" "

Thursday, October 26, 2006

URGENT - ALERT FOR NEW IE7

Spoofing bug found in IE 7


Description:
A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

(A phishing attack is where a rogue website attempts to discover secret information about you...credit card details and othe confidential stuff)

The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.

Secunia has constructed a demonstration, which is available at:
http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/
The weakness is confirmed in Internet Explorer 7 on a fully patched Windows XP SP2 system.

Solution:
Do not follow links from untrusted sources.

*****************************************


More....

Security experts have found a weakness in Internet Explorer 7 that could help crooks mask phishing scams, the type of attack Microsoft designed the browser to thwart.

IE 7, released last week, allows a Web site to display a pop-up that can contain a spoofed Web address, security monitoring company Secunia said Wednesday. An attacker could exploit this weakness to trick people into believing they are on a trusted Web site when in fact they are viewing a malicious page, Secunia said in an alert.

"This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions," Secunia said. The company has created a demonstration that shows a Microsoft Web address in the pop up window, but displays content from Secunia.

For more on this...
http://news.zdnet.com/2100-1009_22-6129626.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)