Bad page redirect using "tesnexus.com" domain
It came to my attention today that people have been having trouble accessing TESNexus recently via the domain "tesnexus.com" without the "www" at the beginning. Sure enough when I tried to access the site via "tesnexus.com" instead of "www.tesnexus.com" I was redirected to a bad splash page website.
Astute forum member yoyohobo665 investigated the issue and found that there is a vulnerability in Windows XP and lower "that could allow spoofing", i.e. the redirection of legitimate traffic to bad places by bad people. There is a hot fix out and if you're a regular windows update user you will probably already have this fix, but if you don't use windows update or if you're a naughty person there is a downloadable version for XP available here. This fix does not check for legitimate XP installs. If you use an operating system other than XP (I believe Vista is safe) then you can find relavent downloads at this microsoft page.
I'm unsure at this time whether this issue is server side (i.e. an issue I have to fix), client side (i.e. an issue you have to fix) or both. What I do know is that this issue is resolved via the hot fix Microsoft have released and I am inquiring about whether I need to be doing anything my end.
Update:
I have investigated this issue and have patched up the server accordingly. Windows users (not including Vista) are still recommended to install the hotfix provided and please let me know if you experience the issue again.
8 comments
http://blog.washingtonpost.com/securityfix...xes_micros.html
BTW... I only got the Splash page by using tesnexus.com instead of www.tesnexus.com 75% of the time. Im guessing this means that the Splash is programmed for random or somthing. And i actualy got the splash when i used www.tesnexus.com as well.
Out of curiosity, I tried doing the same with Opera. The website loads fine.
Oh well, I hope the above helps anyone out there.
Later.