Mark Bult Design: San Francisco, CA, Established 1988

Privacy: Know your browser or get phished

A newly reported JavaScript vulnerability in nearly all browsers could allow Black Hats to redirect you to a trusted site, then pop up a look-alike window over it where they could purloin your personal info.

"...the latest versions of Internet Explorer, Internet Explorer for Mac, Safari, iCab, Mozilla, Mozilla Firefox and Camino are all vulnerable. Opera 7 and 8 are affected, but not 8.01, according to Opera... To take advantage of the flaw, a cybercriminal would have to direct a Web user from a malicious site to a genuine, trusted site such as an online bank, in a new browser window. The malicious site would then open a JavaScript dialog box in front of the trusted Web site, and a user might then be fooled into sending personal information back to the malicious site."

A few tips:

1) Always make sure the location or address bar (the thing at the top with the "https://www.whatever..." web address in it) has a web address (URL) you are positive you recognize. For example, https://www.ebay.com/myaccount/ is probably the correct website for accessing your eBay account, but the address https://www.ebay.ws/myaccount/ looks deceptively similar, but could be a scammer.

2) Make sure that the above begins with "https://" -- it's the 's' that's important; it stands for secure.

3) Always make sure you see your browser's lock icon (or whatever icon yours uses) somewhere in the browser chrome; usually down at the bottom somewhere. That also means it's a secure connection.

These alone will not protect you from scammers and phishers. You have to learn how to use your browser and learns its vulnerabilities, and be ever vigilant on the Net, whether clicking on a link in your email or typing in an address blind in your browser.

� Read the CNET News.com article...

Posted by espd at 11:32 AM | 
Share and enjoy:  | Email this: