IE7 Spoofing Trick

By Steve Biddle, in , posted: 27-Oct-2006 20:55

So what appears to be the first "security flaw" in Microsoft's newly released browser has appeared.

A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.

An example of the spoof is here:

Other related posts:
Have an interest in retail payments and credit card interchange rates? Here’s your chance to have a say.
Fairfax takes journalism ethics and integrity to a whole new low with Stuff fibre
Why are airport taxes and service charges so high on Trans Tasman flights between New Zealand and Australia?

Permalink to IE7 Spoofing Trick | Add a comment (1 comment) | Main Index

Comment by freitasm, on 27-Oct-2006 21:04

I read a good comment somewhere... Apparently this was known before RTM. But Secunia decided to release the information after this was public. Fact? Not sure, but suspicious nonetheless...


Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.

Your name:

Your e-mail:

Your webpage:

sbiddle's profile

Steve Biddle
New Zealand

I'm an engineer who loves building solutions to solve problems.

I also love sharing my views and analysis of the tech world on this blog, along with the odd story about aviation and the travel industry.

My interests and skillset include:

*VoIP (Voice over IP). I work with various brands of hardware and PBX's on a daily basis
  -Asterisk (incl PiaF, FreePBX, Elastix)

  -xDSL deployments

*Structured cabling
  -Home/office cabling
  -Phone & Data

*Computer networking
  -Mikrotik hardware
  -WAN/LAN solutions

*Wireless solutions
  -Motel/Hotel hotspot deployments
  -Outdoor wireless deployments, both small and large scale
  -Temporary wireless deployments
*CCTV solutions
  -Analogue and IP

I'm an #avgeek who loves to travel the world (preferably in seat 1A) and stay in nice hotels.

+My views do no represent my employer. I'm sure they'll be happy to give their own if you ask them.

You can contact me here or by email at