“Security researchers have uncovered a spoofing flaw in Internet Explorer that could turn out to be the perfect holiday gift for scammers,” Matthew Broersma reports for eWeek. “The bug, which has been confirmed on a fully patched Windows XP system with IE 6.0 and Service Pack 2, could allow a scammer to display a fake Web site with all the attributes of a genuine, secure site, including the URL and the icon indicating SSL security, according to researchers.”
“Because the vulnerability is found in one of Internet Explorer’s default ActiveX controls, scammers could use it to spoof the content of any site, researchers said. Users could be lured to the fake site via a link in an e-mail message, a tactic that continues to prove effective despite efforts to educate users,” Broersma reports. “There is currently no patch for the bug. Users can protect themselves by turning off ActiveX or switching the security level for the ‘Internet’ zone to ‘high,’ researchers said… Secunia has issued an advisory describing the issue and is offering an online demonstration to test browser vulnerability.”
“Thomas Kristensen, chief technology officer at independent security firm Secunia, said in a telephone interview. ‘Because this is embedded in IE by default, it’s possible to inject content into any Web site. There’s no way for a Web site to protect itself against this… Once it is displaying the site, if you follow best practices and look for the padlock, et cetera, you still won’t have a clue [that the site is spoofed]… It isn’t really even spoofing – you are really visiting the site, it’s just that another site is controlling what you see,’” Broersma reports.
Full article here.
Related MacDailyNews articles:
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003
Sick of worms and viruses? ‘Move to Mac OS X’ suggests Chicago Tribune columnist – August 25, 2003
Chicago Sun-Times columnist: Windows ‘many holes in its security’ but ‘none of my Macs have ever been affected – August 26, 2003
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
Wall Street Journal’s Mossberg on making the switch from Windows to Mac – September 18, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003
Gates: Windows ‘by far the most secure’ system; tries to use ‘Mac OS X secure through obscurity’ myth – January 27, 2004
Mac OS X has no viruses; what’s wrong with Windows? – February 11, 2004
SmartMoney: Long-suffering Windows users can only dare to dream of Mac’s ease-of-use – February 12, 2004
Spyware, adware plague Windows users online; Mac OS X users surf freely – April 19, 2004
Gartner: Worms jack up the total cost of Microsoft Windows – May 07, 2004
Windows ‘Scob’ virus designed to steal financial data, passwords; Macintosh unaffected – June 26, 2004
Tired of patching patches to patch Windows patches? Writer suggests getting a Mac – August 03, 2004
Mossberg: Dump your Windows machine and get an Apple Macintosh to free yourself of spyware – August 25, 2004
Millions of Windows PC’s hijacked by hackers, turned into zombies; Macintosh unaffected – September 08, 2004
Security is top priority in Apple’s Mac OS X – September 12, 2004
Windows XP worm speaks to users as it deletes their files; Macintosh unaffected – September 13, 2004
University of Chicago recommends all students patch Windows at least once a day – September 14, 2004
USA Today columinst angry about Windows viruses, adware, spyware – September 15, 2004
Windows besieged by hackers; number of Windows viruses soars by more than 400% – September 20, 2004
USA Today: people are switching from Windows to Mac because of security issues – September 21, 2004
Mossberg: Apple iMac G5 ‘powerful, affordable, virus-free with better, more modern OS than Windows XP’ – September 23, 2004
Information Security Investigator says switch from Windows to Mac OS X for security – September 24, 2004
Cyber-security adviser uses Apple Macintosh to avoid Windows’ security woes – September 27, 2004
Even Bill Gates can’t avoid Windows malware; Mac users surf the Web freely – October 03, 2004
Windows desktop monopoly threatened by secure, safe Apple Mac OS X – October 04, 2004
Windows users’ security woes spark interest in Apple’s secure Mac OS X – October 06, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Windows users line up to pay for spyware removal; Mac users surf Web with impunity – October 18, 2004
Ballmer blames Windows users for not upgrading systems as Microsoft’s biggest security problem – October 22, 2004
Spyware plagues Windows users while Mac users surf Net with impunity – November 01, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Sick of spyware, adware infecting your PC? Don’t fret, just get a Mac – November 01, 2004
Security test: Windows XP system easily compromised while Apple’s Mac OS X stands safe and secure – November 30, 2004
Security expert: Don’t use Microsoft Windows, Office, Outlook, Internet Explorer – December 09, 2004
Mossberg: Windows PCs plagued with problems, Apple’s Mac is ‘rock solid, elegant and affordable’ – December 09, 2004
Sick of spyware, adware headaches? Get a Mac and surf the Internet freely – December 13, 2004
Detroit Free Press: Windows malware problem getting worse, it’s time to get a Mac instead – December 16, 2004
Microsoft may charge extra for Windows spyware protection software – December 16, 2004
5 Day Most Commented