Simon Willison’s Weblog

2 items tagged “bugtraq”

“I’m Brian and so’s my wife”

I’m subscribed to a whole bunch of mailing lists, mostly as a lurker as I have a hard enough time just keeping up with some of them. One of those lists is Bugtraq, which is pretty much required reading for anyone with sysadmin responsibilities for a server connected to the public internet. Bugtraq is the central hub of the “public disclosure” security community and is actually surprisingly low traffic with only twenty or so messages a day. It’s fascinating to watch the latest exploits for all manner of popular software packages tick by on an hourly basis.

[... 285 words]

Nasty new IE vulnerability

Most people reading are probably aware of the common trick whereby spammers and other assorted ne’er-do-wells publish URLs with usernames that look like hostnames to fool people in to trusting a malicious site—for example, http://www.microsoft.com&session%123123123@simon.incutio.com. This trick is frequently used by spammers to steal people’s PayPal accounts, by tricking them in to “resetting” their password at a site owned by the spammer but disguised as PayPal.com.

[... 164 words]