GFI LANguard Network Security Scanner - Network-wide security vulnerability scanning & fixing - Free version available. Network Security Software - Sponsored by GFI Network Security.

New URL Spoofing Flaw Found in Internet Explorer Author: Jeremy C. Wright, Staff Writer Tuesday, 02 November 2004, 00:19 GMT A new spoofing flaw was found in Internet Explorer earlier this week, as reported by NetCraft, allows an improperly coded web link to send users to a different website than the one displayed in the status bar. The flaw, which was reported by Benjamin Franz, is exploited, according to NetCraft, by "placing two URLs and a table within a single HTML href tag". According to Franz, the flaw works in fully patched versions of Outlook Express and Internet Explorer on all platforms, with the exception of Windows XP SP2. It does not affect other browsers, though it will affect any software using Microsoft's MSHTML engine. The technique is especially risky because it requires no specific programming or scripting knowledge. Simple HTML will allow anyone to redirect users to a webpage, which displaying another address in the address and status bars. Phishing scammers could easily create a page which looked just like any major banking website and even displayed the bank's URL in the address bar. Users could easily be fooled by this simple trick to enter their private banking information, giving scammers full access to their banking information. Phishing attacks attempt to convince users to enter sensitive personal data by mimicking popular banking or financial websites. Typically users are sent an email asking them to perform some action on the bank's website. This flaw is particularly mischievious because it is possible to fool even the savviest of users who might check the address or status bars. However, once users get to the destination site, the address bar will display the current address. As a result, vigilance is the best protection for users who are not using Windows XP Service Pack 2. Before entering any personal information, be sure to verify that the address bar displays the correct address of your financial institution. In addition, typing the financial institution's address directly into the address bar yourself will keep you protected from these types of phishing scams.

Friday, May 13, 2005 Network Security Biometrics: Getting Back to Business Protecting your PC Microsoft targets viruses, spyware Mozilla Updates Firefox To Fix Flaws Wireless Security Windows Mobile 5.0 Application Security Trusting in 802.1X Endpoint Security Business travellers targeted in latest phishing Wi-Fi phishing scam targets business travelers InfoSec Directory Inoculating SSH Against Address-Harvesting Worms What is the point of encryption if you don’t know who for? Smart-Phone Attacks and Defenses Preventing Spyware Infestation Press Releases Microsoft to Deliver Automated, All-in-One PC Health Service for Consumers (ISC)2 Selects ServerVault to Host Its Global Web, Email and Online Forum Services Free Backup and Data Recovery Self-Evaluation Guide Available to IT Pros SENSE Develops Secure Biometric Identification Solution for the U.S. Army

Ê