Home :: Newsletters :: RSS Feeds :: About Us :: Advertise     
The Industry Standard News and Analysis for the Internet Economy
NEWS
METRICS
BLOGS
JOBS
EVENTS
        Internet News for Internet Business Monday, 04th of April, 2005   

  TOPICS
Technology
Media
Money
Politics
Opinion and Blogs


  Newsletter/RSS
Sign up today for the daily email newsletter:

Internet News
Metrics
Blogs
Jobs
Events
Trackback
What is this?


  BLOGS
Denise Howell
JD Lasica
Esme Vos
Scott Rafer
Ross Mayfield
Doc Searls
Seth Godin
Ashlee Vance
Matt McAlister
Tom Hespos
Mark Jones
Jen Muehlbauer
Cringe Worthy
Mark Frauenfelder
Declan McCullagh
Julene Snyder
Mark Glaser
Rafat Ali
Thomas Goetz
Mike Butcher
Jimmy Guterman

>> RSS Feed



  Archive

June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004

Recent Entries:
Few details in eBay's Shopping.com plans
Skype, VOIP handsets on show at Computex
Microsoft plans mobile e-mail push upgrade
EBay buys Shopping.com for $620 million
New .xxx domain will be reserved for porn



Previous Story: UK to launch Parliamentary inquiry into future e-voting
Next Story: E-government saves loads of cash, UK claims

Vulnerability allows scammers to hijack pop-ups
By Scarlet Pruitt

Security researchers warned this week of a vulnerability in most Web browsers which could potentially allow scammers to launch phishing attacks from pop-up windows on trusted Web sites.

The vulnerability arises when an Internet user opens browser windows for both a legitimate Web site and a malicious site at the same time. Because of an old functionality that exists in most browsers, the malicious site can potentially display information in a pop-up window from the trusted site, according to Secunia Research.

The vulnerability has yet to be exploited but could present a very effective method for launching online fraud scams, often known as phishing, Secunia Chief Technology Officer Thomas Kristensen said Thursday.

While most users do not intentionally visit malicious Web sites, they often stumble upon them by following links, making it relatively common for Net surfers to have browser windows open for both legitimate and malicious sites at the same time, Kristensen said.

This could be a particularly dangerous situation if exploited to display misleading information on a pop-up window from a legitimate bank Web site, for example, he warned. Even if savvy users check for a the yellow "lock" icon on a Web site, signifying encryption, the pop-up could still display content from the malicious site, he said.

"This could be a surprisingly effective way to seduce or trick people into doing something," Kristensen said.

The vulnerability affects almost all browsers, including Internet Explorer (IE), Mozilla, Firefox, Opera, Konqueror, Safari and Netscape, the researcher said.

Secunia, based in Copenhagen, went public with its warning Wednesday, after saying that it had alerted browser vendors of the vulnerability months ago.

Microsoft said Thursday that it has investigated the report, and customers who use Windows XP SP2 and follow its advice on spoofing attacks are at a reduced risk.

The functionality described in the report allows a Web site to open or re-use a window without displaying the address bar. However, SP2 users will see a status bar in the pop-up window, allowing them to look for the yellow lock icon and confirm that the site is valid, Microsoft said.

Opera has also included measures to mitigate the vulnerability in the latest beta version of its software, Kristensen said.

He acknowledged that by going public with the warning he was also alerting Internet scammers to a new opportunity, but said that he felt the public should be aware of the threat since not all browser vendors had been responsive.

"We thought it would be better to openly talk about this and we are giving advice on how to mitigate it," Kristensen said.

Posted December 9, 2004 04:22 PM |



FREE Email Newsletter RSS Feeds
Sign up today for the
daily email newsletter:
Internet News
Metrics
Blogs
Jobs
Events
Trackback
What is this?





    ADDITIONAL RESOURCES:
    • Find reviews of digital cameras and download the latest graphics tools from PCWorld.
    • Astonish your colleagues with the latest technology news and trends from Computerworld.
    • Digital music that matters: chart-toppers and free audio files from Playlistmag.com.
    • Catch a daily glimpse behind the forces shaping the security business from CSOonline.com.
    • In-depth look at networking products, by Network World's team of independent reviewers.
    • Top reviews, analyses & evaluation of IT products by technology experts from InfoWorld.
    • Hot tech news with links to blogs and resources around the Internet on Lockergnome.

    MORE INTERNET NEWS LINKS


Home :: Newsletters :: RSS Feeds :: About TheStandard :: Advertise    
Copyright © 2004, TheStandard.com :: Terms and Conditions :: Privacy Policy