 MikePremium,Mod
join:2000-09-17
Pittsburgh, PA
W.O.W.
FairPoint
World of Warcraft
Site Tools
Verizon Wireless
1 edit | Great slashdot quotes i knew it (Score:5, Funny)
by jester42 (623276) * on Friday January 30, @05:04AM (#8133062)
i always knew that those hyperlinks were a bad security problem. Web designer should really avoid those propietary 'href'-tags for security reasons.
I haven't clicked links for YEARS! (Score:5, Funny)
by TrollBridge (550878) on Friday January 30, @06:42AM (#8133439)
(»slashdot.org/ | Last Journal: Friday November 14, @03:56PM)
Goatse trolls on Slashdot taught me not to click hyperlinks LONG before they became a security issue!
comment on this link:
»support.microsoft.com/default.as···D;833786
Absolutely hysterical (Score:5, Insightful)
by BigRedFish (676427) on Friday January 30, @05:47AM (#8133256)
I'm laughing so hard I can't type. Hang on... OK. This MS article is so wrong I don't even know where to begin... How about here:
The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself.
Is MS going to issue a patch to disable hyperlinks then? If you can't click hyperlinks, doesn't IE cease to meet the definition of a browser? Look at the bright side, finally Netscape has closure.
Now, from the "but it's so easy to use" department:
Make sure that the Web site uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) and check the name of the server before you type any sensitive information. [....] By checking the name on the digital certificate user for SSL/TLS, you can verify the name of the server that provides the page that you are viewing. [...] double-click the lock icon, and then check the name that appears next to Issued to. If the Web site does not use SSL/TLS, do not send any personal or sensitive information to the site. If the name that appears next to Issued to is different from the name of the site that you thought provides the page that you are viewing, close the browser to leave the site.
Huh? Does anyone expect Joe Luser to understand that? Checking the certificate against the stated URL and the IP address supplied by a DNS lookup of that URL seems rather straightforward. Someday, someone ought to invent a machine to do things like that. We could call it a computer. A computer might also be able to display the actual site name an nothing else, rather than allowing it to be spoofed in any way, eliminating the need for such manual babysitting.
From the "but it's so easy to use" department, take two:
In the Address bar, type the following command, and then press ENTER:
javascript:alert("Actual URL address: " + location.protocol + "//" + location.hostname + "/");
I see. We just proved this week that a huge segment of the Windows user base still hasn't learned about attachments. But grandma, who wants to look at the pictures of her grandchildren, is expected to be a Java programmer. There must be some incredible acid floating around Redmond. A complete break from reality, this is.
--
Everyone is entitled to their opinion. Of course, they're entitled to be blithering idiots at the same time.
What this country needs is a good five dollar plasma weapon.
|
