Language Selection

English French German Italian Portuguese Spanish

IE pop-up spoof won't get patch

Filed under
Microsoft

Microsoft does not plan to update Internet Explorer to prevent a spoofing attack that could trick users into giving out personal information to hackers.

In the attack, JavaScript is used to display a pop-up window in front of a trusted Web site. The pop-up appears to be part of the legitimate site, but actually is linked to a different, malicious site. A user might be fooled into sending personal information to the scammers.

Although the pop-ups could be used by attackers, overlaying multiple windows in a Web browser is a feature, not a vulnerability, according to an advisory posted Tuesday on Microsoft's TechNet Web site.

"This is an example of how current standard Web browser functionality could be used in phishing attempts," Microsoft said in the advisory.
Phishing is a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.

Earlier this week, security monitoring company Secunia warned of the browser problem and rated it "less critical." The issue affects most major browsers, Secunia said.

The problem is that JavaScript dialog boxes do not display or include their origin. For an attack to occur, a user would have to visit a malicious Web site or click on a link before going to a trusted site, such as that of a bank. The attacker could then overlay part of the trusted site with a window asking for data such as a user name and password. Information entered would go to the attacker, instead of the bank.

Firefox developers at the Mozilla Foundation have been making moves to combat this kind of attack. In April, a patch was developed that allows people to block Java and Flash-based pop-ups unless they came from trusted sites.

Opera has said that its latest browser, 8.01, would display the pop-up's origin, letting a user inspect its URL to see if it came from a trusted site.

Source.

More in Tux Machines

today's leftovers

Audiocasts: This Week in Linux and Freedom Penguin

today's howtos

icons and Themes: Vamox , Ashes, and DamaDamas

  • Vamox Icons Offers Three Color Variants for Linux Desktop
    Vamox icons were designed as a university thesis project by Emiliano Luciani and Darío Badagnani in 2008. The objective was to design a interface of a distro that the university could use for learning about design thin free software, From start these icons were developed for Ubuntu. Now these icons has three variants blue, orange and red, which are compatible with most of the Linux desktop environments such as: Gnome, Unity, Cinnamon, Mate, Xfce and so on. We have added these icons to our PPA for Ubuntu/Linux Mint and other related distributions, If you are using distribution other than Ubuntu/Linux Mint/its derivatives then download icons and install it in one of these "~/.icons" or "/usr/share/icons/" location. If you find any missing icons or problem with this icon set then report it to creator via linked page and hopefully it will get fixed soon.
  • Ashes Is A Light Theme For Your Linux Desktop
    Ashes theme is based on Adapta and Flat-Plat theme but it includes the mixture of blue and pink color scheme with gray search entity. Usually derived themes always try to make better and enhanced version by the person who forked it, to make desktop much perfect and elegant, same thing goes for this theme, it looks and feels great on almost every desktop. Mainly it is designed to work in Unity and Gnome desktop but it can also work in other desktops such as Cinnamon, Mate, and so on. For the Gnome desktop creator have added the dark title-bar/header-bar support, so you can enable Global-Dark-Theme using Gnome-Tweak-Tool, if you prefer dark title-bars. If you are using distribution other than Ubuntu/Linux Mint/its derivatives then download theme from here and install it "~/.themes" or "/usr/share/themes/" location. If you find any kind of bug or issue within this theme then report it to creator and since this theme is in active development hopefully it will be fixed soon.
  • DamaDamas Icons Looks Great And At The Same Time Give Windows Flavor
    If you have been searching for Windows icons for your Linux desktop then you are at the right place. The DamaDamas icons are from Pisi GNU/Linux and available for every Linux distribution, these icons give Windows look and feel to your desktop. There isn't much information available for these icons but the icons are SVG format and there are almost 4000+ icons packed in very fairly sized archive. We have added these icons to our PPA and these icons are compatible with almost every desktop environment such as: Gnome, Unity, Cinnamon, Xfce, Mate, KDE Plasma and so on. If you find any missing icons or problem with this icon set then report it to creator via linked page and hopefully it will get fixed soon.