Story: Microsoft: Stuck between a rock and a hard patch?
Posted by: Anonymous (Wednesday 11 February 2004, 4:32 PM)
As a previous responder has noted, this sort of phishing bug only exists on IE on Windows.
I personally use Firefox on Linux and when I try to hit one of these "exploit" sites, the URL shows exactly as it should and reveals that it is not actually the official site. All of my e-commerce sites that legitametly use this feature work fine, ditto to ftp sites that work the same way.
So it is possible to work around this security flaw without breaking anything, just that Microsoft chose not to (I can't believe this didn't realise that they would break sites, that implies even greater incompetence that the most ardent Linux fan will spout)
Of course all this stuff about spoofing URLs is a moot point for a lot of users. How many of your non-techy friends would happily enter their credit card details on such a site even if they saw the URL didn't start with www.microsoft.com ? As one person I spoke to said "well, it has a padlock in the taskbar, so it must be safe"
Yes, Microsoft is without doubt to blame, but phishing attacks will never stop whilst users do not responsibility for their (in)actions.
Full Talkback thread
Story: Microsoft: Stuck between a rock and a hard patch?
-
Wow. It's a good thing I don't use Internet Explor... Anonymous -
Two "minor" notes:
(1) RFC 1738 has been replaced... John J
-
Well spotted. I had missed that latest RFC, and ha... Matt Loney
-
Wow, good thing I'm not an idiot and don't fall fo... Melangell
-
What is interesting is that IE on the other platfo... Anonymous
-
As a previous responder has noted, this sort of ph... Anonymous -
Just a point to make to the techies who have repli... Andy Clark
-
Just a point to make to the techies who have repli... Andy Clark
