[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Microsoft Internet Explorer 8 - Anti Spoofing is a Myth
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Microsoft Internet Explorer 8 - Anti Spoofing is a Myth
- From: Aditya K Sood <0kn0ck@xxxxxxxxxxxx>
- Date: Wed, 01 Apr 2009 19:29:28 +0530
Hi
With the new features implemented in IE 8, the status address bar has been
transformed too. The new step taken by Microsoft IE team that is not to
show
the address of selected link in a status bar can have a serious impact.
A user
will not be able to see the active link in the status bar. This looks
like to
be an implementation of security solution with an obscurity. Status bar
is required
for Link Integrity check that assures a user about the legitimate
website. We are
not considering the ingrained vulnerabilities of status address bar
spoofing in
browsers at this point of time. Browsers like MOZILLA, Chrome etc are
having well
designed and effective status address bars.
For detail issue : http://www.secniche.org/ie_spoof_myth/
Regards
Aditya K Sood
http://www.secniche.org