[geeks] weird hijack of IE7
Michael-John Turner
mj at mjturner.net
Wed May 20 05:55:09 CDT 2009
On Tue, May 19, 2009 at 04:53:19PM -0400, Francois Dion wrote:
> This probably happens all the time, but I have a user that was
> complaining he couldn't access one of our web based application. The
> reason was that his IP was untrusted. It is as if he's coming from a
> machine from scansafe.net, not from the actual trusted network he's
> on. Only on IE 7, firefox is ok. Not sure what is at work here.
Does the user have the same proxy specified in both browsers, with the same
exclusion lists?
> I've seen scansafe in my logs before, they were doing some kind of
> buffer overrun attack. Are they legit but incompetant or purely
> malware?
Must admit I don't know much about Scansafe, but the proxy farm at $dayjob
makes use of their services (my external http connections are from
48ob.scansafe.net for example). This is with Firefox and ssh connections
tunneled over http.
-mj
--
Michael-John Turner
mj at mjturner.net <> http://mjturner.net/
More information about the geeks
mailing list