funsec mailing list archives
RE: Secunia Reports Another IE7 Flaw
From: Larry Seltzer <Larry () larryseltzer com>
Date: Wed, 25 Oct 2006 21:41:47 -0400
From the Microsoft Security Response Center Blog:
http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.as px "...this is an issue with how URLs are displayed in the address bar. Specifically, we've seen that this occurs in a pop-up window after a user clicks a specially formed link on an untrusted website or in an untrusted e-mail. Now, while the full URL is actually present in the address bar, the left part of the URL is not initially displayed. But, you can see the full URL if you either click in the browser window or in the address bar and then scroll within the address bar... ...our general guidance as far as things you can do to help protect yourself against phishing attacks can help protect here. Specifically that you should never enter personal information into a website unless you've verified the server's name by using SSL. We talk about this on our website here. The other thing I wanted to mention is that in IE 7, the Microsoft Phishing Filter can help protect should any phishing sites attempt to exploit this issue in a couple of ways. First, the Phishing Filter's browser-based heuristics can help to protect you. These heuristics analyze Web pages in real time and then can warn you about suspicious characteristics if it finds any on the page. If someone attempts to use this issue in a phishing site, the Phishing Filter's heuristics may detect that site as such and warn you... &c &c &c" Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Secunia Reports Another IE7 Flaw Fergie (Oct 25)
- RE: Secunia Reports Another IE7 Flaw Richard M. Smith (Oct 25)
- RE: Secunia Reports Another IE7 Flaw Larry Seltzer (Oct 25)
- <Possible follow-ups>
- RE: Secunia Reports Another IE7 Flaw Gregory Hicks (Oct 25)
- RE: Secunia Reports Another IE7 Flaw Fergie (Oct 25)
- Re: Secunia Reports Another IE7 Flaw Dude VanWinkle (Oct 25)
- RE: Secunia Reports Another IE7 Flaw Larry Seltzer (Oct 25)
- RE: Secunia Reports Another IE7 Flaw Larry Seltzer (Oct 25)
- Re: Secunia Reports Another IE7 Flaw Dude VanWinkle (Oct 25)
- RE: Secunia Reports Another IE7 Flaw Richard M. Smith (Oct 25)