RE: Secunia Reports Another IE7 Flaw

[Larry Seltzer <Larry () larryseltzer com>]

> From the Microsoft Security Response Center Blog:

http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.as
px 

"...this is an issue with how URLs are displayed in the address bar.
Specifically, we've seen that this occurs in a pop-up window after a
user clicks a specially formed link on an untrusted website or in an
untrusted e-mail. 

Now, while the full URL is actually present in the address bar, the left
part of the URL is not initially displayed. But, you can see the full
URL if you either click in the browser window or in the address bar and
then scroll within the address bar...

...our general guidance as far as things you can do to help protect
yourself against phishing attacks can help protect here. Specifically
that you should never enter personal information into a website unless
you've verified the server's name by using SSL. We talk about this on
our website here.

The other thing I wanted to mention is that in IE 7, the Microsoft
Phishing Filter can help protect should any phishing sites attempt to
exploit this issue in a couple of ways. 

First, the Phishing Filter's browser-based heuristics can help to
protect you. These heuristics analyze Web pages in real time and then
can warn you about suspicious characteristics if it finds any on the
page. If someone attempts to use this issue in a phishing site, the
Phishing Filter's heuristics may detect that site as such and warn
you...

&c &c &c"

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.