Probably the simplest phishing trick in the world | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

The Perfect (Virtual) Marriage
Deduplication and VMware
Enforce Your Email and Web Acceptable Usage Policies
Not Just Words
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
Search Engine Link Spam
Risks, Threats, Solution
Solution Brief: Reduce Energy Costs
With Green IT Solutions
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption

The Register » Security » Spam »

Probably the simplest phishing trick in the world

Cross-platform browser risk

By John Leyden → More by this author

Published Thursday 9th December 2004 21:35 GMT

Many popular browsers are affected by a vulnerability that makes it easy to spoof the content of websites, security firm Secunia warns.

Features built into browsers makes it possible for malicious websites to change the content of pop-up windows created by trusted websites such as online banks. Users would have no inkling that potentially hostile content has been injected into a pop-up window. Exploits rely on misusing browser functionality rather than taking advantage of a software bug. Thomas Kristensen, Secunia’s chief technology officer, described the problem as “perhaps the simplest phishing trick yet.”

Secunia has confirmed the vulnerability on fully patched versions of Internet Explorer 6.0 and Windows XP SP1 and SP2 (advisory here), Mozilla 1.7.3, Mozilla Firefox 1.0, Netscape 7.2, Apple's Safari 1.2.4, Opera 7.54, and KDE's Konqueror 3.2.2-6. Other versions of these browsers might also be affected. Secunia has issued five advisories (summary here) and an on-line test.

Secunia describes the vulnerabilities as "moderately critical". It advises users not to browse untrusted sites while browsing trusted sites. ®

Related stories

Phishing for dummies: hook, line and sinker
Is Microsoft creating tomorrow's IE security holes today?
Poison applet peril affects IE, Opera and Firefox
A bumper crop of browser glitches

Email Encryption report: Eliminating the Security Risk of Sending Confidential Information by Email

Track this type of story as a custom Atom/RSS feed or by email.

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..

whitepaper title

Enforce Your Email and Web Acceptable Usage Policies

Unmanaged employee use of email and the web can subject any organization to costly risks. Learn how clearly written Email and Web Acceptable Usage Policies (AUPs) can protect your business.

Whitepapers	Jobs
Protecting Online Customers from Man-in-the-Middle Attacks The Impact of Software-As-A-Service (Saas) Proving Compliance with McAfee Total Protection for Data The Ideal Environment for a Blade Infrastructure	NMS Integration Developer for Telecommunications Perl Data Matcher Perl/Sybase Programmer Perl/Financial Application Developers Perl Developer at Online Media Company

Top 20 stories • All The Week’s Headlines • Archive • Search