There has been an exploit posted with problems in Internet explorer where it looks like you are at one site (by looking at the address URL) but in actual fact you are somewhere else. Steve has an example exploit, which shows how easy it is do it, for example, click to see how I’ve done it for this page.
Absoblogginlutely.net to see how I’ve done it for this page.
This seems a pretty drastic flaw as that is often the only way you can check you really are where you think you are – Microsoft will probably have a patch out soon (I hope). For more details check out Security Focus or Secunia or the person who discovered it, Zap The Dingbat
Comments
That’s pretty funny. I clicked on the button from MozillaFirebird, and it still took me to microsoft.com, but the full malformed URL showed up in the address bar. ‘https://www.absoblogginlutely.net%[email protected]/’
I can see how that could be bad for IE users. Possibly thinking they’re at paypal and put in their id/password and boom, now someone else has it.
Yet another reason to avoid IE like the plague.
Indeed. It actually says in the status bar that it’s talking to ‘[email protected]’ – you could easily have this as ‘[email protected]/whatever’ and many people would be none-the-wiser.