Posted on 12/20/2004 5:20:21 AM PST by mathprof
Fake sites could soon have legit addresses and security icons
A newly reported security problem in Microsoft's Internet Explorer (IE) web browser allows attackers to create a fake website that looks exactly like a genuine site.
The vulnerability lets an attacker display any website while the address bar in IE will display a trusted web address, for example https://www.paypal.com/, and even show the icon indicating SSL (secure socket layer) security, security researchers warned on Thursday.
The issue could result in more sophisticated phishing scams, a prevalent type of online attack that typically combines spam email messages and web pages that look like legitimate e-commerce sites to steal sensitive information such as user names, passwords and credit card numbers.
The problem was discovered by a security researcher from the Greyhats Security Group and reported on Thursday by Danish security company Secunia. The vulnerability lies in an ActiveX control in IE and has been found to affect version 6.0 of the browser running on Windows XP with Service Pack 2 and earlier versions, according to a Secunia advisory.
Microsoft is investigating the report, a company spokeswoman said Friday. "We have not been made aware of any attacks attempting to use the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports," she said.
Upon completion of this investigation, Microsoft may provide a security fix through its monthly release process or as an out-of-cycle security update, she said. Meanwhile, Secunia suggests users protect themselves by disabling ActiveX in IE or setting the IE security level to "high" for the internet zone.
When I set up my website years ago, IE had 95% of the visitors.
Right now, today I got my webtrends report, and IE is 80%.
IE is still the giant in the browser world and you have to acccomodate them. -Tom
Actually this was patched in Service Pack 1.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.