ago...
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
- Visitor
-
Time to create page: 0.153 seconds