TechTalk & Personal Computing Guide

India-Forums

   
TechTalk & Personal Computing Guide
TechTalk & Personal Computing Guide

Don't get scammed by the 'Bait and Switch

cdesai12 Goldie
cdesai12
cdesai12

Joined: 18 September 2004
Posts: 1900

Posted: 11 February 2005 at 9:17am | IP Logged
Don't get scammed by the 'Bait and Switch' trick

By Chris Mosby

The "Bait and Switch" routine is an old sales tactic. A store will advertise something for an outrageously low price or some other kind of unbelievable deal. That gets you in the door, and then you hear things like, "We're out of stock right now, but since you're here, wouldn't you like to look at this instead?" It's an unethical thing to do, but I'm sure that more than one store out there still uses this practice.

Under the right conditions, hackers can do the same thing when you're surfing the Web. Browser and application vulnerabilities allow a hacker to make you think you're on one Web site, when you're actually on another. From there, anything can happen.

Don't let hackers frame you

Security firm Secunia last July that a 6-year-old vulnerability that was thought to be patched is still present in browsers from multiple vendors.

This vulnerability allows a hacker to hijack a frame in a legitimate Web page. The perpetrator can then insert his own page in an effort to make you think that page is legit, too.

The booby-trapped page can then use other hacker methods to trick you. Because the page looks normal, you might reveal bank or credit card information, unknowingly install a Trojan horse on your computer, or fall prey to other tricks. This vulnerability exists because browsers didn't validate frames to ensure they belonged to the Web site of the parent window.

Since this vulnerability was re-discovered, most browser vendors have supplied patches or upgrades to their browsers to re-fix this problem yet again. But not all have done so.

Browsers that are still vulnerable include:

Internet Explorer 5.01 through 6.x
Safari 1.2.2
Konqueror 3.1-15redhat

Here's a list of browsers that are no longer vulnerable:

Mozilla Firefox 0.9 and later
Mozilla 1.7
Opera 7.52
Netscape 7.2
Camino 0.8 (build 2004062308)

Yes, you read that right. Internet Explorer is still defenseless against this 6-year-old vulnerability.

Microsoft tried once before, patching a similar vulnerability in . But the problem crept back into the browser with version 5.01 and up. The problem has been confirmed to affect even a fully patched Internet Explorer 6 on Windows XP SP2.

What to do: Make sure you're using the latest version of your browser of choice, and keep it updated with any patches that are available. If there isn't an upgrade or patch for the browser that you're using, switch to one of the browsers listed above that isn't affected by this problem.

If you've implemented the recommendations for hardening Internet Explorer in the , issue of the Windows Secrets Newsletter, then you're already protected from this problem.

If not, you can disable IE's Navigate sub-frames across different domains setting as follows:

• Open the Tools menu in Internet Explorer.
• Click Internet Options and select the Security tab.
• Select Internet Zone, then click the Custom Level button.
• In the dialog box that opens, look for the Miscellaneous section.
• Finally, click Disable on Navigate sub-frames across different domains.

For more info about the problem, see Secunia's advisories on the and a that shows whether your browser suffers from the security hole.

HUMM IF-Dazzler
HUMM
HUMM

Joined: 06 November 2004
Posts: 2927

Posted: 11 February 2005 at 9:27pm | IP Logged
thanks.. hmm the info is good!ClapClap
  • Page 1 of 1

Go to top

Related Topics

  Topics Author Replies Views Last Post
Presenting with PowerPoint: 10 dos & dont

Author: HUMM   Replies: 5   Views: 676

HUMM 5 676 09 January 2005 at 8:19pm by mango

Forum Quick Jump

Forum Category / Channels
Forums

  • Please login to check your Last 10 Topics posted

Disclaimer: All Logos and Pictures of various Channels, Shows, Artistes, Media Houses, Companies, Brands etc. belong to their respective owners, and are used to merely visually identify the Channels, Shows, Companies, Brands, etc. to the viewer. Incase of any issue please contact the webmaster.

Popular Channels :
Star Plus | Zee TV | Sony TV | Colors TV | SAB TV | Life OK

Quick Links :
Top 100 TV Celebrities | Top 100 Bollywood Celebs | About Us | Contact Us | Advertise | Forum Index