Looking good in today's inbox
denise cox argues that good e-mail design recognises the need for what goes 'above the fold'.
» more
Picture this
Is it unreasonable to expect the individual to take responsibility for their personal data?
» more
Webpick: Gmail Themes
If you always felt Gmail looked a little spartan for your tastes, change has arrived.
» more

SECURITY

New IE security flaw could aid phishing scams

07-04-2006

by Silicon.com

An unpatched vulnerability in Internet Explorer could aid fraudsters in pulling off phishing scams, experts have warned.

The error could be exploited to fake the address bar in a browser window, according to an advisory notice from security monitoring company Secunia. This tactic could be used in phishing scams that attempt to trick people into believing they are on a legitimate site, when in fact they are viewing a fraudulent web page.

Phishing is a prevalent type of online scam that seeks to pilfer personal information from unsuspecting internet users. The scams typically combine spam e-mail with fraudulent websites that appear to come from a trusted source, such as a credit card company or a bank.

The flaw exists because of an error in the way the Microsoft web browser loads web pages and Macromedia Flash animations, according to Secunia. The company rates the issue "moderately critical" and has created a special web page where users can test their web browser to see if they are affected.

Secunia has confirmed that the vulnerability affects IE 6.0 on Windows XP with all current security patches. It also affects the latest IE 7 beta release, Secunia said. Other versions may also be affected, it said.

Microsoft is investigating the newly reported flaw, a representative said in an e-mailed statement. "Our initial investigation has revealed that customers who have set their internet security settings to high, or who have disabled active scripting, are at reduced risk from attack as the attack vector requires scripting," the representative said.

Additionally, Microsoft noted that it has not seen any active attacks that take advantage of this issue, which Secunia has dubbed the "Internet Explorer Window Loading Race Condition Address Bar Spoofing" flaw.

This is the fourth unpatched vulnerability for IE that has become public in the last few weeks.

Microsoft plans to release a security update for the web browser on Tuesday. At least one of the disclosed bugs will be fixed in that update, the company has said. That flaw, related to how IE handles the "createTextRange()" tag in web pages, has been exploited in attacks to install spyware, remote-control software and Trojan horses on vulnerable PCs.

Joris Evers writes for CNET News.com.

Reprinted with permission from Silicon.com

Click here to make ENN your home page

EMAIL TIPS

Who goes there?
With people taking seconds to read or trash email, being clear about who you are is vital to message survival. » Read more

ENN CORPORATE

Complete copywriting services
Do you need skilled writers to put together compelling prose for your company? Why not check out the new-look corporate services site from ENN and see how we can put our skills to your use. » Read more

<a href='http://openx.enn.ie/www/delivery/ck.php?n=af6c6082&cb=76216' target='_blank'><img src='http://openx.enn.ie/www/delivery/avw.php?zoneid=5&cb=51118&n=af6c6082' border='0' alt='' /></a>
<a href='http://openx.enn.ie/www/delivery/ck.php?n=a5c6ffca&cb=89579' target='_blank'><img src='http://openx.enn.ie/www/delivery/avw.php?zoneid=6&cb=70836&n=a5c6ffca' border='0' alt='' /></a>
<a href='http://openx.enn.ie/www/delivery/ck.php?n=a7dee0d0&cb=44672' target='_blank'><img src='http://openx.enn.ie/www/delivery/avw.php?zoneid=7&cb=57633&n=a7dee0d0' border='0' alt='' /></a>

Not a member yet?
Sign up free, click here
To change your ENN Newsletter and alerts preferences here

WHO'S WHO IN PR

Full listing of Irish PR firms, including high-tech specialists. » Click here

Looking good in today's inbox

Picture this

Webpick: Gmail Themes