Another week, another hole in IE (this one's bad)
From: http://news.zdnet.com/2100-1009_22-5...=zdfd.newsfeed
Quote:
Microsoft is investigating reports of a new Internet Explorer flaw that puts people with the most secure version of Windows at risk of phishing attacks.
[...]
The Web browser flaw allows fraudsters to create a hard-to-spot spoofed Web site, according to an advisory from Secunia, even to the point of including a fake SSL signature padlock certificate. Phishers can also hijack cookies from any Web site, the company said.
"The problem is that users can't trust what they see in their browsers,” Thomas Kristensen, chief technology officer at Secunia, said. “This can be used to trick users to perform actions on what they believe is a trusted Web site, but actually these actions are recorded and controlled by a malicious site.”
I wonder when Microsoft will come to the conclusion that their haphazard integration of IE into Windows created more problems than it was worth.