December 15, 2003 — (WEB HOST INDUSTRY REVIEW) — A flaw in Microsoft’s (microsoft.com) Internet Explorer allows fraudsters to create HTML code that makes the browser display an incorrect or “spoofed” URL in its address and status bars, according to a post made last Friday by Netcraft (news.netcraft.com).
r
r
The security flaw, first publicized last week in a posting to the BugTraq mailing list for discussion of security vulnerabilities, allows Web sites to display URLs containing false information by including a @ symbol. Because Internet Explorer interprets information to the left of the symbol as a user name for the address to the right, a phony Web site could appear to have a root address like microsoft.com or visa.com.
r
r
Netcraft, a research and analysis firm based in England, said the flaw makes it easier to trick Web users into divulging sensitive personal information, such as bank account details, through interacting with what appears to be a completely authentic URL.
r
r
Microsoft urged IE users to make sure that the secure site icon lock is displayed before transacting with a Web site. Double clicking the secure site icon reveals security certificate information that should match the Web site users are visiting, Microsoft said.
About theWHIR.com
Since 2000, The Web Host Industry Review has made a name for itself as the foremost authority of the Web hosting industry providing reliable, insightful and comprehensive news, interviews and resources to the hosting community. TheWHIR is an iNET Interactive property. For more information on iNET Interactive, visit http://www.inetinteractive.com
No related posts.
