Major security issue with MS Internet Explorer *READ*

[StateCop]

I am a member of a certain newsgroup for police officers in my state. We talk about all kind of stuff and this is what I mailed out to them:

 

All you guys that work computer crimes may be interested in this as well as anyone that uses a computer. There is a flaw in Microsoft Internet Explorer that has been discovered allowing people to make fake pages that are very hard to detect thus allowing the hacker to get your credit card info and/or passwords. As most of you computer crimes guys know fake webpages looking like a well known company is nothing new, but used to be easily detected as a fake by looking at the URL (internet address). This new flaw actually allows the hacker to make that address appear to be whatever they want so you may think you are at yourbanknamehere.com when you enter your info but could really be submitting your info the hacker.

 

If you guys want to read a little more about this there is a good article at http://rss.com.com/2100-7355_3-5119440.html?part=rss&tag=feed&subj=news and http://www.broadbandreports.com/shownews/36359 .

 

This could be something to keep in mind when you are going to ----- (removed for security reasons) as you do not want anyone to get that info....I suggest using a browser like http://www.mozilla.org/products/firebird which is not affected by the bug. I am not aware of a patch to fix this yet but I am sure one will be forth coming from Microsoft.

 

 

Since I no longer work any computer related crimes I follow this stuff as more of a hobby, but thought I would pass this along to you guys that have not heard about it yet. If I can be of any help please feel free to contact me

[Sharpshooter6]

i read it, but does it all mean? what happens if i continue to use IE, though i am going to dload firebird right after this post?

[StateCop]

Well say you saw a link to our webpage on another site and clicked on it instead of typing in fa-thearmory.net you COULD be sent to a webpage that looks exactly like our and even have the address in the address line BUT it could be a fake! So when you went to enter your login info and hit submit you would be sending the hacker your name and password or credit card info....basically whatever you typed in would be sent to them.This is very much like a group of hackers I busted years ago when I worked computer crimes. They were making fake AOL webpages and emailing AOL customers the page saying they needed to update their credit card information. The page looked VERY real with the exeption of if you knew to look at the address line you would have seen it was hosted on another site....well with this expliot it would even say aol.com in the address even though it was not.

[Klif]

hey, anything to get more people on the Mozilla bandwagon!(also, kids, don't stop with firebird! get the whole Mozilla package: Internet, Mail, Address Book, IRC, and more!)

[Hayabusa]

Mozilla uses more resources on my computer than Internet Explorer, but you gotta love the tabbed browsing.

[StateCop]

-Hayabusa]Mozilla uses more resources on my computer than Internet Explorer, but you gotta love the tabbed browsing.

I was just throwing that out there as a suggestion....There are other browsers that are not bugged like IE such as Netscape (I just dont like it).

[Klif]

-StateCop]

I was just throwing that out there as a suggestion....There are other browsers that are not bugged like IE such as Netscape (I just dont like it).Netscape and mozilla are essentially the same thing.

[Shotty]

http://i.dslr.net/symantec/worse2.html this link shows exactly what it does....

[Enders]

hmm, well I don't have to worry, I don't know any of our economic info...but my dad might easily be hoaxed into doing something like this.I'll be sure to warn himThanks for the heads up!

[BornToDie1955]

Thank you StateCop, very good prudence... :idea: Egidio.

[StateCop]

-UnwantedHero]hmm, well I don't have to worry, I don't know any of our economic info...

but my dad might easily be hoaxed into doing something like this.

I'll be sure to warn him

Thanks for the heads up!

Not only could they get your bank/credit card stuff they could get any username and password. There is a way to find out before you enter it if you are at the correct site.

 

Go to file and click properties.

[StateCop]

Donut that is easily stopped by adding some java to the html.

[StateCop]

I guess most have seen this by now so I moved it off the announcements and into the regular forum.

[going54]

if u have XP and have the auto update on it will download the fix. after it things should be back to normal

[StateCop]

As of last night the fix was not out yet....has there been one released today?

[going54]

the fix was out a couple of days ago. have u set ur comp on auto update? if u dont find the fix go to microsoft.com and there should be a link for d/l

[StateCop]

No sir a third party release a patch but it was not microsoft. The third party patch had spyware in it and it made a buffer over flow problem. So it was pulled microsoft still doesnt have a patch out...when it comes out I am sure it will be an autoupdate but most people have that turned off. If you want to read more about this go to broadbandreports.com or techtv.com

[going54]

i have my auto update on. when ever i connect to the net it starts to download from microsoft.com if the fix was released by a 3rd party then it wouldnt be on auto update

[StateCop]

yes there was another update out but it was not for that problem trust me.