IE6 URL spoofing patch

[Lando]

Sorry if this is not the proper forum, best I could see, but I thought many others would like to know about a patch for the serious URL spoofing problem affecting IE5-6, where it LOOKS like you are at one site when you are REALLY at another one, for those still using IE6 ;). In short, means that you could be giving vital info (credit card, etc.) to a hacker.

I have read, at least as of this time, MS has not addressed the problem yet (no patch released yet), but reading www. rootsecure.net, a site I read daily, there are some patches available.

Go here -

<mod edit - it has been reported that there is a trojan at this address.

The link was posted in good faith, but I suggest anyone who visited the link check their system out urgently>

for a test with your IE browswer (btw, Netscape 7.1, what I use, is not affected. It shows the spoof :) ) and for a place to download a patch. I tested it, and seems to work great for IE. The spoof is revealed.

If you are not familiar with what I am talking about, the site also explains the problem, and EVERY one who use IE 5-6 is affected!

Hope this helps someone.

Lando

[Lando]

I received the above info (about the IE patch) from one of a few security websites and at first was shown to be 'OK". Reputable sites too!

Well, I use The Cleaner from MooSoft, had an update and just happened to look at the new db. Found that the patch was listed, but was noted as an 'error', and that it would be fixed later (meaning an 'error' adding it to trojan db)

Welll, I decided to REALLY find out for sure, so I emailed MooSoft.

Heres the reply:
>>It (Openwares IE patch) is a trojan. The database has been corrected, thank you.

The "patch" installs spyware into you browser that reports all URLs that you
visit back to the Openwares site.

Daniel Otis-Vigil
MooSoft Development LLC
>>
OK so as far as MooSoft is concerned, DO NOT INSTALL!
Dang! I'm very sorry for any misleading info, but I read elsewhere that it was a good patch. Guess I will wait until Microsoft actually makes a patch!

Was just trying to help! :( Will be a lil more careful next time!

[davebarnes]

Why is this a problem?

Use Opera as your browser and stop worrying about IE exploits.

,dave

[Sualdam]

But in covering the 'Evil Empire' scenario in other threads, all that would happen is that if everyone used Opera then people would find exploits in that.

I don't think the issue of exploits in IE is usefully connected with 'use something else' ideas.

Personally - and I speak for the VAST majority of computer users - I use IE and would like to be able to fix any problems. Without switching to something else.

[cooper]

Better yet, what should we tell the general public when visiting our web sites?

How should we best inform them without more confusion?

How do we assure them that they aren't being "tricked" when visiting our web sites?

Aside from asking them to switch browsers, which may not be an option for many due to company policies or the user doesn't even know what a browser is, how do we inform them and still assure them that they are getting the real deal with our sites?

Thanks for the heads-up Lando!

[Lando]

Your'e welcome Coop! Even though it would had been a better heads up if I had just waited literally 10 minutes and found out about the prob.
Reading some security sites, it came out soon after I posted this first post (figures!)

Anyway, SOME claim (sorry, don't have the article in front of me right now) that the info sent back to the company is to help assist in confirming that the URL is a valid one. Why? Well, it doesn't go into details.

It SEEMS that the data feedback is not malicious, more like marketing spyware than anything, but that's what's the word on the Net. Supposedely there is going to be another one that is better, but I'm not gonna load it. Just updating for u.

By the way, Im a Netscape dude myself, but since many use IE, and sometimes I have to use IE 'cause a site doesn't like Netscape.

Again, sorry for the bad advice. Really haven't had this happen before, and hopefully not again! Thanks for the feedback.
Lando

[Nargule]

Well, since we are on the subject of spoofing...

There are a number of things I do to help protect myself from spoofing. Note that I say "help protect myself", not "prevent".

When browsing a secure site, one thing that can be done is to double click the lock icon and view the site's certificate info. Since the certificate lives on the server itself, viewing the certificate may reveal if the site is being spoofed.

Also, one can check the domain name on the certificate with the one in the URL window. If they don't match IE will bring up a warning. However even if they do match, make sure that it is related to the site you are surfing.

Many sites use a third party to process their credit cards. In this case I might be surfing "www.SomeMerchantsSite.com" and be taken to "www.SomeProccessorsSite.com" to complete my order. I am very supicious of such activity especially when the original site never mentioned the redirection.

In any event Lando, you reminded me to run a windows update and see if anything new was out.

[alienzhavelanded]

Clearly it would be safer to just wait until January for Microsoft to release their own patch. Why take the risk of downloading third party "patches" that turn out to be trojans. Only the ignorant would consider such a thing better than something directly from the manufacturer. Would you let Chevy fix your Ford vehicle?

The Martian

[Sualdam]

Come on, guys. No one likes to have it rammed down their throat when they commit a faux pas. Lando already said sorry for doing it, and he posted in good faith.

This is sorted now. Let's not continue with the clever personal adjectives and analogies, eh?

[cooper]

Clearly it would be safer to just wait until January for Microsoft to release their own patch. Why take the risk of downloading third party "patches" that turn out to be trojans. Only the ignorant would consider such a thing better than something directly from the manufacturer. Would you let Chevy fix your Ford vehicle?

Well if they can do it now and for free, maybe. If they put in Chevy parts that don't work with my Ford, then obviously no.
Microsoft has a way of taking too long to patch their software. If someone is willing to fix a problem and do it for free, why not take advantage of it. It's all about the trade-off. Personally I wouldn't use it if it has spyware in it. But then, I use Mozilla on a Mac. When I use my windows PC I use IE but that may be changing...

:o)