Don't say I didn't warn you (cuz I did, and I can prove it)
Another Internet Explorer exploit has been discovered.
Here's the kicker: I warned you about this already (sorta). On Day 16 of the 30 days to becoming an Opera7 Lover series, I talked about this functionality.
The trick is simple, you create a website that looks like this: www.microsoft.com@example.com which makes the casual observer think that it is actually Microsoft. If you are very clever you can hide the URL through a variety of methods.
That's the bad news. The good news is that none of these methods fool Opera. And if you do happen to click on such a link, Opera will warn you with a panel like this:
![[screenshot of Opera panel prompting to warn of an URL with a password]](/opera/lover/7/16/opera-hidden-url.png)
This exploit takes advantage of two things: 1) Internet Explorer gives you no such warning (neither does Mozilla/Phoenix) and 2) a bug in Internet Explorer which encodes a hex character in the URL which prevents the rest of the URL from being shown in the addressbar.
As I have said before, if you use Internet Explorer, you are playing Russian roulette with your computer security. While Mozilla/Phoenix will show you the entire URL, it will give you no warning about the construction of the URL which may be deceptive.
Comments
Interestingly, the lack of such a warning dialog is one of the few 'known issues' listed for Mozilla 1.6 beta.
Posted by: Rijk | December 11, 2003 03:42 AM
im enjoying this website a lot
Posted by: online casino | January 20, 2004 04:24 PM
Good luck with that.
Posted by: blackjack | February 12, 2004 07:48 PM