Sign in
|
Join
Search
Robert McLaws: FunWithCoding.NET
Public Shared Function BrainDump(ByVal dotNet As String) As [Value]
Home
About
RSS
Atom
Comments RSS
Recent Posts
Some Useful TFS Customization Resources
Work With .NET Projects From a Network Share
Expression Web Doesn't Do Non-GAC'd 3rd Party Controls
VSTE for DB Professionals MSDN Download Tip
ASP.NET: Authenticated but not Authorized
Tags
.NET
.NET Framework 1.1
.Text
ASP.NET
Atlas
AZDNUG
Builder.com
Building A Better Server Control Experience
C#
CardSpaces
Community News
Community Server
DataGrid
DeadBolt.NET
General Software Development
GenX.NET
InfoCard
LonghornBlogs.com
MS Patch Day Review
MSBuild
Office 2007
Office System 2003
PDC 2003
ScrollingGrid
Server Controls
Versioning and Compatibility
Visual Basic
Visual Studio
VisualBlogger 2004
VS.NET 2003
VS2005
WCF
Windows Server 2003
Windows Sharepoint Services
Windows Vista
WinFX
WPF
WWF
News
<script type="text/javascript"><!-- google_ad_client = "pub-4330602465258980"; google_hints = "ASP.NET, VB.NET, C#, C#.NET, WindowsForms, .NET Framework, VS2005, Visual Studio, XAML, WinFX, Windows Workflow, WPF, WCF, Atlas, NetFX3, Visual Studio Orcas"; google_ad_width = 120; google_ad_height = 240; google_ad_format = "120x240_as"; google_ad_type = "text_image"; google_ad_channel ="4997399242"; google_color_border = "B6C9E7"; google_color_bg = "EFEFEF"; google_color_link = "0000FF"; google_color_text = "000000"; google_color_url = "002C99"; //--></script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>
<!--
-->
You should feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section of each blog entry, but I reserve the right to delete any comment for any reason whatsoever. That said, I will most likely only delete abusive, profane, rude, or annonymous comments, so keep it polite, please.
Navigation
Home
Blogs
Blogroll
Scott Guthrie [MS]
Rob Howard [MS]
Brady Gaster
Loosely Coupled
Robert Scoble [MS]
Joshua Allen [MS]
Greg Reinacker (NewsGator)
Kirk Allen Evans
Duncan Mackenzie [MS]
Andy Oakley [MS]
Paul Vick [MS]
Early & Adopter
Mr. COM Interop
Richard Caetano
Ben Miller [MS]
Julien Ellie [MS]
Cool .NET Articles
Xefteri.com - Push A Download
MSDN: Loading Classes On-The-Fly (VB)
.NET Resources
Customize VS.NET 2003 Start Page
My .NET Tools
ASP.NET WebServer Here
My Builder.com Articles
#1 - Diving Into the DataGrid: Part 1 - Deleting With Confirmation
#2 - Diving Into the DataGrid: Part 2 - Deleting in a Paging Grid
#4 - Preventing 'Middle Child Syndrome' In Your Data Layer
#5 - Basic .NET: Framework Compatibility Issues
#3 - Ride The Platform Wave: .NET 1.1
#6 - Developing Components: Assembly Identification
#7: Developing Components: Namespacing and Code Organization
#8 - Developing Components: Namespacing and Code Organization Revisited
My MSKB Articles
HOWTO: Windows 2003 DTC
Archives
November 2007 (1)
March 2007 (1)
December 2006 (3)
November 2006 (3)
October 2006 (1)
August 2006 (2)
June 2006 (5)
May 2006 (2)
April 2006 (4)
February 2006 (4)
December 2005 (2)
November 2005 (6)
October 2005 (3)
September 2005 (2)
August 2005 (1)
June 2005 (5)
May 2005 (10)
April 2005 (19)
March 2005 (7)
February 2005 (6)
January 2005 (7)
December 2004 (2)
November 2004 (10)
October 2004 (12)
September 2004 (11)
August 2004 (9)
July 2004 (9)
June 2004 (17)
May 2004 (17)
April 2004 (33)
March 2004 (29)
February 2004 (13)
January 2004 (50)
December 2003 (59)
November 2003 (50)
October 2003 (52)
September 2003 (48)
August 2003 (45)
July 2003 (53)
June 2003 (52)
May 2003 (39)
April 2003 (45)
March 2003 (35)
February 2003 (15)
IE Flaw Explained - Patch On the Way
News.com
has a great article on the IE “
address spoofing flaw
”, and the forthcoming patch to solve it. It's a must read, so go check it out.
Posted:
Jan 29 2004, 04:15 PM
by
interscape
| with
2 comment(s)
Comments
Dumky
said:
This seems a bit extreme, but it's true this format can easily confuse end-users...
I hope they fix the %01 part of the problem as well, since it could still contribute to future flaws.
There is a lot of testing involved in making a patch, but how many weeks will this major flaw been left un-patched?
#
January 29, 2004 9:04 PM
TrackBack
said:
Over a month back a security bug was discovered in IE that allows the address displayed in IE to be different for the actual address used. Here is a description and demo of the spoof attack. Apparently, the upcoming fix includes dropping the http://user:pwd@domain/ url format support. This is a radical "fix" and the response by security experts (mentioned in the article) was surprising. This format isn't the root cause for the specific bug and the "fix" is going to break stuff (not to mention IE's support for standards). In any case, I hope they fix the part of the...
#
January 30, 2004 3:24 PM