[IP] more on MSFT: don't click on links, type them in by hand
Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Thu, 29 Jan 2004 21:48:52 -0300
From: Claudio Gutiérrez <gutierrezclaudio@xxxxxxxx>
Subject: Re: [IP] [Boing Boing Blog] MSFT: don't click on links,
type them in by hand
To: dave@xxxxxxxxxx
another example of an Internet Explorer issue was reported yesterday and
can be summarised as "don't automatically open files with IE":
"http-equiv has identified a vulnerability in Internet Explorer, allowing
malicious web sites to spoof the file extension of downloadable files. The
problem is that Internet Explorer can be tricked into opening a file, with
a different application than indicated by the file extension. This could be
exploited to trick users into opening 'trusted' file types which are in
fact malicious files".
you can test the vulnerabilty of your browser from this page
http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/
If your browser is IE, it is tricked. Mozilla isn't.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/