Scary spoofing vulnerability: [link]
Lorne: Snakes? Uh-huh. And they came out of your what? Okay. Okay, well, did they get up there themselves or is this part of a, you know, a thing? No, I'm not judging...Do we fight snakes? Angel: Only if they're giant. Or demons. Or giant demons. Are they giant demon snakes? Lorne: Well, unless this guy's 30 feet tall, I'm thinking they're of the garden variety.
'Lineage'
Buffistechnology 2: You Made Her So She Growls?
Got a question about technology? Ask it here. Discussion of hardware, software, TiVos, multi-region DVDs, Windows, Macs, LINUX, hand-helds, iPods, anything tech related. Better than any helpdesk!
Jon B. - Feb 16, 2005 7:02:32 pm PST #1697 of 10003
A turkey in every toilet -- only in America!
§ ita § - Feb 16, 2005 7:11:00 pm PST #1698 of 10003
Well not canonically, no, but this is transformative fiction.
Damn. Both Firefox and Opera fell for that.
DXMachina - Feb 17, 2005 2:55:30 am PST #1699 of 10003
You always do this. We get tipsy, and you take advantage of my love of the scientific method.
Firefox and Mozilla didn't fall completely. While they were waiting for the page to load, the status line said "waiting for [real URL]", but it didn't last very long, and it's pretty much instantaneous once the page is cached. Nasty, that.
Still, the best advice still holds. First off, paypal and banks don't send emails that ask for your password. If you get an email like that, check with the institution by typing in the official site URL yourself.
thegrommit - Feb 17, 2005 5:00:04 am PST #1700 of 10003
Um.
Damn. Both Firefox and Opera fell for that.
The nightly builds of Firefox have IDN support disabled by default.
If you want to stay with Firefox 1.0, a variety of extensions (e.g. spoofstick, adblock) have been updated to detect/block this exploit. There are also more complicated fixes involving proxy files available.
Jessica - Feb 17, 2005 5:36:49 am PST #1701 of 10003
And then Ortus came and said "It's Ortin' time" and they all Orted off into the sunset
My address bar said "http://www.paypal.com," but it didn't display as a secure url (no little lock icon, and all real Paypal URLs start with https), so I'm not sure I see the real danger.
beth b - Feb 17, 2005 5:54:01 am PST #1702 of 10003
oh joy! Oh Rapture ! I have a brain!
I wasn't sure what I was supposed to get - I got a page not found
§ ita § - Feb 17, 2005 6:31:55 am PST #1703 of 10003
Well not canonically, no, but this is transformative fiction.
it didn't display as a secure url (no little lock icon, and all real Paypal URLs start with https), so I'm not sure I see the real danger.
First off, I reckon there's a large enough %age of people who don't track lock icons/https for the scammers to make money, and secondly -- I wonder how difficult it would be to get a security certificate long enough to rob folks.
brenda m - Feb 17, 2005 6:47:34 am PST #1704 of 10003
If you're going through hell/keep on going/don't slow down/keep your fear from showing/you might be gone/'fore the devil even knows you're there
My address bar said "http://www.paypal.com," but it didn't display as a secure url (no little lock icon, and all real Paypal URLs start with https), so I'm not sure I see the real danger.
For people like me who would never notice such a thing?
But yeah, there's a simple fix for this. If you get an email or a phone call asking for any touchy information: SSN, password, account numbers, etc., just don't do it. Ever ever ever.
Vortex - Feb 17, 2005 6:54:40 am PST #1705 of 10003
"Cry havoc and let slip the boobs of war!" -- Miracleman
But yeah, there's a simple fix for this. If you get an email or a phone call asking for any touchy information: SSN, password, account numbers, etc., just don't do it. Ever ever ever.
pretty much. Like i got call from a "collection" agency asking about a hospital bill from a year ago that wanted my credit card or checking account information over the phone. Nuh and Uh.
§ ita § - Feb 17, 2005 7:00:31 am PST #1706 of 10003
Well not canonically, no, but this is transformative fiction.
Cingular called and asked me to pay over the phone with my credit card. Guy seemed startled when I told him, no, I'll go online and do it there instead.
I think he was perfectly legit, but damn -- why be startled?