Voi lo hong bao mat moi phat hien
trong phien ban trinh duyet Internet Explorer moi nhat cua Microsoft, hacker
hoan toan co the bien cac website tan cong phishing tro thanh nhung website
chinh thong.
 |
| Trinh duyet IE7 tren Windows
Vista. |
Lo hong nguy hiem nay do chuyen gia bao mat nguoi Israel Aviv Raff phat hien va
cong bo. Khiem khuyet nam trong qua trinh trinh duyet IE 7 xu ly trang bao loi
dinh dang HTML, day la trang thuong xuat hien moi khi nguoi dung huy bo lenh tai
trang web.
Thong bao loi co noi dung la “duong
dan toi trang web da bi huy”, va dua ra lua chon "refresh lai trang web”. Neu
nguoi dung nhap chuot len duong link de refresh, trinh duyet IE7 se bi lua va
hien thi sai dia chi cua trang web do. Ong Raff da cong bo doan ma chung minh ve
phuong thuc IE bi “sai khien” de hien thi mot trang web tren website cua ong nhu
the chung thuoc ten mien CNN.com.
Theo ong Raff, rat co the tin tac se
loi dung so ho nay de bien cac website lua dao cua chung thanh nhung website hop
le. Loai lo hong nay thuoc loai loi cross-site scripting, anh huong toi trinh
duyet IE7 tren ca Vista lan Windows XP.
Ong Raff cho biet: “Toi co the chen
va hien thi bat cu thu gi toi muon len trang web gia mao khi nguoi dung kich
chuot vao nut refresh. Neu ket hop so ho nay voi loi thiet ke website, ke xau
hoan toan co kha nang tao ra duoc bat cu noi dung gi tren website, va bat cu dia
chi web nao len thanh dia chi trong trinh duyet”.
Dai gia phan mem Microsoft van chua
co phan ung gi ve nhung phat hien cua Raff, song Microsoft cung cho biet dang
dieu tra them ve lo hong bao mat nay, va ho “chua thay co vu tan cong nao loi
dung so ho vua duoc thong bao, cung nhu nhung anh huong den khach hang trong
thoi gian nay”.
Theo Infoworld
Article source http://w4rum.com/547.t
| 