Language Selection

English French German Italian Portuguese Spanish

IE pop-up spoof won't get patch

Filed under
Microsoft

Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers.

In the attack, JavaScript is used to display a pop-up window in front of a trusted Web site. The pop-up appears to be part of the legitimate site, but actually is linked to a different, malicious site. A user might be fooled into sending personal information to the scammers.

Although the pop-ups could be used by attackers, overlaying multiple windows in a Web browser is a feature, not a vulnerability, according to an advisory posted Tuesday on Microsoft's TechNet Web site.

"This is an example of how current standard Web browser functionality could be used in phishing attempts," Microsoft said in the advisory.
Phishing is a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.

Earlier this week, security monitoring company Secunia warned of the browser problem and rated it "less critical." The issue affects most major browsers, Secunia said.

The problem is that JavaScript dialog boxes do not display or include their origin. For an attack to occur, a user would have to visit a malicious Web site or click on a link before going to a trusted site, such as that of a bank. The attacker could then overlay part of the trusted site with a window asking for data such as a user name and password. Information entered would go to the attacker, instead of the bank.

Firefox developers at the Mozilla Foundation have been making moves to combat this kind of attack. In April, a patch was developed that allows people to block Java and Flash-based pop-ups unless they came from trusted sites.

Opera has said that its latest browser, 8.01, would display the pop-up's origin, letting a user inspect its URL to see if it came from a trusted site.

Source.

More in Tux Machines

Android vs iPhone: 15 Reasons Android is Better

We’ll explain 15 reasons why Android is better than the iPhone with a new for 2016 Android vs iPhone comparison. Google is kicking up the competition with Android Marshmallow that is thankfully rolling out to more devices and showing off Android N and a handful of interesting apps that will come later this year. Apple continues to work on iOS 9 updates and is close to showing off iOS 10 this summer, which we hope will fix a number of issues and bring the iPhone on par with Android in key areas. The iPhone 6s and iPhone 6s Plus along with iOS 9 helped Apple users catch up in a number of ways, but there are still a lot of areas where Android is hands down better than the iPhone. Read more

3 open source alternatives to AutoCAD

The trick for deciding whether a replacement piece of software, whether open or closed, is a good choice for you is to tease out exactly what your needs are. The situation is no different than discovering that the person who insists that they "need" Photoshop is just using it to draw a few geometric shapes and remove red eye from photos; what they really need is a graphics editing tool that can replace those specific functions. Whether it has all of the bells and whistles of the original is irrelevant if those features sit paid for but unused. My personal journey through open source CAD programs was no different. I had worked with AutoCAD briefly in grad school, and so when I wanted to play with drawing three-dimensional plans for something, it was pretty much all I knew. But that alone didn't make AutoCAD the best choice. Read more

Manjaro Linux Budgie 16.06 Edition Promises a Clean Budgie Desktop Experience

As part of the upcoming Manjaro Linux 16.06 "Daniella" release, many of the community editions get Release Candidate (RC) builds to showcase what's coming later this year. Read more

DisplayLink USB 3.0 Driver Now Available for Ubuntu 16.04 LTS, Fedora Linux

DisplayLink has recently updated their DisplayLink USB 3.0 driver for the latest Ubuntu Linux operating system launched by Canonical in the last week of April 2016, Ubuntu 16.04 LTS. Read more