Bill Brown bio photo

Bill Brown

A complicated man.

Twitter Github


After reading this article about security on the Mac being no better than Windows, I can’t help but note this recent vulnerability that allows a site visited in Internet Explorer to make a link appear to go to a trusted domain while actually transferring you anywhere it wants even in the status bar. I tried this out at work and it works quite well. Luckily, the fixes are easy and more satisfying.

And Dave doesn’t get the vulnerability at all. (Here’s the original text for when he changes it to make him appear less thick: “As Don recommends, I did a View Source. This is what the URL looks like. With a quick glance it looks like it’s from Microsoft, but you’re actually viewing a page at zapthedingbat.com. This isn’t entirely new. I’m not sure what the %01 is about. I guess it’s a problem if it’s the action attribute of a form element, where you can’t see the URL. Takeaway: look in the Address part of the browser window when you’re typing into a form and if it’s the wrong place, hit the Back button and resume your life.”)

[UPDATE (12/15/03): Security pundit Richard Forno has a response to the PC Magazine article mentioned above.]

[UPDATE (1/15/04): January’s security update is out and strangely this ain’t fixed.]

[UPDATE (1/30/04): Spoke too soon! Microsoft’s got a fix available: “Do not click any hyperlinks that you do not trust. Type them in the Address bar yourself.” Problem solved!]