New Phishing Flaw in Internet Explorer

JimmyM writes "Secunia reports on a new vulnerability in Internet Explorer. From the piece: 'This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.' According to several (german) media outlets this is already being exploited by phishing sites. Secunia has a test you can try to see if you are vulnerable."

Test I can try?

[stunt_penguin]

1. Look up in top left hand corner of browser.
2. If icon is a blue 'e' then you're vulnerable.

That is all.

/ms troll

Re:Test I can try?

[jammindice]

Not even the beta IE 7 i have is working right, thank god firefox tested good, otherwise i might have to switch to lynx!!!

In other news

Water is wet.

Confirmed vulnerable

[paulproteus]

I tested this attack in Internet Explorer 6 on Ubuntu 5.10 running the current Wine deb from winehq.

Your Slashdot Login Information

[eno2001]

Warning. Your Slashdot login information may have been compromised by a sly fox. To ensure greater security please reply to this comment with your current UID and password and the new password you want. I'll be sure to forward it off to CmdrTaco as soon as I see a response.

Thanks,
Internet Security Sheriff

Re:Your Slashdot Login Information

Anonymous Coward

********

Ga!

[MightyMartian]

New Phishing Flaw in Internet Explorer

I'm shocked, I tell you, I'm shocked!

Re:Ga!

[madnuke]

It dosnt work in Firefox :P so much for browser compatiabilty.

Umm...

[atrader42]

When I run IE, the icon in the top left is an arrow pointing left...does that mean I'm ok and Paypal really does need me to confirm my account details several times a day?

What?

[snib]

This doesn't work in Firefox. I hate it when people only design their pages for IE!!

Looks like I'm secure

[m50d]

I tried to open the test page in Konqueror and it crashed. I wish I was joking :(

Good Grief

[rAiNsT0rm]

The other day I sent out an email to everyone in our company warning them of a new phishing scheme with a copy of the email attached. Within 10 minutes I had not one, but TWO replies to me with people's account/password info.

So not only did they miss the entire message, they also couldn't even give their information to the right person. I wanted to just cry... I honestly think phishers deserve some peoples information.

Here you go

[Dr.+Evil]

Dr. Evil, blah2glorb

Remember January 15th, 2002,

[dpbsmith]

when in an internal memo, Bill Gates said "We must lead the industry to a whole new level of Trustworthiness in computing."

Remind me, again... how many major OS releases and services packs and IE versions have been released since then?

Boot Camp

[AragornSonOfArathorn]

I'm running IE on my new MacBook via Boot Camp. But since Macs don't get viruses, I'm safe, right?

Re:Why??

[Xerp]

I often download the internet and put it onto someones hard disk for them.

I still have people calling their computer the "hard disk". People who know nothing are still trying to sound vaguely competant by saying "my hard disk is broken". Of course, saying this to someone with 1 point more tech-savvy than then just ends up confusing the poor person... as they actually believe the person.

So. Whats the easiest way to get these technophobes to switch to firefox? Lets see... make it as a flashy banner ad, spyware-style and they'll install it no time!! ^^