lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: clint at secureconsulting.com (Clint Bodungen) Subject: Re: Internet Explorer URL parsing vulnerability Please see my original post... oh wait... I'll paste it. I don't really think it will make that much of a difference their profits considering anyone dumb enough to fall for those scams isn't going to know the difference between an IP address in the URL box and a "spoofed" domain. I had a client fall for an eBay scam and the end resulting domain in the URL box was damn near www.robbingyoublinddamngringo.com. I can see where a more effective scam would be, like you hinted at, the infamous microsoft security update emails. ----- Original Message ----- From: "Feher Tamas" <etomcat@...email.hu> To: <full-disclosure@...ts.netsys.com> Sent: Wednesday, December 10, 2003 2:23 AM Subject: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability > > Unless the bug has already been exploited by malicious people, it was > a highly irresponsible act to disclose it to the public, without giving > Microsoft a reasonable timeframe to produce a fix. It may even qualify > as a crime! > > Considering the simplicity of this URL faking trick, it will be certainly see > active use by scammers during this Christmas shopping season and > thousands of people will be robbed of their online banking accounts, > etc. The money will boost organized crime and the whole society will > suffer. A patch would give customers at least a theoretical chance to > protect themselves and the community. > > I certainly would not object to ZapDingbat getting sued for a few billion > bucks by M$ or the US Gov't sending him to a long recreation at > Guantanamo Bay. People like him discredit security research like > nothing else and his acts contribute towards legislation that will curb > people's right to investigate code. > > Regards: Tamas Feher. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > >
Powered by blists - more mailing lists