IE7 flaw could expose users to phishing attacks: report
Last Updated: Thursday, October 26, 2006 | 11:37 AM ET
CBC News
Related
Internal Links
External Links
- Secunia advisory
- Microsoft Security Response Center blog post
- Microsoft tips to safeguard information online
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
A reported flaw in the newest version of Microsoft's web browser could leave its users susceptible to fraud attacks of the sort that Internet Explorer 7 was built to stop.
The vulnerability could allow a scam website to open a pop-up browser window that contains a faked internet address, exposing Internet Explorer 7 (IE7) users to potential phishing attempts, according to an advisory issued by Secunia on Wednesday.
Phishing is a type of fraud — usually conducted through e-mail or websites — in which criminals try to obtain sensitive information such as credit card numbers and bank passwords by fooling people into thinking they are communicating with a trusted party.
The IE7 weakness could let a fraudster trick people into thinking they are on a website that they trust by displaying part of a legitimate address at the beginning of the URL (an acronym for uniform resource locator), the Danish security company said.
"The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL," the alert published on Secunia's website says. "This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions."
Secunia has assessed the spoofing exploit as "less serious" — its second-least critical rating on a five-point scale — and advises people not to follow internet links they receive from unknown or untrusted sources.
Microsoft investigating
In a post to the Microsoft Security Response Center blog on Wednesday, the company said it is investigating the report and stressed that the browser's built-in tools should block attacks.
"In IE7, the Microsoft phishing filter can help protect should any phishing sites attempt to exploit this issue," Christopher Budd wrote. "We're not aware of any attacks that are attempting to use this, but as always we will continue to monitor the situation throughout our investigation."
The world's largest software maker advised people to follow measures outlined on its website to ensure they don't fall victim to any scams.
"Our general guidance as far as things you can do to help protect yourself against phishing attacks can help protect here. Specifically that you should never enter personal information into a website unless you've verified the server's name," Budd wrote.
Last week, Secunia reported a vulnerability in IE7 a day after the new software was released. Microsoft said the problem was actually with another Windows program, Outlook Express, but it could be activated through IE7, letting an attacker gain access to documents over the internet.
Share Tools
Top News Headlines
- Conservatives move again to have robocalls suits tossed
- The Conservative Party has filed a second motion to dismiss the robocalls lawsuits filed by the left-leaning Council of Canadians, calling council chairperson Maude Barlow a "virulent critic" of Prime Minister Stephen Harper who has "orchestrated" the litigation. more »
- Reclaiming the dead on Mt. Everest
- The difficulty, danger and expense of removing the bodies of climbers who died in Mount Everest's "death zone" mean most of the dead remain on the mountain as a stark reminder to other climbers of the risks. more »
- Teens share bullying tales in confession booth
- Raw stories about bullying emerged when a video booth was set up inside a Quebec high school. more »
- Wind and lightning threaten to worsen northern Ontario fires
- Shifting winds are expected to increase the size of wild fires near the communities of Timmins and Kirkland Lake in northern Ontario this morning, as the weather forecast calls for windy conditions and lightning. more »
Latest Technology & Science News Headlines
- Facebook unveils camera app for iPhone
- Facebook unveiled a photo-sharing application on Thursday that allows users to take pictures on their mobile device and post them directly to their Facebook accounts. more »
- Neil Armstrong grants rare interview to accountants organization
- Legendary astronaut Neil Armstrong, who was the first person to walk on the moon, has surprised the media establishment by granting a rare and comprehensive interview to an unexpected interviewer: the Certified Practicing Accountants of Australia. more »
- 'Safe' stem cell discovery unveiled in Calgary
- Scientists in Calgary say they have discovered a way to create stem cells by the millions more quickly and safely than ever before. more »
- Canadian Hurricane Centre predicts 9 to 15 storms in 2012
- The early arrival of a tropical storm off the U.S. east coast does not mean Eastern Canada should brace for a particularly active hurricane season, Canadian forecasters said Thursday. more »
Bob McDonald's Blog
Underground lab may solve cosmic mystery May. 18, 2012 4:22 PM A new astronomical observatory opened this week - one more than 2 kilometres below the ground in Sudbury, Ont. - that may finally answer the mystery of Dark Matter in the universe. SNOLAB will attempt to capture the elusive Dark Matter particles as they pass right through the Earth.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 24, 2012 10:14 AM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Reclaiming the dead on Mt. Everest
- Workers' EI history to affect claim under new rules
- Quebec faces mounting pressure amid student crisis
- Gatineau police to question suspect in multiple homicides
- Conservatives move again to have robocalls suits tossed
- Suspect arrested in decades old N.Y. missing boy case
- Double-lung recipient Hélène Campbell dances for joy
- B.C. man fined $6,000 for feeding 'pot bears'
- B.C. to end AirCare car program in 2014
