You are here: silicon.com > Software > Applications

Applications

Microsoft: No plans to patch IE spoof

Users data at risk...

Tags: spoof, phishing, pop-up, ie

Printer Friendly Email Story RSS

By Joris Evers

Published: 24 June 2005 08:45 BST

Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers.

In the attack, JavaScript is used to display a pop-up window in front of a trusted website. The pop-up appears to be part of the legitimate site but is actually linked to a different, malicious site. A user might be fooled into sending personal information to the scammers.

Although the pop-ups could be used by attackers, overlaying multiple windows in a web browser is a feature, not a vulnerability, according to an advisory posted on Microsoft's TechNet website.

The advisory said: "This is an example of how current standard web browser functionality could be used in phishing attempts."

Phishing is a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam email and fraudulent web pages that look like legitimate sites.

Earlier this week, security monitoring company Secunia warned of the browser problem and rated it "less critical". The issue affects most major browsers, Secunia said.

The problem is that JavaScript dialogue boxes do not display or include their origin. For an attack to occur, a user would have to visit a malicious website or click on a link before going to a trusted site, such as that of a bank. The attacker could then overlay part of the trusted site with a window asking for data such as a user name and password. Information entered would go to the attacker, instead of the bank.

Firefox developers at the Mozilla Foundation have been making moves to combat this kind of attack. In April, a patch was developed that allows people to block Java and Flash-based pop-ups unless they come from trusted sites.

Opera has said its latest browser, 8.01, displays the origin of a pop-up, letting a user inspect its URL to see if it originated from a trusted site.

Graeme Wearden of ZDNet UK contributed to this report

Joris Evers writes for CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Pop-up phishing flaw hits browser security

Mozilla: Firefox 'as safe as a condom'

Mozilla flaws reveal personal web data

Netscape's new browser needs a fix

Netscape: New version set to leap out

Phishing attacks get personal...

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…

Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...

Skype touts biz credentials

BT gets chatty with business customers

Oracle takes on SAP with retail apps

Forecasting tech blows away stormy weather

Open source guru criticises Oyster software

Suppliers move away from licensing crackdowns


  • Jobs
Linux / Cisco Network Specialist UKs Top IT Employer - Oxfordshire

Cisco IOS, Linux (RHEL4), Firewalls such as PIX & Firewall 1, TCP/IP, DNS, POP, SMTP, SNMP, proxies, email servers, PHP, MySQL, Apache, Tomcat, ...

Graduate Integration Engineer London- c.£21k

This will be achieved through the development of 'agents' which gather information from our clients to display on the website. You are confident and ...

Development Team Leader C# / ASP.NET / SharePoint Oxfordshire

We strive to reflect RMs core values by providing a great working environment, and our active sports & social team hosts a wide variety of events ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.

College classrooms go high-tech

Travis Perkins builds its tech future

Thin clients switch on digitally excluded

MSDN Webcast: Demystifying Office Business Applications for the Developer (Level...

Understanding SOA and Business Mashups: Automate. Coordinate. Collaborate. No coding...

Tips and Tricks for Office 2007

MSDN Webcast: Demystifying Office Business Applications for the Business Analyst...

Stories from the web...


Peter Cochrane's Video Blog: Power outrage

Business agility through flexible IT

What are you really saying?


London data centres hit by credit crunch

Ofcom: Mobile broadband driving interest in fibre

3G iPhone to storm enterprise world, says O2

MoD IT - late and over budget

Terrorists turning to tech, warns gov't




Quick Sitemap Links: