p2pnet.net News:- Secunia has rated a spoofing flaw found in Microsoft’s new IE7 as flaw as “Less critical”.

But you can bet every hacker out there is burning the midnight oil trying to come up with something that’ll force Bill and the Boyz to issue a major alert and “update”.

Meanwhile, in this second report – the first turned out to be something of a non-event – Secunia says it’s, “possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions”.

Like what? Like:

“This page could easily have contained malicious information spoofed as being from Microsoft, asking you to install programs or disclose sensitive information such as credit card details,” says the Secunia test. “This is only limited by the imagination of the attacker (phisher).”

We were using Firefox when we tried it.

The solution, says Secunia, is not to follow links from “untrusted sources”.

Also See:
Secunia – Internet Explorer 7 Popup Address Bar Spoofing Weakness, October 27, 2006
non-event – Problems with IE7?, October 20, 2006

---

p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php

This entry was posted on Friday, October 27th, 2006 at 7:34 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1918 times