Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


More IE security holes offers opportunities for phishers

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

October 15, 2004

New security flaws have been discovered in Internet Explorer that offer new ways for hackers to adopt phishing scams to present spoofs that mimic real financial web sites. One of the security holes allow fraudulent displays of a trusted bank or financial institutions' URL in Internet Explorer's address bar, while presenting content from a different web page in the browser window.

Another vulnerability could allow sophisticated attackers to create spoofed pages displaying the golden "lock" icon indicating a secure SSL session, which has often been cited as a differentiator between legitimate sites and scams.

The new spoofing techniques are described in Microsoft security update MS04-038, one of 10 patches released Tuesday to address security problems in Microsoft Windows, Excel and Internet Explorer.

One approach allows a plugin, such as an Active X control, to instruct the browser to display a false URL in the address bar. This could allow phishers to create spoofed pages that resemble a financial institution's login page. and include an Active X control that tricks the browser into displaying the URL of the target site. A visitor with an unpatched browser arriving via an e-mail link would find a site that appears genuine.

Get your advertorials and infomercials written by experts.
The exact wording of your advertorial or infomercial is important to the success of your business. Get it written by the professionals at Advertorial.org -- Click here to learn more.

Users who have downloaded Windows XP Service Pack 2 are protected, but other users of Internet Explorer 5.5 and 6 need to install the patch to be protected. A separate but similar address bar spoofing flaw exists only in computers using double-byte character sets, usually found in Asian versions of Windows, and is also addressed in the MS04-038 patch.

The SSL flaw, discovered by Mitja Kolsek from ACROS Security, exploits a weakness in the Internet Explorer cache, which stores web pages on a computer's hard drive.

The exploit, described in an analysis by ACROS, requires a combination of advanced techniques to succeed, including a "man in the middle" strategy to redirect a user via bogus DNS requests. While most phishing scams settle for less ambitious approaches, the SSL spoofing flaw could add an air legitimacy to scams mounted by sophisticated attackers.

Netcraft has developed a service to help banks and other financial organizations identify sites which may be trying to construct frauds, identity theft and phishing attacks by pretending to be the bank, or are implying that the site has a relationship with the bank when in fact there is none.

Source: Netcraft


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


Back to the top of the page.         

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer