Digital Edition

SYS-CON.TV
Microsoft Issues Phishing Security Advisory For IE Users
Browser Windows Without Indications of Their Origins May Be Used in Phishing Attempts

Microsoft has investigated a public report of a phishing method that affects Web browsers in general, including IE - a report that describes the scenario of multiple, overlapping browser windows, some of which contain no indications of their origin. An attacker could arrange windows in such a way as to trick users into thinking that an unidentified dialog or pop-up window is trustworthy when it is in fact fraudulent.

"When a user visits a malicious Web site the user may be redirected to a trusted Web site," says the Microsoft Security Advisory No. 902333 released Tuesday. "The attacker could then display an overlapping window in the form of a dialog box attempting a phishing attack. The user is then prompted to input personal information into this dialog box, which was opened from the malicious Web site. The user might believe that this dialog box was opened by the trusted Web site and they might input personal information. However, this information is sent to the malicious Web site."

The advisory continues:

"Customers who already follow our general guidance about avoiding spoofing and phishing attacks are at reduced risk of being affected by this issue. If a particular window or dialog box does not have an address bar and does not have a lock icon that can be used to verify the site’s certificate, the user is not provided with enough information on which to base a valid trust decision about the window or dialog box. To view Microsoft’s general guidance about how to avoid spoofing attacks visit the Security at Home Web site.

We continue to encourage customers install Windows XP SP2 and to follow our Protect Your PC guidance of enabling a firewall. This includes turning on Automatic Updates to receive software updates and installing anti virus software."

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud,...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 20...
Modern software design has fundamentally changed how we manage applications, causing many to turn to...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discu...
Everyone wants the rainbow - reduced IT costs, scalability, continuity, flexibility, manageability, ...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing w...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held Novemb...
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point wh...
Dynatrace is an application performance management software company with products for the informatio...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 1...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, ...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
Today, we have more data to manage than ever. We also have better algorithms that help us access our...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
A valuable conference experience generates new contacts, sales leads, potential strategic partners a...