plugboy
Member
|
# Posted: 25 Oct 2006 09:28
Reply
A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.
The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.
Secunia has constructed a demonstration, which is available at: http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/
The weakness is confirmed in Internet Explorer 7 on a fully patched Windows XP SP2 system.
Solution: Do not follow links from untrusted sources.
For those of you IE users out there, I would suggest switching to FireFox as that is what IE is trying to match with IE 7.
Article can be found here
|