IE7 Spoofing Trick

By Steve Biddle, in , posted: 27-Oct-2006 20:55

So what appears to be the first "security flaw" in Microsoft's newly released browser has appeared.


Description:
A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.

http://secunia.com/advisories/22542/


An example of the spoof is here:

http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/




Other related posts:
Anker make some of the best USB chargers and powerbanks available. Now you can get their products shipped directly to New Zealand
United Airlines pulls out of New Zealand for Southern Hemisphere Winter – AKL/SFO becomes seasonal.
Air New Zealand launches Flexitime Membership (and how it can save you $$$)




Permalink to IE7 Spoofing Trick | Add a comment (1 comment) | Main Index




Comment by freitasm, on 27-Oct-2006 21:04

I read a good comment somewhere... Apparently this was known before RTM. But Secunia decided to release the information after this was public. Fact? Not sure, but suspicious nonetheless...

 


Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.

Your name:

Your e-mail:

Your webpage:

sbiddle's profile

Steve Biddle
Wellington
New Zealand


I'm an engineer who loves building solutions to solve problems.


I also love sharing my views and analysis of the tech world on this blog, along with the odd story about aviation and the travel industry.

My interests and skillset include:

*VoIP (Voice over IP). I work with various brands of hardware and PBX's on a daily basis
  -Asterisk (incl PiaF, FreePBX, Elastix)
  -Polycom
  -Cisco
  -Linksys
  -Patton
  -Zyxel
  -Snom
  -Sangoma
  -Audiocodes

*Telecommunications/Broadband
  -xDSL deployments
  -WiMAX
  -GSM/WCDMA
  -WiFi

*Structured cabling
  -Home/office cabling
  -Phone & Data

*Computer networking
  -Mikrotik hardware
  -WAN/LAN solutions

*Wireless solutions
  -Motel/Hotel hotspot deployments
  -Outdoor wireless deployments, both small and large scale
  -Temporary wireless deployments
   
*CCTV solutions
  -Analogue and IP

I'm an #avgeek who loves to travel the world (preferably in seat 1A) and stay in nice hotels.


+My views do no represent my employer. I'm sure they'll be happy to give their own if you ask them.


You can contact me here or by email at stevenbiddle@gmail.com

twitter.com/stevebiddle