Language Selection

English French German Italian Portuguese Spanish

IE pop-up spoof won't get patch

Filed under
Microsoft

Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers.

In the attack, JavaScript is used to display a pop-up window in front of a trusted Web site. The pop-up appears to be part of the legitimate site, but actually is linked to a different, malicious site. A user might be fooled into sending personal information to the scammers.

Although the pop-ups could be used by attackers, overlaying multiple windows in a Web browser is a feature, not a vulnerability, according to an advisory posted Tuesday on Microsoft's TechNet Web site.

"This is an example of how current standard Web browser functionality could be used in phishing attempts," Microsoft said in the advisory.
Phishing is a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.

Earlier this week, security monitoring company Secunia warned of the browser problem and rated it "less critical." The issue affects most major browsers, Secunia said.

The problem is that JavaScript dialog boxes do not display or include their origin. For an attack to occur, a user would have to visit a malicious Web site or click on a link before going to a trusted site, such as that of a bank. The attacker could then overlay part of the trusted site with a window asking for data such as a user name and password. Information entered would go to the attacker, instead of the bank.

Firefox developers at the Mozilla Foundation have been making moves to combat this kind of attack. In April, a patch was developed that allows people to block Java and Flash-based pop-ups unless they came from trusted sites.

Opera has said that its latest browser, 8.01, would display the pop-up's origin, letting a user inspect its URL to see if it came from a trusted site.

Source.

More in Tux Machines

PC-BSD Becomes TrueOS, FreeBSD 11.0 Reaches RC2

  • More Details On PC-BSD's Rebranding As TrueOS
    Most Phoronix readers know PC-BSD as the BSD operating system derived from FreeBSD that aims to be user-friendly on the desktop side and they've done a fairly good job at that over the years. However, the OS has been in the process of re-branding itself as TrueOS. PC-BSD has been offering "TrueOS Server" for a while now as their FreeBSD-based server offering. But around the upcoming FreeBSD 11.0 release they are looking to re-brand their primary desktop download too now as TrueOS.
  • FreeBSD 11.0-RC2 Arrives With Fixes
    The second release candidate to the upcoming FreeBSD 11 is now available for testing. FreeBSD 11.0-RC2 ships with various bug fixes, several networking related changes, Clang compiler fixes, and other updates. FreeBSD 11.0 is bringing updated KMS drivers, Linux binary compatibility layer improvements, UEFI improvements, Bhyve virtualization improvements, and a plethora of other work. Those not yet familiar with FreeBSD 11 can see the what's new guide.

Hosting, Servers, VMs and Containers

  • Open Source, Containers and the Cloud: News from ContainerCon and LinuxCon
    LinuxCon and ContainerCon, events focused on Linux, containers and open source software, wrapped up this week in Toronto. Here's a round-up of the announcements and insights related to cloud computing that emerged from the meeting. LinuxCon and ContainerCon are co-located events. That made for an interesting combination this year because Linux is an established technology, which is celebrating its twenty-fifth anniversary. In contrast, containers remain a new and emerging enterprise technology. (Yes, containers themselves are much older, but it has only been in the past three years, with the launch of Docker, that containers are becoming a big deal commercially.) The two events thus paired discussion of a very entrenched platform, Linux, with one that is still very much in development. But open source, the coding and licensing model behind both Linux and container platforms like Docker, tied everything together.
  • Citrix Enables NetScaler for Containers and Micro-Services
    At the LinuxCon ContainerCon event here, a core topic of discussion is about how to enable enterprises to be able to embrace containers. Citrix has a few ideas on how to help and is announcing enhancements to its NetScaler networking gear to enable load balancing for containers and micro-services.
  • Want to Work for a Cloud Company? Here’s the Cream of the Crop
    What do Asana, Greenhouse Software, WalkMe, Chef Software, and Sprout Social have in common? They’ve been deemed the very best privately held “cloud” companies to work for, according to new rankings compiled by Glassdoor and venture capital firm Battery Ventures. For “The 50 Highest Rated Private Cloud Computing Companies,” Glassdoor and Battery worked with Mattermark to come up with a list of non-public companies that offer cloud-based services, and then culled them, making sure that each entry had at least 30 Glassdoor reviews, Neeraj Agrawal, Battery Ventures general partner told Fortune.
  • Red Hat Updates its Kernel-based Virtual Machine
    Red Hat updated its Kernel-based Virtual Machine (KVM)-powered virtualization platform for both Linux- and Windows-based workloads.
  • Red Hat Virtualization 4 Takes on Proprietary Competition
    Red Hat continues to move well beyond its core enteprise Linux-based roots with a string of new releases. The company has announced the general availability of Red Hat Virtualization 4, the latest release of its Kernel-based Virtual Machine (KVM) -powered virtualization platform. It fully supports OpenStack’s Neutron – the networking project leveraged in SDNs. The company emphasizes that Red Hat Virtualization 4 challenges the economics and complexities of proprietary virtualization solutions by providing a fully-open, high-performing, more secure, and centrally managed platform for both Linux- and Windows-based workloads. It combines an updated hypervisor, advanced system dashboard, and centralized networking for users’ evolving workloads.

Windows, Mac or Linux... Which operating system best suits your business?

Linux is a free alternative. Apart from the zero-cost factor, it's still less prone to viruses than Windows. Most Linux machines start out as Windows computers that are reformatted. Linux is also adaptable -- Linux is an OS kernel, not a full system, but is the heart of software distributions such as Ubuntu or Fedora. As for cons, Linux is more complex to learn and use. There are also far fewer programs written for Linux systems. Of course, someone with an advanced online computer science master’s degree will help you make the most of a Linux system by supplying the skills needed to innovate and implement custom solutions for your business environment. Read more

LinuxCon, Linux at 25, and Linux Development