|
||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||
|
Pop-up Phishing Vulnerability *** 27-Jun-2005 A Javascript pop-up flaw in major browsers used as part of a Phishing Scam *** Internet Explorer, Firefox, Safari, and several other web browsers all suffer from a vulnerability that enable a malicious JavaScipt pop-up script to be used by cyber criminals to steal personal data. The flaw, reported by the respected security firm Secunia, allows a phishing attack where a JavaScript pop-up window appears in front of a trusted website. "The problem is that JavaScript dialogue boxes do not display or include their origin, which allows a new window to open - for example, a prompt dialogue box - which appears to be from a trusted website", Secunia said. To exploit the flaw, a cyber criminal directs a web user from a malicious site or email to a legitimate, trusted site such as an online bank, in a new browser window. The malicious site would then open a Javascript pop-up in front of the legitimate website, which may fool a user into sending personal information back to the malicious site. The Mozilla Foundation development team have already been working on techniques to block such pop-up. In a statement by Microsoft, they warned users not to trust pop-ups that do not display an address bar or a lock icon that verifies it came from a legitimate source. Only the latest version 8.01 of Opera, would reveal the pop-up's origin - letting users inspects its URL to see if it came from a trusted site. Source: http://software.silicon.com/security/0,39024655,39131379,00.htm - Silicon.com MillerSmiles News 27/06/05 Talk about this article on our phishing news discussion forum PRESS/MEDIA ENQUIRIES MillerSmiles is the web's dedicated anti-phishing service. Launched in 2003, the site has become one of the most trusted internet security related websites on the internet. For enquiries relating to this story or any other part of the MillerSmiles website please email the MillerSmiles team here If you are interested in business and partnership opportunities with MillerSmiles please email us here |
|||||||||||||||||||||||||||
© Copyright 2003-2024 Oxford Information Services Ltd. All Rights Reserved.
Site design by
Oxford Information Services Ltd and Jag Design