News
News
10/25/2006
01:02 PM
Connect Directly
RSS
E-Mail
50%
50%

Internet Explorer 7 Suffers From Second Bug

The flaw leaves IE7 open to a spoofing attack, where attackers can forge the URL of a Web address, making a fraudulent site appear to be legitimate.

Microsoft's Internet Explorer 7 can be spoofed by identity thieves, a security company warned Wednesday, marking the second bug in the new browser since it debuted a week ago.

Danish vulnerability tracker Secunia alerted users that a spoofing attack -- where a bogus site seems to have a legitimate URL -- can be conducted against IE 7. The Copenhagen-based company has posted a test it says demonstrates the vulnerability.

"This is the kind of spoofing vulnerabilities which IE7 was supposed to be better at protecting against than its predecessor," said Thomas Kristensen, Secunia's chief technology officer, in an e-mail to TechWeb. "While the issue isn't clear cut since the vigilant user might be able to spot that something isn't quite right, [others may be] easily fooled by this trick, despite the built-in anti-phishing mechanism being enabled [in IE 7]," he added.

Secunia rated the spoofing flaw as "Less critical," the second-lowest ranking in its five-step warning.

Last week, only hours after Microsoft unveiled the final version of IE 7, Secunia posted a warning of a cross-domain bug in the browser; later, Microsoft disputed the report by claiming that the vulnerable component was not within IE 7, but contained in Outlook Express, the free e-mail client shipped with Windows XP.

Secunia's demonstration test also showed that the version of IE 7 included with Windows Vista Release Candidate 2 (RC2) is also vulnerable to the spoofing flaw.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek - July 21, 2014
Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud and overall innovation.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
In this special, sponsored radio episode we’ll look at some terms around converged infrastructures and talk about how they’ve been applied in the past. Then we’ll turn to the present to see what’s changing.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.