So Microsoft in its infinite wisdom has released a notices on their Knowledge Base to help users to avoid going to spoofed pages. There are a few sentences about looking for the padlock in the lower rigth corner, what Certificates are, etc. The rest of the articles tells users how to type in 1-2 line javascript commands directly into the address bar to make sure they are really at Yahoo. All of this is to prevent the fun %00 %01 bug in IE what can let you spoof an address. WTF is this? Do they really expect Joe Sixpack to actually do do this? There are the same morons how say "Oh look an attachment from someone I don't know" [OPENS]. You think they are reall going to type: javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof."); This is retarded. This exploit came in early December, its now nearly January, and instead of a patch, Microsoft gives us a tersely worded notice to do things no normal user would do. |