Computer Knowledge - IE Address Bar Spoofing

Search this site or the Internet.

Hot Topics

Please see the CKnow Home Page for a list of current hot topics.

Hot Utilities

Utilities that may help you...

Registry Booster [more]
Free registry scan.
SpeedUpMyPC [more]
Auto maximize performance.
Registry Mechanic [more]
Registry clean, repair & optimize.
Spyware Doctor [more]
Three-way spyware protection.
Associate This [more]
A file extension manager.
TrID [more]
Identify hundreds of file types!
Free Tech Magazines [more]
No charge. No catch. No kidding.

Notes

DewaHost offers premium Web hosting service starting from $8.95/month and a high speed file hosting service - FileBurst!

CKnow does NOT spam.
E-mail is easily forged.

IE Address Bar Spoofing

Secunia has announced a new Internet Explorer address bar spoofing attack using Flash files.

The problem is caused by a race condition when loading Web and Flash content. (A race condition occurs when two things attempt to load at the same time when, rightfully, they should load in a particular order. If one loads in the improper order it can cause problems that might open a security hole.) When the attack happens the IE address bar may show that you are at a particular URL but, in fact, you may be at another, totally unrelated, URL where they can put up a page that looks like the site in the address bar but, in fact, may use the data you enter for nefarious purposes.

The problem has been confirmed for all current versions of Internet Explorer as well as initial beta versions of version 7 of IE. As of 13 April 2006 no update is available and the recommended solution is to disable Active Scripting support until a fix is released.

Firefox is not affected by this vulnerability so it could also be used as your primary browser

More Information

Last Changed: Thursday, April 13, 2006
Navigation: Computer Knowledge Home :: News :: Security :: IE Address Bar Spoofing