New URL Spoof--Watch Out for Phishers!

Security, malware, viri--you've got to keep your eyes open
Post Reply
bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis
Contact:

Post by bob » 10/30/04, 1:19 pm

According to Netcraft a new security flaw has been found in Microsoft Internet Explorer which makes it possible to spoof a URL with just some simple HTML code, by enclosing two URLs and a table within a single href tag. The user will be sent to one site, but the status bar will show a fake URL. The bug apparently affects IE and Outlook Express up to but not including SP2. Firefox and Konqueror seem unaffected."

http://it.slashdot.org/article.pl?sid=0 ... =172&tid=1
WYSIWTF

Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia
Contact:

Post by Gerry » 10/31/04, 4:05 am

<!-- BBCode Quote Start --><TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font class=postbody>Quote:</font><HR width=100% color=#333333 SIZE=1></TD></TR><TR><TD><FONT class=quote><BLOCKQUOTE>The ability to display a fraudulent URL in the status bar is especially useful, as security-conscious users would check the status bar before clicking through. The technique does not disguise the URL displayed in the address bar upon arrival at the destination page, meaning alert users will recognize the spoof at that point.</BLOCKQUOTE></FONT></TD></TR><TR><TD><HR width=100% color=#333333 SIZE=1></TD></TR></TABLE><!-- BBCode Quote End -->

Wow, what a hack. I can't do that in Javascript. =P
I answer rhetorical questions for my own enjoyment.

Post Reply