Microsoft looks into Web-spoofing bug

Grok Headline matches for Microsoft looks into Web-spoofing bug

Microsoft investigates spoofing bug

Microsoft investigates spoofing bug 12/11/2003 06:14 AM
Silicon.com Dec 11 2003 4:46AM ET

Microsoft probes IE flaw that allows
spoofing of Web sites

Microsoft probes IE flaw that allows
spoofing of Web sites 12/11/2003 06:08 PM
Microsoft is investigating a flaw in its Internet Explorer browser that could allow attackers to lure users to forged sites and reveal sensitive information.

Microsoft Airs Critical Identity
Spoofing Flaws

Microsoft Airs Critical Identity
Spoofing Flaws 09/05/2002 10:28 AM
UPDATE: Once again, Microsoft is forced to whip up a slew of patches; this time, flaws that enable perpetrators to spoof Web sites are deemed 'critical.'

Microsoft releases details of IE
spoofing flaw, no patch yet

Microsoft releases details of IE
spoofing flaw, no patch yet 12/15/2003 09:25 PM
Sydney Morning Herald Dec 15 2003 8:45PM ET

Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability

Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability 04/10/2005 09:52 PM
Addict3d.org Apr 10 2005 11:45PM GMT

Vulns: Microsoft Internet Explorer
JavaScript Desktop Spoofing
Vulnerability

Vulns: Microsoft Internet Explorer
JavaScript Desktop Spoofing
Vulnerability 07/15/2004 08:13 PM
SecurityFocus Jul 16 2004 0:53AM GMT

iDEFENSE Security Advisory 04.08.05:
Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability

iDEFENSE Security Advisory 04.08.05:
Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability 04/09/2005 05:51 PM
Posted by iDEFENSE Labs, Apr 08 2005

RE: iDEFENSE Security Advisory 04.08.05:
Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability

RE: iDEFENSE Security Advisory 04.08.05:
Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability 04/12/2005 11:07 PM
Posted by Larry Seltzer, Apr 09 2005

Microsoft Outlook and Outlook Web Access
'From' Header Spoofing

Microsoft Outlook and Outlook Web Access
'From' Header Spoofing 04/10/2005 02:15 PM
frSIRT Apr 10 2005 6:26PM GMT

Visual Spoofing

Visual Spoofing 02/11/2004 09:35 AM

While Microsoft recently patched a URL-based spoofing vulnerability, I just realized that a whole new class of spoofing exists for browsers: Visual Spoofing.  I have not yet seen any evidence of this type of spoofing actually being done, but I was able to create a demo within a few minutes.

Here is the demo of visual spoofing for IE6 I put together.  Note that the vulnerability is not unique to IE.

The problem with visual spoofing is that it is difficult to fix with a simple patch.  Yes there are ways to fix the problem partially but not completely because one can still create a page that looks like part of desktop by having images of overlapping windows to distract the clueless user who tend to keep many windows open.

I sure hope I don't get blamed for destroying e-commerce single-handedly with this post.  After all, the vulnerability was there in plain sight for everyone to see all this time.

P2P Spoofing Patent?

P2P Spoofing Patent? 05/09/2004 03:26 AM

Some years ago, a collegue of mine asked me how I would stop music pirating.  I haven't thought about the problem before but it took me only a minute to decide P2P spoofing was the best intermediate answer.  It was obvious that traditional DRM wouldn't work and spoofing attacked the problem at reasonable cost, could be deployed fast, and adapt to changes in real time.  My collegue nodded and that was that.

According to Wired, someone had the exact same idea and filed a paten t in 2000.  Now I am scratching my head.  Is this a silly patent or not?  Should I be filing patents on similar ideas?  Heck, I can pump out enough ideas like that everyday to keep an army of patent lawyers busy if someone would just keep throwing problems at me and file my answers as patents.  I even have ideas on how to efficiently generate new patents.  Maybe I'll even best IBM at the game.

If you are an idle patent lawyer, come to me and I'll keep you busy.  How does 50-50 sound?  Filing cost?  No problem.  Let private investors place 'bets' on the patent applications they like out of daily streams of patent applications.  Together we'll worsen the patent problem ten-fold within a year and force the Congress to come up with a better solution.  Now that's a silver-spoon full of patriotism for ya.  :-)

New Spoofing Vulnerability in IE

New Spoofing Vulnerability in IE 12/17/2004 06:27 PM

THai's Shoutbox XSS (Spoofing URL) BUG

THai's Shoutbox XSS (Spoofing URL) BUG 03/29/2005 03:00 PM
CorryL (Mar 27 2005)

Academics Patent P2P Spoofing

Academics Patent P2P Spoofing 05/08/2004 05:06 AM
Two computer scientists get a patent on a technique that floods peer-to-peer networks with spoofed files. They hope to sell it to content owners. Could companies that already spoof files be in violation of the patent? By Katie Dean.

ddress Bar Spoofing Vulnerability

ddress Bar Spoofing Vulnerability 08/19/2004 01:03 PM

Direct and Related Links for 'ddress Bar Spoofing Vulnerability'

“Software: Microsoft Internet Explorer 5.01, Microsoft Internet Explorer 5.5, Microsoft Internet Explorer 6. Liu Die Yu has discovered a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct phishing attacks against a user…. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6 running on Microsoft Windows 2000 SP4 / Microsoft Windows XP SP1. Previous versions of Internet Explorer may also be affected. Secunia has developed…

Caller ID Spoofing Service

Caller ID Spoofing Service 08/31/2004 05:56 AM

My wife and I made a decision nearly 2 years ago to no longer pay for Caller ID. I was initially against it but in the long run I have not missed it. All of the important calls come in on the cell anyway. For those of you that have Caller ID a new spoofing service is out their. I would imagine for stalkers and prank callers this service will be valuable but I just don't understand why you would want to legitimately spoof your caller ID. [ZDNet]

Another IE Spoofing Hole Found

Another IE Spoofing Hole Found 01/29/2004 03:49 AM
The latest vulnerability could let an attacker hide the file extension of a malicious file download. Users can avoid the threat by saving files first.

Mozilla UI Spoofing Vulnerability

Mozilla UI Spoofing Vulnerability 07/31/2004 05:32 AM

Accessibility, jihad, spoofing

Accessibility, jihad, spoofing 04/20/2004 08:39 AM
Letters: Lexicon of discontent

Automated Caller ID / ANI Spoofing

Automated Caller ID / ANI Spoofing 07/09/2004 03:36 AM

Secunia Advisory: URL Spoofing

Secunia Advisory: URL Spoofing 12/12/2003 12:46 PM
http-equiv_at_excite.com (Dec 12 2003)

IP Spoofing: Understanding the basics

IP Spoofing: Understanding the basics 05/12/2004 02:27 PM

Other News: CallerID Spoofing

Other News: CallerID Spoofing 08/31/2004 06:12 AM
This nasty technology threatens to render CallerID useless, or worse....

Spoofing XP SP2 Security Center

Spoofing XP SP2 Security Center 08/27/2004 01:52 PM

PC Magazine has dug up some evidence that the Security Center that is installed with XP Service Pack Two has a huge hole in it. If the hole is exploited it could give users a false sense of security or worse. [PC Magazine]

Keep clear of spoofing at hotspots

Keep clear of spoofing at hotspots 03/23/2005 08:02 AM
TechWorld Mar 23 2005 10:09AM GMT

Caller ID Spoofing... For Businesses

Caller ID Spoofing... For Businesses 08/27/2004 07:01 PM
Forget spoofed email headers, a new company has been set up to help companies spoof the caller ID. The product is focused at collections agencies and private investigators, who can call a deadbeat up pretending to be someone they know to get them to answer the phone. The company insists they just want to target those types of customers, but I imagine some telemarketers would enjoy using such a tool. Meanwhile, there are some questions on legality. One person notes that it doesn't appear to break any laws -- but someone else points out that there are rules against collections agencies misrepresenting themselves. And, of course, as soon as this becomes popular, someone will pass a law banning caller ID spoofing.

phpBB 2.0.8a and lower - IP spoofing
vulnerability

phpBB 2.0.8a and lower - IP spoofing
vulnerability 04/19/2004 03:02 PM
Ready Response (Apr 18 2004)

Re: phpBB 2.0.8a and lower - IP spoofing
vulnerability

Re: phpBB 2.0.8a and lower - IP spoofing
vulnerability 04/19/2004 05:57 PM
Shaun Colley (Apr 19 2004)

Internet Explorer URL Spoofing
Vulnerability

Internet Explorer URL Spoofing
Vulnerability 12/19/2003 11:24 AM
This information has made the rounds already but a few of you have sent me e-mail asking about the vulnerability...

Caller ID spoofing service for sale

Caller ID spoofing service for sale 09/06/2004 07:28 AM
Can't stand the heat, please buy my kitchen

Detailed Information on IE address bar
spoofing

Detailed Information on IE address bar
spoofing 05/07/2004 03:29 AM
Hackers have been tricking Internet Explorer to show the wrong address for a long time which has tricked some people...

NullyFake - Site Spoofing in MSIE

NullyFake - Site Spoofing in MSIE 08/16/2004 02:20 PM
Liu Die Yu (Aug 15 2004)

Netscape Java Tab Spoofing Vulnerability

Netscape Java Tab Spoofing Vulnerability 08/27/2004 05:41 PM

Direct and Related Links for 'Netscape Java Tab Spoofing Vulnerability'

“J. Courcoul has discovered a vulnerability in Netscape, which can be exploited by malicious people to conduct phishing attacks….

Service offers spoofing of caller ID

Service offers spoofing of caller ID 08/31/2004 04:43 AM
ZDNet UK Aug 31 2004 8:51AM GMT

Apple Blocks IDN Spoofing in Safari

Apple Blocks IDN Spoofing in Safari 03/22/2005 04:24 PM
Following in the footsteps of Mozilla and Opera, Apple has issued its monthly Mac OS X security update with a fix for the spoofing vulnerability caused by Internationalized Domain Names. Apple's Safari Web browser will now only display URL characters from an approved list, which can be customized by the user.

Dialog Origin Spoofing Vulnerability

Dialog Origin Spoofing Vulnerability 06/22/2005 02:41 AM

Secunia Research has discovered this security vulnerability in several web browsers, including Safari and Internet Explorer on Mac. The vulnerability “…can be exploited by malicious web sites to spoof dialog boxes. The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site. Successful exploitation normally requires that a user is tricked into…

Direct and Related Links for 'Dialog Origin Spoofing Vulnerability'

Notes and Tips: Browser Spoofing

Notes and Tips: Browser Spoofing 07/07/2004 11:17 AM
A cure might be worse than the illness....

Forward:FullDisclosure/IE - Possible
Address Spoofing

Forward:FullDisclosure/IE - Possible
Address Spoofing 07/23/2004 12:51 PM
Liu Die Yu (Jul 22 2004)

DoubleClick spoofing Google AdWords?

DoubleClick spoofing Google AdWords? 04/14/2004 12:49 AM
Rupert Scammell tells BoingBoing:

On Gawker tonight, I noticed that DoubleClick now uses banners which look like Google AdWords ads. In a similar manner to their infamous fake Windows error dialog banners, DC seems to be capitalizing upon the now familiar look of Gooogle's advertising to up their click rate. I wrote a quick weblog entry up about it, which features a screenshot of the advertising in action.

Link
Grok Description matches for Microsoft looks into Web-spoofing bug
GrokA matches for Microsoft looks into Web-spoofing bug

Microsoft looks into Web-spoofing bug

The following phrases have been identified by the grok system as matching this entry: