Huge Internet Explorer security bug
Kent Brewster points out a recently discovered security bug in Internet Explorer (worse on Windows than on Mac, but still a minor issue on Mac). This bug makes it pretty much impossible to know what site you're really looking at if you use IE6 on Windows. I'm not exaggerating. I'll try to present a nontechnical overview of this, and then point to some examples, and then to some further reading for more technical info.
The gist of the problem is that a malicious person can extremely easily provide a URL (the URL of a link, for example, or in an email) that looks like it goes to one place but actually goes somewhere else, and in IE for Windows there's almost no way for the IE user (even a technically sophisticated IE user) to see where the link actually goes ahead of time, or where it's actually taken the user after they click the link. For example, someone could provide a link where the URL looks in every way like a link to PayPal, but actually goes to a fake PayPal login page.
The upshot is that if you use IE6 on Windows (and maybe earlier versions too, I'm not sure), you can no longer tell with any degree of certainty what site you're looking at any given time.
Kent's example page is the clearest example I've seen. Go take a look at it. If you're using an affected browser, then when you point at his "Fake PayPal Login Screen" link, the URL in the status bar appears as "http://www.paypal.com". If you click the link, the URL text box at the top of the browser also shows that URL. But in fact, what you're looking at is a fake PayPal login screen that Kent threw together pretty easily. If Kent were malicious, he could use this to collect people's PayPal passwords, and the IE users would never know they'd been tricked.
On IE/Mac, the problem isn't nearly as bad. The status bar shows the fake PayPal URL when you point to the link, but after you follow the link the real URL appears in the Address area.
The only way that I know of to tell whether a given link is real or not (in IE/Win) is to look at the HTML source code for the page before following a link. Every time.
So if you use IE, especially if you use it for financial transactions, you may want to consider switching to another browser, at least until this bug is fixed. Don't uninstall IE; the bug doesn't affect anything on your computer. There's some discussion of non-IE browsers on the Rumor Mill; see particularly message #78. You may want to consider downloading Mozilla or Firebird for free from the Mozilla site, or buying Opera.
Non-IE browsers are not affected; the URL doesn't look like a real PayPal URL in other browsers. If you're not using IE, you don't need to worry about this. But if you know people who are using IE, especially for financial transactions, you should probably let them know about this.
Microsoft has said that they'll look into the issue and, if they consider it appropriate, will release a fix for it. I saw something that indicated that their next official patch release won't be 'til mid-January; hard to say whether they'll see this as important enough to issue a patch sooner. They certainly ought to; in my opinion, this is one of the biggest and most easily-exploited security bugs I've ever seen.
For some info on how it works, see part of the Slashdot thread, or the original advisory from Secunia. Secunia also provides an example/test page to illustrate the problem, though not as dramatically as Kent's.