On December 9, international reports, US local time this Wednesday, a security company warned that one of the main browsers can be
Hackers use, users who deceive access to website revealed their confidential profile.
Security experts say in the report published on a website, this defect can use the user to consider the malicious website as a legitimate website, etc., and then control the content displayed in the pop-up window. This defect affects Microsoft IE, Mozilla Foundation Mozilla and Firefox, Opera, open source Konquer, and Apple's Safari.
Network Security Technology Director Thomas said in an e-mail sent to CNET News.com, the browser does not display a warning message, nor does it check if other websites allow for changing the content in the pop-up window. If the pop-up window is opened by the user, the pop-up window is opened, the user has no reason to suspect that the content displayed in the window has been changed by the malicious website.
Security experts have already shown how to use this defect on this website. The hacker in the demo will send the user to the user's website, click on one of the pictures above, showing a window controlled by the software.
Microsoft said that this attack uses a legal function in the browser to deceive users. In a statement sent to CNET News.com, Microsoft said that our initial survey showed an operation in each major browser, enabling the site to open or reuse a window without displaying the address bar.
Illegal use of legal functions is a new security threat that helps hackers get user identity materials. Previous month, a virus that attacks the Internet users of the Click on the gross advertisement appeared, and other defects enable the user's computer to be easily installed on the advertiser.
Microsoft emphasizes that Windows XP SP2 users have certain anti-fishing attack capabilities. Microsoft said in a statement that in any window requiring logins, financial or personal data should be encrypted, and a lock icon should be displayed in the status bar at the bottom of the window. IE in Windows XP SP2 can always display a real state, and the user can distinguish between true and false lock icons.
But the security expert said that as long as the user thinks that it is legal website, they will not be so careful. It suggests that when accessing online banking or online retailers, it is best to open a window.
(Source: Tianji Net)
