Microsoft’s answer to insecure code: type in your links by hand.
[Got this off Dave Farber’s IP… suspect it is an email from someone’s email blog. And, oh yeah… Microsoft sucks, clearly. -Thomas]
Subject: [Boing Boing Blog] MSFT: don’t click on links, type them in by hand
Date: Fri, 30 Jan 2004 07:15
From: Cory Doctorow
To: boingboing-mailblog@yahoogroups.com
Microsoft’s crxxxxare browser, Explorer, has more security vulnerabilities
than
my block has dope-dealers, but this is ridiculous. MSFT now advises its users
to not click links, but rather to type them in by hand:
The most effective step that you can take to help protect yourself from
malicious hyperlinks is not to click them. Rather, type the URL of your
intended destination in the address bar yourself. By manually typing the URL
in the address bar, you can verify the information that Internet Explorer
uses to access the destination Web site. To do so, type the URL in the
Address bar, and then press ENTER.
Or, you could, you know, just Download Mozilla.
Link: http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;833786
[This t00, in response. -Thomas]
another example of an Internet Explorer issue was reported yesterday and
can be summarised as “don’t automatically open files with IE”:
“http-equiv has identified a vulnerability in Internet Explorer, allowing
malicious web sites to spoof the file extension of downloadable files. The
problem is that Internet Explorer can be tricked into opening a file, with
a different application than indicated by the file extension. This could be
exploited to trick users into opening ‘trusted’ file types which are in
fact malicious files”.
you can test the vulnerabilty of your browser from this page
http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/
If your browser is IE, it is tricked. Mozilla isn’t.
