Big freaking surprise. The “most secure windows” is still open to holes that make it easy for phishermen to convince ignorant end users that they really DO need to enter their atm card’s PIN into the form on eBay to prove their identity. This is still the cross-site-scripting issue with ActiveX…. It’s about time you installed FireFox anyway.
From CNET news;
Microsoft is investigating reports of a new Internet Explorer flaw that puts people with the most secure version of Windows at risk of phishing attacks.
The software giant said Friday that it is looking into reports from security company Secunia and others that a vulnerability in IE6 enables scammers to launch a phishing attack against PCs loaded with the latest security updated version of Windows, Service Pack 2, and older versions of the operating system. Phishing attacks typically use such fake sites, which look like legitimate sites of companies such as banks, to try to con people into handing over personal information such as credit card numbers.
The Web browser flaw allows fraudsters to create a hard-to-spot spoofed Web site, according to an advisory from Secunia, even to the point of including a fake SSL signature padlock certificate. Phishers can also hijack cookies from any Web site, the company said.
Want to see a demonstration?