If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
MicroMonopoly aids Terrorism?
"[T]he link is formatted to take advantage of an Internet Explorer flaw
that allows an attacker to hide the true destination of the link; in this case, the address bar in Internet Explorer displays "www.fdic.gov," while the actual Web site is at a different address in Pakistan." - http://zdnet.com.com/2100-1105_2-514...=zdfd.newsfeed And I wonder who in Pakistan would want to know about the financial details about American citizens? Who in Pakistan would want to exploit the fears of the American populace for their own nefarious purposes? Who, indeed?! Is MS glacial response to fixing the address bar flaw also helping terrorists fund future attacks on the innocents? Stop dragging your feet MS, people are now possibly being terrorized in their homes because of your Swiss cheese software! Get a temp fix out that informs people of the misdirection at the very least, if it's really that effin' hard to fix fully. PROTECT YOUR CUSTOMERS FROM YOUR MISTAKE, *NOW*! This should be a lesson to everyone why you can't put all of computer security eggs in one monopolistic basket! Demonstrations of the Address bar vulnerability: http://www.microscum.com/misc/devil/ http://www.microscum.com/misc/intran...ransigence.htm Download & setup up Mozilla as your default browser, that way when you click on a link in email, you'll know what website you're really being taken to. http://mozilla.org/download.html Protect yourself, because MS's desktop monopoly gives them absolutely no incentive to fix their own mistakes for their monopoly locked-in customers! There should be an investigation into how MS's desktop monopoly has weakened the safety of the general public! -- Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea http://microscum.com "Trustworthy Computing" is only another example of an Oxymoron! "Produkt-Aktivierung macht frei!" |
Ads |
#2
|
|||
|
|||
MicroMonopoly aids Terrorism?
Just quit with scare tactics, Kurt. Do you really think terrorists are in their bunkers on a lap-top trying to obtain your bank account number? This is a pathetic attempt to promote your ridiculous website (yes, RIDICULOUS). You are a JOKE. Get a life you
former band-geek turned computer-geek. |
#3
|
|||
|
|||
MicroMonopoly aids Terrorism?
see
http://support.microsoft.com/?id=833786 For advice and guidance on protecting yourself from these sites. User who are still concerned about this issue may also wish to look at a third party tool/plug-ins at (Note :- not Microsoft recommended or supported by us. This is one of a number of such third party tools) http://xforce.iss.net/xforce/alerts/id/159 -- -- Regards, Mike -- Mike Brannigan [Microsoft] This posting is provided "AS IS" with no warranties, and confers no rights Please note I cannot respond to e-mailed questions, please use these newsgroups "kurttrail" wrote in message ... "[T]he link is formatted to take advantage of an Internet Explorer flaw that allows an attacker to hide the true destination of the link; in this case, the address bar in Internet Explorer displays "www.fdic.gov," while the actual Web site is at a different address in Pakistan." - http://zdnet.com.com/2100-1105_2-514...=zdfd.newsfeed And I wonder who in Pakistan would want to know about the financial details about American citizens? Who in Pakistan would want to exploit the fears of the American populace for their own nefarious purposes? Who, indeed?! Is MS glacial response to fixing the address bar flaw also helping terrorists fund future attacks on the innocents? Stop dragging your feet MS, people are now possibly being terrorized in their homes because of your Swiss cheese software! Get a temp fix out that informs people of the misdirection at the very least, if it's really that effin' hard to fix fully. PROTECT YOUR CUSTOMERS FROM YOUR MISTAKE, *NOW*! This should be a lesson to everyone why you can't put all of computer security eggs in one monopolistic basket! Demonstrations of the Address bar vulnerability: http://www.microscum.com/misc/devil/ http://www.microscum.com/misc/intran...ransigence.htm Download & setup up Mozilla as your default browser, that way when you click on a link in email, you'll know what website you're really being taken to. http://mozilla.org/download.html Protect yourself, because MS's desktop monopoly gives them absolutely no incentive to fix their own mistakes for their monopoly locked-in customers! There should be an investigation into how MS's desktop monopoly has weakened the safety of the general public! -- Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea http://microscum.com "Trustworthy Computing" is only another example of an Oxymoron! "Produkt-Aktivierung macht frei!" |
#4
|
|||
|
|||
MicroMonopoly aids Terrorism?
Mike Brannigan [MSFT] wrote:
see http://support.microsoft.com/?id=833786 For advice and guidance on protecting yourself from these sites. Oh yeah! The average computer illiterate is lucky if he find his way to Windows Update, let alone some obscure support document hidden among tens of thousands of other ones. Fix the problem! Stop the brush off! People are getting screwed even as we speak. User who are still concerned about this issue may also wish to look at a third party tool/plug-ins at (Note :- not Microsoft recommended or supported by us. This is one of a number of such third party tools) http://xforce.iss.net/xforce/alerts/id/159 It's just plain safer to use another browser, till you guys get your asses in gear, and even then it's just a matter of time, before your next security vulnerability is found and exploited en masse. Smaller targets are just a hell of a lot easier to miss, than the monopoly-bundled browser in MS's OSs. -- Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea http://microscum.com "Trustworthy Computing" is only another example of an Oxymoron! "Produkt-Aktivierung macht frei!" |
#6
|
|||
|
|||
MicroMonopoly aids Terrorism?
Or maybe I'm just a self-absorbed idiot. Sorry, guys, I was wrong.
-- Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea http://microscum.com "Trustworthy Computing" is only another example of an Oxymoron! "Produkt-Aktivierung macht frei!" |
#7
|
|||
|
|||
MicroMonopoly aids Terrorism?
the imposter kurttrail wrote:
Or maybe I'm just a self-absorbed idiot. Sorry, guys, I was wrong. I make fun of my "self-absorbed" nature in the sig of every post I send. Show me a person that isn't self-absorbed to a degree, and I show you a total effin' moron, Mr. CDO-faker. Thread-Topic: MicroMonopoly aids Terrorism? thread-index: AcPivHuYuW2N1T0QTLiCtH42gGv4SQ== X-Tomcat-NG: microsoft.public.windowsxp.newusers From: =?Utf-8?B?a3VydHRyYWls?= References: Subject: MicroMonopoly aids Terrorism? Date: Sat, 24 Jan 2004 12:56:05 -0800 Lines: 13 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Utf-8" Content-Transfer-Encoding: 7bit X-Newsreader: Microsoft CDO for Windows 2000 Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 Newsgroups: microsoft.public.windowsxp.newusers NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180 Path: TK2MSFTNGP08.phx.gbl!cpmsftngxa07.phx.gbl Xref: TK2MSFTNGP08.phx.gbl microsoft.public.windowsxp.newusers:105997 -- Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea http://microscum.com "Trustworthy Computing" is only another example of an Oxymoron! "Produkt-Aktivierung macht frei!" |
#8
|
|||
|
|||
MicroMonopoly aids Terrorism?
"kurttrail" wrote in message ... Mike Brannigan [MSFT] wrote: see http://support.microsoft.com/?id=833786 For advice and guidance on protecting yourself from these sites. Oh yeah! The average computer illiterate is lucky if he find his way to Windows Update, let alone some obscure support document hidden among tens of thousands of other ones. That's exactly why this IE URL spoofing issue is a whole lot of nothing. The average computer illiterate is going to fall for phishing whether or not the URL is spoofed using this issue or another issue or isn't spoofed at all. I can think of a lot of ways to spoof a URL for which there is no patch and for which multiple browsers are vulnerable. The average person would trust a popup window that doesn't even have a URL field in the window, or that uses the http://user@domain URL spoof, and then there's ARP spoofing, man in the middle attacks, DNS spoofing and cache poisoning, sniffing, Dsniff, and all sorts of vulnerabilities in web browsing and TCP/IP that aren't Microsoft's fault and for which there are no patches. It's true that Microsoft has been waiting to deploy their fix for an unusually long time [I would guess they've already coded the fix a while ago], but I have to imagine there's a reason for their decision to do this, given the flack they've already received over this. If the average user can't find his way to Windows Update, despite having the windows update agent installed and an icon right on his start menu, then that average user is going to be vulnerable to all sorts of things no matter what OS and browser he's running and what patches the vendor does or doesn't release. [It also sounds like you're demanding that Microsoft release a patch to protect its customers, but then state that most customers probably wouldn't be able to install the patch if one was available.] Anyways, security isn't just patches. A user that can't read articles on how to be secure is going to fall for phishing. It's not really the best idea to verify the identity of web sites by using the Address: field in the browser, period. |
#9
|
|||
|
|||
MicroMonopoly aids Terrorism?
Karl Levinson [x y] mvp wrote:
"kurttrail" wrote in message ... Mike Brannigan [MSFT] wrote: see http://support.microsoft.com/?id=833786 For advice and guidance on protecting yourself from these sites. Oh yeah! The average computer illiterate is lucky if he find his way to Windows Update, let alone some obscure support document hidden among tens of thousands of other ones. That's exactly why this IE URL spoofing issue is a whole lot of nothing. The average computer illiterate is going to fall for phishing whether or not the URL is spoofed using this issue or another issue or isn't spoofed at all. I can think of a lot of ways to spoof a URL for which there is no patch and for which multiple browsers are vulnerable. The average person would trust a popup window that doesn't even have a URL field in the window, or that uses the http://user@domain URL spoof, and then there's ARP spoofing, man in the middle attacks, DNS spoofing and cache poisoning, sniffing, Dsniff, and all sorts of vulnerabilities in web browsing and TCP/IP that aren't Microsoft's fault and for which there are no patches. It's true that Microsoft has been waiting to deploy their fix for an unusually long time [I would guess they've already coded the fix a while ago], but I have to imagine there's a reason for their decision to do this, given the flack they've already received over this. If the average user can't find his way to Windows Update, despite having the windows update agent installed and an icon right on his start menu, then that average user is going to be vulnerable to all sorts of things no matter what OS and browser he's running and what patches the vendor does or doesn't release. [It also sounds like you're demanding that Microsoft release a patch to protect its customers, but then state that most customers probably wouldn't be able to install the patch if one was available.] Anyways, security isn't just patches. A user that can't read articles on how to be secure is going to fall for phishing. It's not really the best idea to verify the identity of web sites by using the Address: field in the browser, period. You have every right to your opinion, unfortunately not everybody is as computer literate as you, and just wouldn't expect that the address bar would display anything other than the site of the web page that they navigated to. Hell, I bet there are a lot of people that have only heard of the term "phishing" in passing and think it's some reference to the band Phish, and aren't aware that it's talking about scamming them. It's MS's flaw that's being used to help validate a scam, or potentially much worse considering the source of the scam. This needs to addressed immediately, and not wait to be part of some IE rollup patch. MS needs to stop dragging it's heels. And there should be an official investigation in MS glacial pace of supplying a fix, and into how their Monopoly OS is actually a menace to the general public's computer security. -- Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea http://microscum.com "Trustworthy Computing" is only another example of an Oxymoron! "Produkt-Aktivierung macht frei!" |
#10
|
|||
|
|||
MicroMonopoly aids Terrorism?
kurttrail wrote:
You have every right to your opinion, unfortunately not everybody is as computer literate as you, and just wouldn't expect that the address bar would display anything other than the site of the web page that they navigated to. I think the point is that too many people don't look at URLs anyway. It's MS's flaw that's being used to help validate a scam, or potentially much worse considering the source of the scam. IIRC there was some talk at the time that mozilla also had a (much less severe) problem with these kinds of URLs. This needs to addressed immediately, and not wait to be part of some IE rollup patch. MS needs to stop dragging it's heels. If I thought they were waiting to include it in a roll-up fix then I would/will agree with you. I've not seen anything pointing to that myself, I'm assuming that fixing this is more trouble than it appeared at first and they've had to go back to it a couple of times. And there should be an official investigation in MS glacial pace of supplying a fix, Official on the part of whom? Who has jurisdiction here? I can't help think you are over-reacting a little Kurt. Of course, I am not going to tell you that you are not entitled to your opinion, I'm just advancing the reasons why I don't feel the same. and into how their Monopoly OS is actually a menace to the general public's computer security. How about an investigation into how the general public is a menace to their own computer security? There are plenty of scams and worms out there which do _not_ rely on an OS exploit to spread and they are among the most "popular". -- -- Rob Moir, Microsoft MVP for servers & security Website - http://www.robertmoir.co.uk Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html Kazaa - Software update services for your Viruses and Spyware. |
#11
|
|||
|
|||
MicroMonopoly aids Terrorism?
Robert Moir wrote:
kurttrail wrote: You have every right to your opinion, unfortunately not everybody is as computer literate as you, and just wouldn't expect that the address bar would display anything other than the site of the web page that they navigated to. I think the point is that too many people don't look at URLs anyway. Says you. And if it really is true, is that a good enough reason for accepting MS's slacking? It's MS's flaw that's being used to help validate a scam, or potentially much worse considering the source of the scam. IIRC there was some talk at the time that mozilla also had a (much less severe) problem with these kinds of URLs. Pray tell, like what? I overheard these two people talking once, and you know what, they were saying that GW Bush is really Gay! This needs to addressed immediately, and not wait to be part of some IE rollup patch. MS needs to stop dragging it's heels. If I thought they were waiting to include it in a roll-up fix then I would/will agree with you. I've not seen anything pointing to that myself, I'm assuming that fixing this is more trouble than it appeared at first and they've had to go back to it a couple of times. http://www.iss.net/support/product_utilities/ Didn't seem so hard for these guys! MS could license it from them. What's more important MS's customers security, or MS releasing their own in-house developed patch? And there should be an official investigation in MS glacial pace of supplying a fix, Official on the part of whom? Who has jurisdiction here? US Gov't. MS is still an American company. The Justice Dept. or even Homeland Security, since it's MS's OS that has been the one that has been exploited, time & again, at the expense of the security of the general public. Melissa, Code Red, Slammer, Blaster, Sobig, Swen, Bagle. It's MS's fat-assed monopoly target that's putting the general public at risk. And now MS is dragging of their feet on this address bar exploit! How many times does a target have to get hit before ya'll wake up and smell the coffee?! I can't help think you are over-reacting a little Kurt. Of course, I am not going to tell you that you are not entitled to your opinion, I'm just advancing the reasons why I don't feel the same. Had this been the first or second time, you might be right. The over-reaction is now is hiding your head in the sand and hoping that it will all blow over, after time and again MS's Holey Software gets exploited at the expense of the general public. and into how their Monopoly OS is actually a menace to the general public's computer security. How about an investigation into how the general public is a menace to their own computer security? I ain't there fault that MS OS is the target of every computer literate loonie on the effin' planet. Are you telling me no one has ever pulled the wool over your eyes? Everybody is a potential sucker, even the members of MENSA, but so many people wouldn't be suckered with any one computer nasty, if MS wasn't the only real OS choice for the Desktop. There are plenty of scams and worms out there which do _not_ rely on an OS exploit to spread and they are among the most "popular". That's total BS, almost all of them rely on running on one company's OS. And that's the biggest security hole in this nation's computer security. Yes, there are some pests made for some other server OSs, but they've had a totally negligible impact on the overall general public computer security, and only helps to prove that having multiple OSs in the server market, helps to diminish the effect of viruses and the like, on the public. A desktop OS market with 5 or 10 players would be intrinsically much more secure for the country, and the world as a whole, than having one big, fat target that can't help from getting hit over & over & over & over & over again. Wake up and smell the coffee, coppertops, because soon it will be just some burned black crud at the bottom of the pot. -- Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea http://microscum.com "Trustworthy Computing" is only another example of an Oxymoron! "Produkt-Aktivierung macht frei!" |
#12
|
|||
|
|||
MicroMonopoly aids Terrorism?
Take a closer look at your list.
Many of those such as Blaster would have been a non issue if users had simply used the patch that was available for weeks before Blaster came on the scene. It largely comes back to the users. If the user will not properly protect their computer especially when given a few weeks notice, their is little that can be done. In your narrow minded way, you choose to focus all the blame on Microsoft. Your infantile website is a testament to you and your misguided ideas. -- Jupiter Jones [MVP] An easier way to read newsgroup messages: http://www.microsoft.com/windowsxp/p...oups/setup.asp http://www3.telus.net/dandemar/ "kurttrail" wrote in message Garbage snipped Melissa, Code Red, Slammer, Blaster, Sobig, Swen, Bagle. It's MS's fat-assed monopoly target that's putting the general public at risk. And now MS is dragging of their feet on this address bar exploit! How many times does a target have to get hit before ya'll wake up and smell the coffee?! More of your garbage snipped -- Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea **************** "Trustworthy Computing" is only another example of an Oxymoron! |
#13
|
|||
|
|||
MicroMonopoly aids Terrorism?
Jupiter Jones [MVP] wrote:
Take a closer look at your list. Many of those such as Blaster would have been a non issue if users had simply used the patch that was available for weeks before Blaster came on the scene. They are total non-issues for Linux or UNIX users. It largely comes back to the users. No, it comes down to having only one Desktop OS target. If the user will not properly protect their computer especially when given a few weeks notice, their is little that can be done. If there were multiple Desktop OS in the PC market, less people at any given time would be affected by any one computer nasty. In your narrow minded way, you choose to focus all the blame on Microsoft. They are the one's who have been proven to use predatory monopolistc tactics to maintain their Desktop OS monopoly. And it's their big fat target that keeps getting hit. Multiple targets are just plain safer than one big target. Please try to explain to everyone how having only one big target of an OS is safer for society as a whole, if you disagree with my previous sentence. Your infantile website is a testament to you and your misguided ideas. Thanks you! You just don't know how much it pleases me to know, that my web site upsets you so, that you have to express your opinion of it with no prompting on my part whatsoever. Melissa, Code Red, Slammer, Blaster, Sobig, Swen, Bagle. It's MS's fat-assed monopoly target that's putting the general public at risk. And now MS is dragging of their feet on this address bar exploit! How many times does a target have to get hit before ya'll wake up and smell the coffee?! More of your garbage snipped Have a nice day! -- Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea http://microscum.com "Trustworthy Computing" is only another example of an Oxymoron! "Produkt-Aktivierung macht frei!" |
#14
|
|||
|
|||
MicroMonopoly aids Terrorism?
"kurttrail" wrote in message ... Take a closer look at your list. Many of those such as Blaster would have been a non issue if users had simply used the patch that was available for weeks before Blaster came on the scene. They are total non-issues for Linux or UNIX users. Riiiight, Linux, Unix and OpenBSD have zero vulnerabilities. Right, Linux has fewer vulnerabilities than Windows. Right, users that can't configure and patch Windows would magically be able to keep Linux secure. Right, Linux web servers are hacked less frequently than Windows web servers according to www.zone-h.org No, it comes down to having only one Desktop OS target. Right, switching to Linux or more than one desktop OS makes companies more secure / easier to secure. If there were multiple Desktop OS in the PC market, less people at any given time would be affected by any one computer nasty. Multiple targets are just plain safer than one big target. Riiiiiight. Maybe if www.debian.org was running some Windows servers, they wouldn't have been hacked a few months ago. In the past 12 months, Microsoft, Linux, Cisco and others all had highly critical remote vulnerabilities discovered that required patches. And *nix already owns the lions share of web servers. So how would switching to heterogeneous OS environments do anything to increase security or reduce support costs? Or would it actually increase support costs, double or triple the amount of work and patches required, and increase the likelihood that a company would make critical security mistakes that lead to a compromise? Sure, like you, I find it puzzling that Microsoft hasn't released a patch for the IE URL issue yet. But that doesn't make your pro-*nix statements above true. |
#15
|
|||
|
|||
MicroMonopoly aids Terrorism?
I never said I was upset.
Why do you continually feel the need to project your own feelings on others? I simply consider the source Kurt! -- Jupiter Jones [MVP] An easier way to read newsgroup messages: http://www.microsoft.com/windowsxp/p...oups/setup.asp http://www3.telus.net/dandemar/ "kurttrail" wrote in message news:%23L$% Your gasrbage snipped Thanks you! You just don't know how much it pleases me to know, that my web site upsets you so, that you have to express your opinion of it with no prompting on my part whatsoever. More garbage snipped Peace! Kurt Self-anointed Moderator microscum.pubic.windowsexp.gonorrhea ************** "Trustworthy Computing" is only another example of an Oxymoron! "Produkt-Aktivierung macht frei!" |
Thread Tools | |
Display Modes | |
|
|