Thursday, April 06, 2006

Internet Explorer Exploit used by phishers

Ok, this is actually a very important post for anyone that uses Internet Explorer. I'm serious. If you're reading this and you use Internet Explorer, PAY ATTENTION! There is a new exploit that has been discovered that is being used by phishers (people who fish for your information) that lets IE open a web page that is controlled by the phishers, while displaying a valid URL in the Address bar. Let me explain this simply, because it's really quite important. Pretend you get an e-mail that looks like it's from your bank (lets say Chase). This e-mail says that you need to update some of your info and provides you with a link to chase.com so that you can log in and do this. When you click the link, the site look like the real chase.com. It used to be that you could look at the Address Bar to see what URL you were actually at. If the Address Bar didn't say "http://www.chase.com" you'd know that it was a phony site set up to collect your login credentials. But now, with this new exploit discovered (that phishers are already using) you could be at a fake site, and the Address Bar could still say "http://www.chase.com". To see if your browser is vulnerable, click the link below and run the test (to run the test, you have to click the link labled "Test Now" on the new page, after clicking the Link at the bottom of this post). When you do, a new window will pop up that is a page that is owned by the security company. If your browser is vulnerable, then the address bar will say www.google.com.

OK, so your browser is vulnerable, what do you do? Well the best way to secure yourself from this, and other, IE vulnerabilities is to stop using Internet Explorer all together, and Get Firefox. If still want to use IE, then the only way to prevent this from happening is to disable Activ Scripting. Of course, this will cause a lot of legitamite web sites to stop working correctly, but hey, you wanted to use IE.

Any way, give it a test, it's a little scary to see the results.
Click the link
Later.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)