An unpatched vulnerability in Internet Explorer could aid fraudsters in pulling off phishing scams, experts have warned.
The error could be exploited to fake the address bar in a browser window, security monitoring company Secunia said in an advisory published on Tuesday (http://dw.com.com/redir?destUrl=http%3A%2F%2Fsecunia.com%2Fadvisories%2F19521%2F&siteId=22&oId=2100-1009-6058557&ontId=1009&lop=nl.ex). This tactic could be used in phishing scams that attempt to trick people into believing they are on a legitimate site, when in fact they are viewing a fraudulent Web page.

Phishing is a prevalent type of online scam that seeks to pilfer personal information from unsuspecting Internet users. The scams typically combine spam e-mail with fraudulent Web sites that appear to come from a trusted source, such as a credit card company or a bank.

The flaw exists because of an error in the way the Microsoft Web browser loads Web pages and Macromedia Flash animations, according to Secunia. The company rates the issue "moderately critical" and has created a special Web page where users can test their Web browser to see if they are affected.

Secunia has confirmed the vulnerability affects IE 6.0 on Windows XP with all current security patches. It also affects the latest IE 7 Beta release, Secunia said. Other versions may also be affected, it said.

Microsoft is investigating the newly reported flaw, a representative said in an e-mailed statement late Wednesday. "Our initial investigation has revealed that customers who have set their Internet security settings to high, or who have disabled active scripting, are at reduced risk from attack as the attack vector requires scripting," the representative said.


Additionally, Microsoft noted that it has not seen any active attacks that take advantage of this issue, which Secunia has dubbed the "Internet Explorer Window Loading Race Condition Address Bar Spoofing" flaw.


http://news.zdnet.com/2100-1009_22-6058557.html

I'm glad they're catching it now. This argues for the 3-months hence final release date.

What's a little more troubling was that MSN search was down for hours this morning... amazing.

What's a little more troubling was that MSN search was down for hours this morning... amazing.

Yes, how embarrassing would that be? What a bunch of amateurs.

http://www.kansascity.com/mld/kansascity/business/technology/14280545.htm

I'm glad they're catching it now. This argues for the 3-months hence final release date.


So that's what the public consultation is for:

"Dear Microsoft,

Could you please check my new browser for security issues?

Thank-you for Everything

Rubber Duck"

What's a little more troubling was that MSN search was down for hours this morning... amazing.

How, did they find out? Was someone actually trying to use it at the time?

Oh... I want to go. My letter to Bill.

Ahem....

I'm sorry Bill for all the negative press you've been getting with your company Microsoft. I know that your doing your best about putting out nothing to the market. These guys just don't see it. Wall Street doesn't see it either, your stock shouldn't have stayed flat for the last five years just because you haven't brought anything new to consumers. They don't know your vision Bill like I do.

I know it's true, continous delays in programming hound you, but it's not your fault Bill. It's those damn programmers that you overpay for nothing.

Japan doesn't like your Xbox. It's okay Bill, I do.

Firefox is eating your lunch. Security issues and problems with being able to make a new browser. Just because those companies produce doesn't mean you have to live up to it. I know Bill, I'm sorry for the bar of expectation they hold you up to.

Vista, oh Vista. What can we say. You're doing your best again.

Apple is going to start competing now this Christmas with you. All they want is money Bill. It's you that cares for the consumer, I can see that.

Today MSN search went down for a few hours and it passed by like a fart in the wind. It's okay Bill, I noticed.

Sincerely,

Sarcle.

Microsoft's MSN Search restored after hours-long outage
REDMOND, Wash. (AP) - Microsoft Corp.'s MSN search engine stopped working for about four hours Thursday.

Microsoft spokesman Justin Osmer said in an e-mail that the company was still trying to determine what went wrong.

During the outage, which began about 8:30 a.m. and was being restored as of about 12:15 p.m., users who tried to find Web pages were told the service was unavailable and that, ``Our team is working to restore service as quickly as possible.''

Microsoft's MSN Search is the No. 3 search provider in the United States, according to Nielsen/NetRatings, behind market leaders Google Inc. and Yahoo Inc. Nielsen/NetRatings said MSN provided 10.7 percent of all U.S. search results in February, compared with 48.5 percent for Google and 22.5 percent for Yahoo.

What happened was they decided to change the clock on the MSN server for daylight time, and that required a re-boot of course, and the sys admin was stuck on hold to Microsoft support trying to find out where the "any" key was.

>Microsoft spokesman Justin Osmer said in an e-mail that the company was still trying to determine what went wrong.

It's called running internet services on a platform that was never designed with the Internet in mind.

It's called running internet services on a platform that was never designed with the Internet in mind.

That would appear to apply to one or two of their other product:p

http://www.getdigital.de/images/produkte/t2/t2_anykey-button.jpg

Compaq FAQ: Where do I find the "Any" key on my keyboard? (FAQ2859)

The term "any key" does not refer to a particular key on the keyboard. It simply means to strike any one of the keys on your keyboard or handheld screen.

http://web14.compaq.com/falco/detail.asp?FAQnum=FAQ2859

The confusion over any key dates back at least to the early stages of DOS and MS-DOS, when the 'Pause' command, typed at a command prompt or in a batch file, would issue the message "Press any key to continue". The computer would then wait for a key to be pressed by the user before continuing execution.
New users were typically confused by this reference to the 'Any Key' and began wondering where the 'any' key was on the keyboard. The confusion is much less common now as some computer help systems have added explicit explanations of this problem. Many computer manuals and computer programs now make other language choices to prevent this confusion, including suggesting a particular key to press such as the space bar. It should be noted that this is in fact more correct because in many situations where 'any' key is requested to be pressed, including the DOS pause command, some keys (like Shift) have no effect at all whereas others don't have the desired effect. With the rise of GUI operating systems, this problem has also diminished, because user gestures are now often done with a mouse rather than a keyboard, allowing most programs to refrain from instructing users to use the keyboard.
http://en.wikipedia.org/wiki/Any_key