Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Thursday May 03 2018, @09:50PM   Printer-friendly
from the running-windows—I-mean-javascript—I-mean-malware dept.

From The Daily Swig:

A serious vulnerability in the latest version of Microsoft Edge [a Windows web browser ed] enables attackers to spoof URLs with just five lines of code. The flaw, discovered by Argentine researcher Manuel Caballero, can make a malicious website appear to be legitimate through the use of the Stop() command, which interrupts the page loading process. With the target URL still appearing in the address bar, the document.write() JavaScript command can then be used to overwrite the contents of the page.

[...] With this bug, probably the only truly safe way reach any website using Edge is to open a new tab and type the URL by hand, or access it through your bookmarks.

This vulnerability appeared in a recent "security" update from Microsoft; users of Edge might want to investigate what version they are using.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by c0lo on Friday May 04 2018, @06:43AM (1 child)

    by c0lo (156) Subscriber Badge on Friday May 04 2018, @06:43AM (#675527) Journal

    So, an intelligent, insightful remark is flamebait?

    You got it all wrong: that's a flamebait comment that happens to be intelligent and insightful (grin)

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Friday May 04 2018, @07:41AM

    by Anonymous Coward on Friday May 04 2018, @07:41AM (#675537)

    Agreed. Definitely flamebait. Best flamebait I have seen all year.

    Precisely aimed at the company that needs it the most too, no less....

    I would not rag on them so much if the weren't whoring with the "invaders of privacy" so much. Its not the government I distrust so much, its all those damned advertisers I see daily prying at the eyes currently on their computer screens.

    We have had to ditch TV. We saw what advertisers did to that. Its free, and its unusable until you run it first through a VCR. These aren't advertisers... they are masters of how to annoy people to no end. And my fear is that Microsoft, by making all these "security updates" mandatory, will find interstitial ad placements irresistible, just as television network executives did, and turn all of our computers into ad delivery channels to captive eyeballs... just as what has happened on YouTube.

    Most advertisers are simply assholes. You give an advertiser a way to be obnoxious ( such as giving them the ability to autoplay media ), and by golly, they will do it with all the remorse of a Luminess advertising executive sentencing TV watchers to five minute ads for something they have no interest in. By God, they have the money, let's go for it and annoy the hell out of people, then if the people start turning en masse to technical avoidance mechanisms, let's throw more money at Congress to make those ad-avoidance maneuvers illegal by purchasing custom crafted law that enforces our wish list. Its kinda like a bar... how much can the bartender water down the drink before people simply give up and quit buying the drinks? How many minutes of ads per hour can we run before people get pissed off, abandon the media, and pirate the stuff - as they crowdsource the removal of all the annoyances we mixed in?

    Stuff like adding doorbell sounds to ads is infuriating. I can't tell you how many times I have answered a "no-one is there" door, just because I happened to have the TV on.