"phishing" M$ IE Flaw Finally fixed!

I say FINALLY with Bold CAPS. I think it was (re)discovered on December 9. It is February 3 people. I have a great Idea for Windows users: download Mozilla now!
Microsoft Corp., which is bracing for an attack against its Web site by computers infected with the Mydoom virus, issued a patch for what it called a critical flaw in its Web browser software. Microsoft posted on its Web site a fix for its Internet Explorer Web browser that prevents malicious software coders from making any Web site address look like that of another, a tactic scammers have used to trick individuals into disclosing personal banking information. Microsoft first became aware of the flaws in December, through postings on a security Web site, said Microsoft security program manager Mike Reavey. Microsoft said it was responding to increased demand from customers for a way to prevent faked Web sites, known as "URL spoofing." Software coders have in recent weeks sent out e-mail messages directing consumers to fake Web sites whose addresses appear to be those of Citigroup and banks. The scam, known as "phishing," gulls users into entering their bank account data into a form, which the scammers then mine for information. "They've been aware of some of these problems long before November and December," said Russ Cooper, a security researcher at TruSecure Corporation of Herndon, Virginia. Cooper said the problems that were fixed were being exploited by scammers as long as two years ago.
Source: The Salt Lake Tribune This "phishing" flaw really takes the cake. I know M$ takes a while to get patches out (why is beyond me), but this is a serious problem. A lot of people, unfortunately, get swindled into typing in their personal information into these bogus sites. It is almost as if they don't care at all. Do they?

Comments (2)

Dave:

Not that I am condoning Micorsoft or anthing... :)

However, from what I have heard, the reason for the long delay in fixing the bug was due to the fix breaking large numbers of websites. Leo on The Screen Savers was saying that the "flaw" was used by things like ftp to allow the abilty to put username and password in the address line and not have the browser barf on it.

I guess they decided to put the patch out and help the folks that have problems with their sites as best they can.

As to Mozilla, I have been using it since 1.2. I use it about 99% of the time. There are still some sites that only work on IE.

Yea, I heard Leo say that too, but could not for the life of me find a news article to substantiate it. I can see the point, but the potential for malice use is a lot greater in my opinion then to be used as a "shortcut" for web sites.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Warning: include(/home/meancode/public_html/breakingwindows/footer.php): failed to open stream: Permission denied in /home/breaking/public_html/2004/02/phishing_m_ie_flaw_finally_fix.php on line 232

Warning: include(): Failed opening '/home/meancode/public_html/breakingwindows/footer.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/breaking/public_html/2004/02/phishing_m_ie_flaw_finally_fix.php on line 232

Blogcritics Magazine

Social Networking

Mac Headlines

Read up-to-date headlines on everything Mac.

Content provided by prMac.

ESRB Search

Creative Commons License
This weblog is licensed under a Creative Commons License.
Enhanced with Snapshots