Spyware, Viruses, & Security forum

General discussion

News - December 9, 2004

by Brent Welch / December 8, 2004 7:37 PM PST

Pop-up Loophole Opens Browsers to Phishing Attacks

Security firm Secunia has warned that most Web browsers are vulnerable to a simple "phishing" technique that could make fraudulent content appear genuine. The Copenhagen, Denmark, company on Wednesday published five advisories on the issue, covering fully patched, standard versions of Internet Explorer, Firefox, Opera, Konqueror and Safari. Secunia also published a demonstration allowing users to test their browsers. The test appeared to work on both Windows and Mac OS X platforms.

The problem is in the way browsers handle pop-up windows, which are used by many trusted sites such as banks. Because browsers aren't designed to check whether another site is allowed to change the content of a pop-up window, a malicious site can insert its own content into any pop-up window, as long as the target name of the window is known, Secunia said.

Test your browser: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

Full Story:
http://www.eweek.com/article2/0,1759,1737588,00.asp?kc=EWRSS03119TX1K0000594

Discussion is locked
You are posting a reply to: News - December 9, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: News - December 9, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: News - December 9, 2004
by glenn30 / December 8, 2004 11:05 PM PST

Brent, this is a little unsettling. I ran the test which returned a positive response indicating I am vunerable. In the absence of a fix I assume the exposure comes when a pfishing attempt is made and I respond to the request.

Am I thinking correctly as you read the article? If so the moral of the story is to never respond to requests for information of this type from anyone via the Internet. Already this is my practice. Sad, sad!! Sad

Glenn

Collapse -
Re: News - December 9, 2004
by roddy32 / December 8, 2004 11:31 PM PST

Glenn
I ran this test yesterday too when I first found out about this vulnerablity and also flunked. I think that most browsers will flunk it. I guess the lesson is to never click on something like that on ANY website unless you know for sure it is OK. I have always done that anyway.

Collapse -
Re: News - December 9, 2004
by Donna Buenaventura / December 8, 2004 11:39 PM PST

Hopefully the vendors will fix this issue ASAP.

With or without pop-blockers, a sites' popup window can be "taken over" by another site Sad

Collapse -
Re: News - December 9, 2004
by MarkFlax Forum moderator / December 9, 2004 5:31 AM PST

Very unsettling!

Now that the flaw is out in the open, I expect it to be exploited within a few days.

Mark

Collapse -
Young men are warned about laptop risk
by roddy32 / December 9, 2004 1:50 AM PST

This is not exactly a security news article, as such but it is interesting. I've heard rumors of this before but SUPPOSEDLY this is reputable because Reuters and MSNBC are reporting it.

Heat could damage fertility, researcher says

From REUTERS
Updated: 12:34 p.m. ET Dec. 9, 2004

LONDON - Teenagers and young men should keep their laptops off their laps because they could damage fertility, an expert said on Thursday.
Laptops, which reach high internal operating temperatures, can heat up the scrotum which could affect the quality and quantity of men?s sperm.


The rest of the article is on MSNBC News here

http://www.msnbc.msn.com/id/6677040/

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

GREAT SHOWS WITHOUT CABLE

Get live TV over the internet

Say goodbye to cable -- check out the top five live TV streaming services available now.