All the latest UK technology news, reviews and analysis
|
|
|
31 Oct 2006
Security researchers at Secunia have discovered a new vulnerability in Internet Explorer 7 that could be exploited by online identity thieves.
An attacker could inject content into another website's window, for instance replacing a log-in pop-up window for an online bank with a page that looks similar to the bank's log-in window.
The attacker would have to know the target name of the window being replaced, and would require the attacker's website and the target website to be open at the same time.
Secunia rated the vulnerability as 'moderately critical', its third most severe security rating on a five-step scale.
A Microsoft spokesman denied that the reported flaw describes a vulnerability in its software.
The company told vnunet.com in an emailed statement that Secunia describes the issue as "a by-design behaviour in popular web browsers that allows a website to open or reuse a pop-up window".
Users will be able to tell that they have been directed to a phishing website because the pop-up window displays an address bar.
Secunia issued a warning about a similar vulnerability in Internet Explorer 5 and 6 in 2004.
Today's alert is the fourth alleged security vulnerability that Secunia has unearthed in Internet Explorer 7 since the browser was launched earlier this month.
In addition to today's denial, Microsoft has dismissed one other Secunia report because it affected Outlook Express rather than IE7. Microsoft has confirmed the two other vulnerabilities.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
A global consultancy is looking for a technical IT infrastructure...
External Technical Engineer, Rochdale This Lancashire...
Contract: L3 Solaris Administrator - Stockholm, Sweden...
C# or VB.NET Senior Developer / Team Leader x 2- Manchester...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Exploit
I didn't know where else to put this so I chose you site since you were talking about an Internet browser exploit. Seems like everyday you hear of someone accused of having kiddie porn on their computer. What people don't realize is that it would be a whole lot easier to load porn onto someone's computer than it would be to upload a virus. Any sort of scanner won't detect it. It would just show up as picture files. Looks like somone would have figured this out by now. I'm not saying that all of the people are wrongly accused. But it would be very easy to set someone up. Just by browsing to a normal looking site, porn could be loaded onto your computer without your knowledge.
Posted by: truth 02 Nov 2006