ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Warning on IE 7 pop-up problem

Dawn Kawamoto CNET News.com

Published: 31 Oct 2006 11:56 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security researchers on Monday warned of a problem in Internet Explorer 7 that could allow malicious attackers to alter content in a legitimate website's pop-up window.

The browser issue could affect users who visit a trusted site by opening a pop-up window in that site that contains malicious code. This is the second IE 7 problem that has been discovered since Microsoft released the browser two weeks ago. Last week, a security flaw was discovered in IE 7 that could spoof the address of a pop-up window.

Watch this

The 2006 CNET Awards
Video Story Video Control Panel

The two IE 7 security holes, if used in conjunction with each other, can easily dupe all but the most security-minded users, said Thomas Kristensen, chief technology officer of security company Secunia, which discovered the problems.

Secunia has classed the latest problem a security vulnerability, while Microsoft states the situation arises from "by-design behaviour" in the browsers.

"The (Secunia) report describes a by-design behaviour in popular web browsers that allows a website to open or re-use a pop-up window," a Microsoft reprensentative said. "In Internet Explorer 7, the web page's actual URL is displayed in a pop-up window address bar, enabling users to accurately make a trust decision."

Microsoft said that people who follow its safe browsing guidelines and verify an HTTPS connection before entering sensitive personal information can increase their ability to guard against an exploit.

Secunia rated the most recent flaw as "moderately critical" because viewing the content does not provide attackers access to a user's computer. But it can still prove harmful if a user enters sensitive information into the malicious pop-up window, such as credit card information, usernames or passwords, Kristensen noted.

The vulnerability is also rated moderately critical because it requires user interaction and affects only particular trusted websites.

Secunia noted that the security flaw can affect a fully patched system running IE 7 and Microsoft Windows XP Service Pack 2.

The security company advises users to avoid browsing untrusted sites while browsing sites that they trust.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
365 out of 502 people found this useful


Talkback

Post a comment


Full Talkback thread

4 comments

  1. Stuttering Start for IE7 David
  2. Mac User Gareth.Kennett
  3. MAC users don't be too smug 46880
  4. Happy MAC User Gareth.Kennett

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

CRM Technical Project Manager

Prime focuses are on having a trusted Practical, experience-based evidence to justify PMI Senior Project Manager equivalency; - Experience of working ...

Infrastructure Engineer ( Novadigm Radia )

We are committed to being a great place to work, a trusted business partner and an attractive investment for your career. Understand the limitations, ...

Senior Root Cause Analyst - Implementation

We are committed to being a great place to work, a trusted business partner and an attractive investment for your career. The team will also take on ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers