FREE Non-MS Patch for fake URL in the address and status bars.

[freeloaderz]

VERY COOL & FREE!

Text & Download

You can also test your browser on the page. Get it to protect your spouse and friends who are nieve and click on anything.

 

[PDubs]

Interesting...

 

[kwo]

Huh...didn't know about that....

 

[necromancyr]

I would think twice before I used this. It's got an exploit itself it seems. Check the following Slashdot article: Slashdot Article

 

[IgorTs]

Interesting?
looks like new era of scam is coming

 

[Redking]

This isn't a f*cking hot deal.

 

[ViperV990]

http://www.mozilla.org/products/firebird/

(Linkyfied)

 

[k1114]

Originally posted by: ViperV990
http://www.mozilla.org/products/firebird/[/q

agreed

 

[phonemonkey]

read this before trying the patch

 

[wallsfd949]

bump for Mozilla

 

[Delbert]

scary.

 

[osiris3mc]

The test your browser option on the link is rather freaky...if this can be trusted (anyone have any feedbacK?) then I think this is good to have...

 

[AgentDib]

Don't use this. Please.

 

[MYKnyte]

Originally posted by: jester79
read this before trying the patch

Interesting..

SO both counts are true..
Install the patch to fix this issue (at least I hope it fixed it. didnt get a chance to test)
then I scrolled down and read the posting about the register...

so I sez, Damn! and then I ran Ad-aware (free) and it found 2 registry settings exactly as pointed out by the register.. I removed it..

Why not install the patch and remove the spyware? Any issues with that?

UPDATE: So I just checked it. THE PATCH Definately WORKS and gives an invalid page now using the 'spoof' -whereas before the patch, I could use the fake address and it pulls up the website.. Install Patch and remove using Ad-aware!

 

[rasputinj]

Originally posted by: MYKnyte

Originally posted by: jester79
read this before trying the patch

Interesting..

SO both counts are true..
Install the patch to fix this issue (at least I hope it fixed it. didnt get a chance to test)
then I scrolled down and read the posting about the register...

so I sez, Damn! and then I ran Ad-aware (free) and it found 2 registry settings exactly as pointed out by the register.. I removed it..

Why not install the patch and remove the spyware? Any issues with that?

UPDATE: So I just checked it. THE PATCH Definately WORKS and gives an invalid page now using the 'spoof' -whereas before the patch, I could use the fake address and it pulls up the website.. Install Patch and remove using Ad-aware!

Good info thanks. I was hoping someone else here would do before I tried it out.

 

[osiris3mc]

Did the same thing, worked like a charm.

 

[Ichinisan]

If Microsoft has a knowledge base article for the issue, then they surely have a patch for it.

 

[n0cmonkey]

The source is there, you shouldn't need adaware to fix that problem. And it doesn't look like adaware will fix the other problems in the patch...

 

[DannyBoy]

Originally posted by: n0cmonkey
The source is there, you shouldn't need adaware to fix that problem. And it doesn't look like adaware will fix the other problems in the patch...

What other problems? 🙁

 

[Farfrael]

Originally posted by: Ichinisan
If Microsoft has a knowledge base article for the issue, then they surely have a patch for it.

To the best of my knowledge, Microsoft has not yet issued a patch

 

[ViperV990]

Make sure there's a trailing slash after the domain.

 

[n0cmonkey]

Originally posted by: DannyBoy

Originally posted by: n0cmonkey
The source is there, you shouldn't need adaware to fix that problem. And it doesn't look like adaware will fix the other problems in the patch...

What other problems? 🙁

Read the /. article linked above.

 

[CZroe]

I've been spoofing URLs for (REVERSE!) TubG!rl pranks. If I knew this wasn't highly publicized, I would have done so back in August! I've used that login syntax for FTP access within IE hundreds of times. Daily in fact. Back in August of 2003, I got a yet another phish email (Like I do many times a week), only this time the URL in statusbar DID say www.ebay.com It was followed by a colon and extended authentication data (ie, a really long password) which pushed the real URL off the status bar. In other words, it was a half-assed way to hide the actual URL. Even so, at first and even slightly curious glances, it appears to simply be another complicated eBay URL. The colon told me immediately what was up though, because I know the syntax:
protocol://login😛assword@subdomain.domainname.topleveldomain😛ortnumber

Sure enough, it was some strange domain with a spoof site. Ever since then, I've combined the ALT+0160 pseudo-space trick to create a really long username disguised as a URL and fully qualified domain name (No colon or password required to tip-off users). With the average user using IE @ 1024x768, it's rather easy to spoof with this syntax without the %01%00 trick. It is not a browser vulnerability, but a simple oversight during the creation of the protocol syntax (Why can't the login and authentication information follow the URL instead of preceed it?). As such, other browsers will remain compatible with this syntax once Microsoft updates IE. It's not like status bars are going to display the link any differently :roll; This means you "Use Firebird" cronies better shut up... I already saw some of this in the thread. I know there is one other browser which is already aware of the scam and says something to the effect of "Your browser is actually going to this domain" but it certainly isn't Firebird.

 

[Smilin]

Originally posted by: AgentDib
Don't use this. Please.

Ditto.

FYI the first patch these geniuses released caused a security hole and a buffer overflow vulnerability. They don't have any access whatsoever to IE source code. I would recommend you wait for MS to release a patch and simply use some common sense until then. http://www.microsoft.com/security/incident/spoof.asp

 

[Smilin]

This JUST in...

The official patch from MS is now available.