January 18, 2004

IE Bug – Pretty Scary

During my daily visit to Richard Bejtlich’ blog, I came information about this flaw in IE which can be exploited to make people believe that they are viewing/visting one site (URL) when in fact they are located on another website. To quote from the “Zap The Dingbat” (who actually discovered the bug)

Vulnerability
There is a flaw in the way that Internet Explorer displays URLs in the address bar.
By opening a specially crafted URL an attacker can open a page that appears to be from a different domain from the current location.Exploit
By opening a window using the http://user@domain nomenclature an attacker can hide the real location of the page by including a non printing character (%01) before the “@”.
Internet Explorer doesn’t display the rest of the URL making the page appear to be at a different domain.

For example, if you click on this button, you will see the URL http://www.microsoft.com in the address bar if you are using IE. But the full address of the URL is http://www.microsoft.com%[email protected]/security/ex01/vun2.htm.

Pretty scary eh.. Just imagine how much this can be abused. People can be tricked into entering their credit card information, usernames/passwords etc.. by mimicking valid sites. And as if though this is not bad enough, Micro$oft hasn’t even released a patch for this yet. So for now, either you type in all addresses manually in the address bar or use trusted saved bookmarks. I would recommend scrapping IE and to start using Mozilla Firebird as your default browser. It is fast, small, adheres to standards and is FREE [as in beer].

January 18, 2004 by Networking Technology Uncategorized Web 0

Swimming – Lessons

Day 1 – [1/10/2004]
Instructor – Tiger
. Check out our capabilities by asking us swim for a short distance (half lap). I managed to churn up the whole pool with my thrashing :).
. Grab kickboard with hands and learn to kick legs properly.
. Grab floating handlebars with hands and learn to kick legs properly and use one hand at a time to thrust forward.

Thank God, we were not asked to put our head under water 🙂

Day 2 – [1/17/2004]
Instructor – Seth
. Grab kickboard and swim (kick) all the way till the end of the pool !!! (freaked me out)
. Grab kickboard and swim (kick and push with one hand alternatively) all the way till the end of the pool.
. Throw away kickboard, put your head under the water and swim half a lap. (Drank half the pool during this exercise. I tell you, chlorinated water makes you pretty nauseous)
. Swim (kick, push with hands, head under water – AKA real swimming) the whole length of the pool.
. Backstroke – This was real hard for me. I could not relax enough to believe that you could float in the water on your back.
. Scissor Kick – Grab kickboard, put it under your head and grab it with your arm as if though you are holding a violin. Lay on your side in water and kick your legs as in a scissor action. Again, was pretty difficult for me to lay on my side. Kept slipping onto stomach or back.

It was a pretty intense second class. I thought that the instructor was pushing us too far, too soon. Have to work on my kick. I am bending my knees, keeping my fingers apart and thrashing wildly. The key is to move your whole leg. Will keep practising in the pool at home.

January 18, 2004 by Fun Sports Uncategorized 0