Why You Should Dump Internet Explorer

If the exploit was fixed then the page would not display the Secunia site. All firefox has done is change the way the address bar displays the address. It displays it in Punycode which identifies the exploit, but the average user does not know this and would still respond to the displayed page.

Having the address bar display http://www.xn--paypl-7ve.com/ instead of http://www.paypal.com is not a fix as long as you are still taken to the same location. As long as the Secunia site is displayed the browser has been spoofed, regardless of what the address bar displays.

Punycode

hmm

Microsoft Internet Explorer 6.x
Vendor:
MicrosoftProduct Link:
View hereProduct Affected By:
85 Secunia Advisories

Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical

This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 20 out of 85 Secunia advisories, is marked as "Unpatched" in the Secunia database.

Mozilla Firefox 1.x
Vendor:
Mozilla OrganizationProduct Link:
View hereProduct Affected By:
21 Secunia Advisories

Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical

This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 3 out of 21 Secunia advisories, is marked as "Unpatched" in the Secunia database.

Opera 8.x
Vendor:
Opera SoftwareProduct Link:
View hereProduct Affected By:
7 Secunia Advisories

The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Opera 8.x.

This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 0 out of 7 Secunia advisories, is marked as "Unpatched" in the Secunia database.

hmmmmm
Opera 8.02 still spoofed????
Also displaying Punycode?

bah ....stupid Mozilla Firefox boneheads

I heard about this awhile ago, before Moz 1.7 was even released, and I recall a workaround that was very effective - but All I can recall is that it had to do with editing one of the JAR files in the %ProgramFiles%\mozilla.org\Mozilla\Chrome DIR (which in 2K\XP and Firefox will or may be an different location) -- some little tweak within, which I had incorporated at the time.

Now - I see that the developers want you to use about:config (as I have just tried, with the results shown above/below ) and set network.enableIDN boolean value to false

oh well - guess I ain't up on the unfixed exploits as much as I once was - figuring it was fixed already -- guess I was wrong...thanks for pointing that out Nem.

...so the Temporary workaround is what I've done above using about:config

That was pretty slick, EyeForOne. That's more like it.
Firefox has a lot of config options but those are mostly for the advanced users.

Yeah, both Firefox and Opera has patched their browsers so it identifies the spoof and display it as Punycode in the address bar. But they still access the spoofed web site which is of no comfort to the unsuspecting surfer about to enter information into a bogus site. Not many would notice the Punycode in the address bar and if they did, they would not know what it means.

nah....I just keep tabs around on certain things that others like yourself bring up from time to time

gonna try editing my image in last post for a little more clarity...

wha ? there's an expiration time on editing ??

btw - is there a list of the emoticons/smilies with their respective/corresponding Key stroke inputs ...like a [colon + eek + colon = ] ?

Yeah, there used to be unlimited editing at first, but that has been changed. If you can, whenever you can, use the .PNG image format instead of .jpg. It has much better clarity and is usually smaller in file size.

Unfortunately, there is no emoticon list. I have to enable Active Scripting in IE in order to use them, so I don't bother, and I'm not going to ad this site to my Trusted Site list because then I cannot avoid text ads. At least not without modifying my host file.
What you could do is enter the post mode and test them all, then create a list of key stroke input for future use.

EyeForOne, Nemesys, you just keep chewing the same issue over and over again.
drpino listed problems. It seems you ignore them and go on with what you know. Like a broken record or something. It just seems to me that most FF or Opera users tend to admit the imperfection of their browers and agree that there are some things at which IE is still a liiiittle bit better but they find more (may be a lot more) disadvantages than advantages in IE so they don't use it. The majority of IE camp, however, always beat their chest saying their IE is better, noone will ever be as good as he is and IE is superior in just about EVERYTHING! I guess it would be nice to record yourselves with a microphone and listen to this recording once in a while (for spirit lifting) or one supreme narrator should be chosen to record a speech proclaiming IE's glory. You would like it, wouldn't you? An IE anthem?

That's funny, you never felt this way about the thread when you were a part of the discussion.

EyeForOne and I are old friends who have had this discussion before both in public as well as in private. At no point in this thread did he and I engage in this discussion.

It has already been discussed that all browsers have security flaws and he has simply made me/us aware of a workaround for one which was supposedely have been corrected.

Forums are for discussion and there will always be differences of opinions. Everyone is allowed to participate and contribute.

The great thing about forums is that there are many threads and if you tire of one you can simply move on to another.

I never felt that way about the thread in general, I just felt this way about you both. It really did seem to me that you state one problem and continue using it as evidence over and over. Probably after a few weeks you would mention it again. I (We) get it already. Opera has this problem. Can we move on to something else? I don't list IE's flaws, because I don't know them, because there is no time and it would take a lot of space to list them every time.
I know there are differences of opinions, it's a forum after all. It's normal. My point was different. I tried to explain it again, I don't know if you'll understand it.
Yes, there are many threads. Although this last line sounds like: "Beat it, get out of here, go post in andother thread", I'll assume it just sounds like that and is meant in a good way. But still, I think I'll stick around here as well.
Even if you mind or not.

well just use your head and look at this http://www.hackwire.com/index.php?action=news&catid=9

Thanks for the post and the link.
A properly configured locked down Internet Explorer would not allow Java Script so it would not be vulnerable from that stand point.

However, the default configuration would have those vulnerabilities.

It seems ridiculous that you should have to disable JavaScript which is still used heavily in a large number of websites and is often essential to viewing the page correctly to compensate for bugs in IE. I don't think that's a very good defense of IE to be honest.

JavaScript is so offensive, obscene and exploitable, I have to turn it off in ALL the browsers.

Well said!!!
It doesn't matter what the web site uses, I allow no scripts to run on my machines. Period. Too dangerous.
I don't even allow swf to run on my systems.

Dont be afraid of java I LOVE IT it is the most used tool in the world.
yes java is one way are hacker might get in to your computer but with good firewalls you wont have to worry about it to much.
I used firefox i love it i came form maxthon to firefox cus of the builded in java.
tusth me when i say this JAVA is the way of the world.
If you remember hot mail when it came out everyone under the sun used it cus of the power you had to make new web site's then someone found out if i just type /hotmail.bo.au.net wow i got in to the web site and the preson's computer as well but even thou someone found out there was are hole people for years used it to make web site's.It is the same with JAVA the power you have with it is so great that you should not just dismiss it cus of someone finding are hole.

Java and javascript are two completely different things...you mean javascript

Yea.............. for got to add that

Personally I try to use PHP and CSS instead of JavaScript where possible. There are still some applications that require it though.

yea alotof poeple used dif tools cus of the easy to use interface it is IE is to to TO beta even if microsoft say's that it isn't. it has way to many holes,bug's you name it it has it if i had my way i would tell everyone under the sun to DUMP IT UNINSTALL IT GET RID OF IT NOW but everyone is dif.
like my mate he didnt want to get rid of it cus of the easy to use interface.
FireFox has more to do with it like the tab interface and the popup blocker and stuff my mate was like to much for me till i went over and set him all up now he wont use IE.

https://addons.mozilla.org/messages/307259.html


this is the kind of quick action that makes FF a better browser choice than IE....


WRT users not realizing that he/she is entering information into a spoofed site because they don't notice the URL in the address bar isn't correct, all i say is his/her fault for being negligent...don't blame a browser for the user's ineptitude...

The same argument hold true for failing to properly configure IE for better security. It is software, and software configuration is the individual user's responsibility.

I have absolutely no security issues with IE, properly configured, and I'm no different than anyone else.

failing to properly configure a browser and not noticing an incorrect URL are slightly different things...but i agree that ultimately it's the user's responsibility...

still, mozilla's relatively quick response to the IDN spoofing situation (and other security issues) is far better than MS' response to "critical" IE security flaws..

lol, I got tired of saying it myself, the fans of targeted new browsers just won't listen, I too have been using IE flawlessly now, and I have only but a single program I installed, that does the job right, the others are just there for fun.

i don't think that's a fair assessment of "fans of targeted browsers" at all...i used IE for years without a single security issue before switching to Firefox (with a MyIE2/Maxthon interim) ...and i still think FF is a better overall browsing experience (security et al.) than IE ever was...

i think it's IE stalwarts who cast aside any alternative to IE as beta/junk/etc who are the ones who "just won't listen" ... (see my cut-and-paste security issues from secunia above)...