Language Selection

English French German Italian Portuguese Spanish

IE pop-up spoof won't get patch

Filed under
Microsoft

Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers.

In the attack, JavaScript is used to display a pop-up window in front of a trusted Web site. The pop-up appears to be part of the legitimate site, but actually is linked to a different, malicious site. A user might be fooled into sending personal information to the scammers.

Although the pop-ups could be used by attackers, overlaying multiple windows in a Web browser is a feature, not a vulnerability, according to an advisory posted Tuesday on Microsoft's TechNet Web site.

"This is an example of how current standard Web browser functionality could be used in phishing attempts," Microsoft said in the advisory.
Phishing is a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.

Earlier this week, security monitoring company Secunia warned of the browser problem and rated it "less critical." The issue affects most major browsers, Secunia said.

The problem is that JavaScript dialog boxes do not display or include their origin. For an attack to occur, a user would have to visit a malicious Web site or click on a link before going to a trusted site, such as that of a bank. The attacker could then overlay part of the trusted site with a window asking for data such as a user name and password. Information entered would go to the attacker, instead of the bank.

Firefox developers at the Mozilla Foundation have been making moves to combat this kind of attack. In April, a patch was developed that allows people to block Java and Flash-based pop-ups unless they came from trusted sites.

Opera has said that its latest browser, 8.01, would display the pop-up's origin, letting a user inspect its URL to see if it came from a trusted site.

Source.

More in Tux Machines

UKSM Is Still Around For Data Deduplication Of The Linux Kernel

Several years back we wrote about Ultra Kernel Samepage Merging (UKSM) for data de-duplication within the Linux kernel for transparently scanning all application memory and de-duping it where possible. While the original developer is no longer active, a new developer has been maintaining the work and continues to support it on the latest Linux kernel releases. Read more

Why Dell’s gamble on Linux laptops has paid off

The whole juggernaut that is now Linux on Dell started as the brainchild of two core individuals, Barton George (Senior Principal Engineer) and Jared Dominguez (OS Architect and Linux Engineer). It was their vision that began it all back in 2012. It was long hours, uncertain futures and sheer belief that people really did want Linux laptops that sustained them. Here is the untold story of how Dell gained the top spot in preinstalled Linux on laptops. Where do you start when no one has ever really even touched such a concept? The duo did have some experience of the area before. George explained that the XPS and M3800 Linux developer’s laptops weren’t Dell’s first foray into Linux laptops. Those with long memories may remember Dell testing the waters for a brief while by having a Linux offering alongside Windows laptops. By their own admission it didn’t work out. “We misread the market,” commented George. Read more Also: New Entroware Aether Laptop for Linux Powered with Ubuntu

A Short MATE Desktop 1.17 Review in February 2017

MATE 1.17 is a testing release, it has no official announcement like 1.16 stable release (odd = unstable, even = stable). But what made me interested is because Ubuntu MATE 17.04 includes it by default so I write this short review. The most fundamental news is about MATE Desktop is now completely ported to GTK+3 leaving behind GTK+2. You may be interested seeing few changes and I have tried Ubuntu MATE 17.04 Alpha 2 to review MATE 1.17 below. Enjoy MATE 1.17! Read more Also: What's up with the hate towards Freedesktop?

Linux Graphics