By Chris Mosby There are hordes of unscrupulous phishers out there, wading the surf of the Web. They’d love to catch you in their phishing net and steal your personal and banking information.
You can keep from getting hooked by their bait by staying informed on two new, unpatched software vulnerabilities they could use against you. Further proof that pop-up windows are bad
I can’t stand pop-up windows. They’re annoying, distracting, and get in the way of the browsing experience. As far as I’m concerned, they’re the bane of the Internet and should be stamped out wherever they appear.
Now I have even more reason to hate them. It was discovered recently that phishers can use pop-ups to launch their attacks with a weakness reported in Internet Explorer.
This weakness is caused by the way IE handles pop-up windows that are opened by a script. This could allow a phisher to display false information in the title bar. This could be used in various ways in phishing attacks. It could easily trick a person into entering login information into a pop-up window, because the window would, in fact, show the Web address of an online banking site, for instance.
Proof-of-concept code for this is already available, and an example
can be tested on the SecurityFocus Web site. This weakness is still present in a fully patched system using Windows XP SP2 and IE 6.0 SP2. What to do:
If you use IE, download and install a pop-up blocker like the ones offered by Google
. Who wants to see pop-up window