MS is claiming that the recent bug report in Bugtraq which explains in detail how to create a link which allows scamers to spoof a link so that it takes the user to a site different than the one shown in the taskbar is not a security flaw…
I mean come on, a flaw that allows hackers/crackers to fool people into going to a untrusted site when the browser is telling them thats is a trusted site is a serious security flaw in my books. Think about it, I can claim to be microsoft.com and tell people via email to download a new patch for their windows machines. Since the target is slightly computer savey they look at the link destination in the taskbar to confirm that its taking them to microsoft.com and then they happily download the ‘patch’ and proceed to install it thereby infecting their machine with my virus.
It does take some social eng but even the so called experts might fall for this one as who has the time to right click and verify each link before going to it? I don’t… but then again I use FireFox which doesn’t fall for this trick.. 🙂
MS seriously needs to think before making such statements…
Story URL: Here
– Suramya