On Thu, 23 Nov 2006 13:22:08 +0000, Roy Schestowitz wrote:
> Most. Secure. Browser. Ever. How come the random troll (Jack Horkheimer Jr.)
> only mentioned Firefox?
>
> Firefox, IE vulnerable to fake login pages?
>
> ,----[ Quote ]
>| Mozilla's Firefox 2 and Microsoft's Internet Explorer 7 are vulnerable to a
>| flaw that could allow attackers to steal passwords.
> `----
>
> http://news.zdnet.com/2100-1009_22-6137844.html
>
> Tell the full story. It would not be surprising if almost every browser is
> affected by this 'trick', which works in a limited set of bad Web sites. It
> has been grossly overstated. Dramatic licence.
Not!
The problem here is that Firefox automatically fills in the the username
and password, then submits the form automatically. all without user
interaction. IE does not do this.
Sure, a user could be tricked into using IE's password saving features, but
that's a social engineering attack, not a technical one.
|
|
