Announcement

Collapse
No announcement yet.

Dangerous IE6 vulnerability - not yet patched

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Dangerous IE6 vulnerability - not yet patched



    If you use IE6, swing by this site and see just how bad this one is. It can be
    used for phishing and is VERY effective:

    http://secunia.com/advisories/13482/

    Be sure to run the test on that page if you are unconvinced.

    HTH
    Tom



    #2
    Dangerous IE6 vulnerability - not yet patched - MORE INFORMATION



    Wow, this vulnerability is both trivial to implement and extremely effective.

    The example on the Secunia page points places non-Paypal text on a page that
    not only shows the actual Paypal https address in the address bar:

    https://www.paypal.com

    but it also displays the padlock icon which, when clicked, DISPLAYS PAYPAL'S
    SSL CERTIFICATE DETAILS.

    This is an extremely dangerous vulnerability and can be easily fixed by
    setting IE's Internet-zone security level to HIGH, by disabling the vulnerable
    ActiveX control in IE through "Tools->Manage Add-Ons" (XP SP2 only) or by
    disabling ActiveX support.

    Anyway, HTH
    Tom





    > -----Original Message-----
    > From: [email protected] [mailto:[email protected]]On
    > Behalf Of Tom
    > Sent: Saturday, January 15, 2005 7:27 PM
    > To: [email protected]; [email protected]
    > Subject: [meu] Dangerous IE6 vulnerability - not yet patched
    >
    >
    > If you use IE6, swing by this site and see just how bad this one
    > is. It can be
    > used for phishing and is VERY effective:
    >
    > http://secunia.com/advisories/13482/
    >
    > Be sure to run the test on that page if you are unconvinced.
    >
    > HTH
    > Tom
    >
    >

    Comment


      #3
      Dangerous IE6 vulnerability - not yet patched - MORE INFORMATION



      On Sat, 15 Jan 2005 22:13:08 -0600, Tom <[email protected]> gave utterance
      to the following:

      > Wow, this vulnerability is both trivial to implement and extremely
      > effective.
      >
      > The example on the Secunia page points places non-Paypal text on a page
      > that
      > not only shows the actual Paypal https address in the address bar:
      >
      > https://www.paypal.com
      >
      > but it also displays the padlock icon which, when clicked, DISPLAYS
      > PAYPAL'S
      > SSL CERTIFICATE DETAILS.
      >
      > This is an extremely dangerous vulnerability and can be easily fixed by
      > setting IE's Internet-zone security level to HIGH, by disabling the
      > vulnerable
      > ActiveX control in IE through "Tools->Manage Add-Ons" (XP SP2 only) or by
      > disabling ActiveX support.
      >
      Or I can continue feeling smug that I installed Windows sans ActiveX and
      use Opera for all my browsing. My system is unusually stable and free of
      spyware.


      --
      Richard Grevers
      Between two evils always pick the one you haven't tried



      Comment


        #4
        Dangerous IE6 vulnerability - not yet patched



        Everybody should be using Firefox or Opera. IE is obsolete if you ask =
        me.
        Anybody tired of IE security flaws?

        Ben

        -----Original Message-----
        From: [email protected] [mailto:[email protected]] On =
        Behalf
        Of Tom
        Sent: Saturday, January 15, 2005 7:27 PM
        To: [email protected]; [email protected]
        Subject: [meu] Dangerous IE6 vulnerability - not yet patched

        If you use IE6, swing by this site and see just how bad this one is. It =
        can
        be
        used for phishing and is VERY effective:

        http://secunia.com/advisories/13482/

        Be sure to run the test on that page if you are unconvinced.

        HTH
        Tom


        Comment

        Working...
        X