Major Phishing Hole Found In IE and OE

Discussion in 'Computer Security' started by Jay Calvert, Feb 17, 2005.

  1. Jay Calvert

    Jay Calvert Guest

    Jay Calvert, Feb 17, 2005
    #1
    1. Advertising

  2. Jay Calvert

    Vanguard Guest

    "Jay Calvert" <> wrote in message
    news:cv2f83$thr$...
    >A serious vulnerability has been found in Microsoft's IE and Outlook
    >Express products that spoof the destination URL in the Status bar.
    >
    >
    > http://habaneronetworks.com/viewArticle.php?ID=140



    So what is it that Firefox doesn't support? Inline style sheets within
    an attribute (the "<u style=...>text</u> lines)? The "cursor: pointer"
    attribute within the style sheet? Or using labels within control (the
    "id=..." attribute within the <A> tag for the link for
    spreadfirefox.com), or the <label> tag within which the inline style got
    used that had the pointer attribute for the cursor?

    I'm no HTML guru but I have to wonder why there is a need for a pointer
    attribute for the cursor within a style sheet (CSS2 spec, cursor
    property,
    http://www.w3.org/TR/1998/REC-CSS2-19980512/ui.html#cursor-props).
    Maybe Firefox doesn't support CSS2 (since I didn't see the cursor
    property in the CSS1 spec at http://www.w3.org/TR/REC-CSS1-961217.html).
    Supposedly Firefox supports CSS (see
    http://www.w3.org/Style/CSS/#browsers) but maybe it only supports CSS1.
    I know that Firefox supports some CSS because some of its config files
    are .css files. According to the description on
    http://www.mozilla.org/docs/web-developer/, Firefox probably only partly
    supports CSS2. So if Firefox ever gets finished and then fully supports
    CSS2 then it, too, might be just as susceptible.

    One of the pissers with cascading style sheets is they can also be used
    to present pseudo-popups as either roll-down or popup windows within the
    web page. Since this is content within the same web page, popup
    blockers won't work on them. If you block or disable CSS then stuff
    like roll-down menues won't work, so some forums won't work (since they
    use an onhover event or onclick event to show the roll-down CSS menu).

    By the way, while searching around Mozilla.org for it's support of the
    cursor property in an inline style sheet for CSS2, I found
    http://www.mozilla.org/xpfe/xulref/grippy.html. So Firefox might
    actually support CSS2's cursor property but deliberately obviate the
    example obfuscation code noted in the Habenero article. However, if
    Firefox supports "grippies" then clicking on one could also put you on a
    different site that simply recreated the same web content (i.e., the
    page looks alike) but be very different underneath as to what it does.
    Any clickable object could be moving you somewhere else, not just the
    example here of clicking on a clickable text string.

    Still, it looks like a defect in IE that it shows the label of the
    control in the status bar instead of the control's actual destination.
    This really isn't something new. It's been a couple years that I've
    noticed when hovering over a link that sometimes what you see instead of
    the URL is some "info" text.

    --
    ____________________________________________________________
    Post your replies to the newsgroup. Share with others.
    E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
    ____________________________________________________________
    Vanguard, Feb 17, 2005
    #2
    1. Advertising

  3. Jay Calvert

    Tony Raven Guest

    Jay Calvert wrote:
    > A serious vulnerability has been found in Microsoft's IE and Outlook
    > Express products that spoof the destination URL in the Status bar.
    >
    >
    > http://habaneronetworks.com/viewArticle.php?ID=140
    >


    I use Spoofstick even on Firefox to know what site I'm really on.

    Tony
    Tony Raven, Feb 17, 2005
    #3
  4. Jay Calvert

    Vanguard Guest

    "Tony Raven" <> wrote in message
    news:...
    > Jay Calvert wrote:
    >> A serious vulnerability has been found in Microsoft's IE and Outlook
    >> Express products that spoof the destination URL in the Status bar.
    >>
    >>
    >> http://habaneronetworks.com/viewArticle.php?ID=140
    >>

    >
    > I use Spoofstick even on Firefox to know what site I'm really on.



    FraudEliminator or Trustwatch toolbars might be better in that they also
    show you the real destination URL but also employ blacklists and
    heuristic to detect a phish site. I just started looking at these and
    don't which one is better, FraudEliminator or Trustwatch. I tested
    FraudEliminator and its defect is that it shows lots of features, like
    popup blocking, search, and other fluff features that I don't want but
    the toolbar is fixed. They sent an e-mail that a new version is out
    where the user can configure their toolbar to enable and show only those
    features the users wants to use. Otherwise, FraudEliminator occupied a
    whole row for its toolbar.

    --
    ____________________________________________________________
    Post your replies to the newsgroup. Share with others.
    E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
    ____________________________________________________________
    Vanguard, Feb 17, 2005
    #4
  5. Jay Calvert wrote:

    > A serious vulnerability has been found in Microsoft's IE and Outlook
    > Express products that spoof the destination URL in the Status bar.
    >
    >
    > http://habaneronetworks.com/viewArticle.php?ID=140
    >
    > --
    > Jay Calvert
    > Habaneronetworks.com



    Thanks for the info...I really like the "spreadfirefox" idea, that was
    cool...

    Michael
    Michael J. Pelletier, Feb 18, 2005
    #5
  6. Jay Calvert wrote:

    > A serious vulnerability has been found in Microsoft's IE and Outlook
    > Express products that spoof the destination URL in the Status bar.
    >
    >
    > http://habaneronetworks.com/viewArticle.php?ID=140
    >
    > --
    > Jay Calvert
    > Habaneronetworks.com



    KDE will not open the window unless you select "Open in another window" or
    "Open in another tab". Then you go to ebay...So it seems KDE is not
    vulnerable...

    Michael
    Michael J. Pelletier, Feb 18, 2005
    #6
  7. Jay Calvert

    Jay Calvert Guest

    Michael J. Pelletier wrote:
    > Jay Calvert wrote:
    >
    >
    >>A serious vulnerability has been found in Microsoft's IE and Outlook
    >>Express products that spoof the destination URL in the Status bar.
    >>
    >>
    >>http://habaneronetworks.com/viewArticle.php?ID=140
    >>
    >>--
    >>Jay Calvert
    >>Habaneronetworks.com

    >
    >
    >
    > Thanks for the info...I really like the "spreadfirefox" idea, that was
    > cool...
    >
    > Michael

    Thanks, I thought it might help spread the word even further I should
    have place my spreadfirefox.com registration id in the link.

    Jay Calvert
    HabaneroNetworks.com
    Jay Calvert, Feb 18, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jay Calvert

    Major Phishing Hole Found In IE and OE

    Jay Calvert, Feb 17, 2005, in forum: Firefox
    Replies:
    5
    Views:
    475
    Michael J. Pelletier
    Feb 18, 2005
  2. Rutgar

    ALIENS - Major Plot Hole

    Rutgar, Dec 14, 2003, in forum: DVD Video
    Replies:
    22
    Views:
    1,802
    jayembee
    Dec 19, 2003
  3. Ivor Jones

    Sipgate Phishing scam found

    Ivor Jones, Mar 29, 2007, in forum: UK VOIP
    Replies:
    13
    Views:
    874
    Desk Rabbit
    Mar 31, 2007
  4. Rita Ä Berkowitz

    DAMN! Found Major Flaw With New D3!

    Rita Ä Berkowitz, Dec 29, 2007, in forum: Digital Photography
    Replies:
    40
    Views:
    1,061
    Wolfgang Weisselberg
    Jan 3, 2008
  5. Tony
    Replies:
    56
    Views:
    1,231
    Lawrence D'Oliveiro
    May 31, 2008
Loading...

Share This Page