News

Friday, October 27, 2006

Security Alert: IE 7.0 Vulnerable to Address Bar Spoofing

PLEASE VISIT OUR SPONSOR, WHO BRINGS YOU SECURITY ALERT FOR FREE:

ALERT: "Why the Web Browser is the Most Dangerous Hacking Tool"
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation. Learn step-by-step vulnerability
testing methods for your own Web Applications and guidelines for
establishing best administration and coding practices.
Download *FREE* white paper from SPI Dynamics for a complete
guide to protection!

http://list.windowsitpro.com/t?ctl=3DF48:886699


=== SECURITY ALERT =============================================

IE 7.0 Vulnerable to Address Bar Spoofing
Secunia reports that an anonymous person discovered that it's
possible to partially spoof the Microsoft Internet Explorer (IE) 7.0
Address bar in a pop-up window, which might lead to phishing attacks.
When showing an address with special characters, the Address bar might
display incorrect or incomplete information to the user that tricks the
user into unintended actions. Microsoft is aware of the problem,
however no patch is available at this time. A workaround suggested by
the United States Computer Emergency Readiness Team (US-CERT) is to
disable Active Scripting in the Internet Zone.

http://list.windowsitpro.com/t?ctl=3DF4C:886699

http://list.windowsitpro.com/t?ctl=3DF4B:886699


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and the Windows IT Security newsletter
(subscribe at the second URL below).

http://list.windowsitpro.com/t?ctl=3DF4A:886699

https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=3DF49:886699

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB12FF5EE6E1CFEF7CE

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=3DF4D:886699

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive