GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   MS sec update blocks (a)dsl/cable access !!! (https://gfy.com/showthread.php?t=231347)

DutchTeenCash 02-05-2004 03:22 AM
MS sec update blocks (a)dsl/cable access !!!
 
This is important, esp for ppl who use dailers that are NOT IP based. We received a notification from one of Hollands leading dailer companies but it seems noone here or in germany (goodthinkx?) found out.

this is the MS update

http://www.microsoft.com/technet/tre...n/MS04-004.asp

this is the important stuff

A vulnerability that involves the incorrect parsing of URLs that contain special characters. When combined with a misuse of the basic authentication feature that has "username:password@" at the beginning of a URL, this vulnerability could result in a misrepresentation of the URL in the address bar of an Internet Explorer window. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page that had a specially-crafted link. The attacker would then have to persuade a user to click that link. The attacker could also create an HTML e-mail message that had a specially-crafted link, and then persuade the user to view the HTML e-mail message and then click the malicious link. If the user clicked this link, an Internet Explorer window could open with a URL of the attacker's choice in the address bar, but with content from a Web Site of the attacker's choice inside the window. For example, an attacker could create a link that once clicked on by a user would display http://www.tailspintoys.com in the address bar, but actually contained content from another Web Site, such as http://www.wingtiptoys.com. (Note: these web sites are provided as an example only, and both redirect to http://www.microsoft.com.)


resulting in no more daileraccess methods using user:pass@

Our partner for dailers reprogrammed everything and already offered a solution for IP based access. Check your dailercompany if they use the same method and are aware of this.

Since this is a CRITICAL update everyone will do this within a few days, XP offered it on many pc's here mondaymorning already.

If you still dont realise what this means : no more (a)dsl and cablemodem access for your sites if the dailer uses a non ip based script.

Hope i helped a bit getting the word out.


All times are GMT -7. The time now is 10:31 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123