New Phishing Flaw in Internet Explorer
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 48

Thread: New Phishing Flaw in Internet Explorer

  1. #1
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185

    New Phishing Flaw in Internet Explorer

    Hey kids,

    I just read this on Slashdot, thought I would share.

    Found at: http://it.slashdot.org/it/06/04/06/1718210.shtml
    JimmyM writes "Secunia reports on a new vulnerability in Internet Explorer . From the piece: 'This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.' According to several (german) media outlets this is already being exploited by phishing sites. Secunia has a test you can try to see if you are vulnerable."
    Maybe not a pressing issue, but interesting anyway!

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Strange, firefox throws up a different result each time for me - it will either just go straight to Google - and say google in the address bar - or it will go to secunia site - say google.com in the address bar for a second or two and then change to the correct URL and prompt me to D/L a .fla file.

    What happens with y'all?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Fully patched IE with XP home (patched) is vulnerable



    secunias web site warning

    Your browser is vulnerable if the Address Bar displays "http://www.google.com/".
    and the address bar shows google

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Debian Sarge with KDE 3.5 (from backports.com) and Mozilla Firefox 1.5.0.1 is not vulnerable. Hmmmm.

    But then, we knew that.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Senior Member DakX's Avatar
    Join Date
    Jul 2005
    Posts
    128
    The url does look a bit off. A few %20 or %3 jumping in the bar but nothing to say its google or so.
    [T]he future is now.

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    The test worked in my fully patched IE (WinXP pro NL) but the netcraft toolbar did show it as SECUNIA..

    So antiphishing tools prove their worth..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    In answer to Nokia's question, I tried it with Firefox 1.07 and Win 2000 SP4 updated a few hours ago and it goes to Secunia every time.


  8. #8
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    No probs with FF, but had to set the security level on IE to medium and mark prompt on the scripting options before it would go to the Secunia site....now I am okay....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  9. #9
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    my default settings in this box all browsers .including IE..went to secunia...

    It is your security settings.. Just tested on a clean installed system with ALL patches applied BUT default security setting .. and yes ie failed the test..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #10
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    my bar in firefox took me to yahoo and said res2res is not a registered protocol
    work it harder, make it better, do it faster, makes us stronger

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •