Posted:
Don't get scammed by the 'Bait and Switch' trick
By Chris Mosby
The "Bait and Switch" routine is an old sales tactic. A store will advertise something for an outrageously low price or some other kind of unbelievable deal. That gets you in the door, and then you hear things like, "We're out of stock right now, but since you're here, wouldn't you like to look at this instead?" It's an unethical thing to do, but I'm sure that more than one store out there still uses this practice.
Under the right conditions, hackers can do the same thing when you're surfing the Web. Browser and application vulnerabilities allow a hacker to make you think you're on one Web site, when you're actually on another. From there, anything can happen.
Don't let hackers frame you
Security firm Secunia last July that a 6-year-old vulnerability that was thought to be patched is still present in browsers from multiple vendors.
This vulnerability allows a hacker to hijack a frame in a legitimate Web page. The perpetrator can then insert his own page in an effort to make you think that page is legit, too.
The booby-trapped page can then use other hacker methods to trick you. Because the page looks normal, you might reveal bank or credit card information, unknowingly install a Trojan horse on your computer, or fall prey to other tricks. This vulnerability exists because browsers didn't validate frames to ensure they belonged to the Web site of the parent window.
Since this vulnerability was re-discovered, most browser vendors have supplied patches or upgrades to their browsers to re-fix this problem yet again. But not all have done so.
Browsers that are still vulnerable include:
• Internet Explorer 5.01 through 6.x
• Safari 1.2.2
• Konqueror 3.1-15redhat
Here's a list of browsers that are no longer vulnerable:
• Mozilla Firefox 0.9 and later
• Mozilla 1.7
• Opera 7.52
• Netscape 7.2
• Camino 0.8 (build 2004062308)
Yes, you read that right. Internet Explorer is still defenseless against this 6-year-old vulnerability.
Microsoft tried once before, patching a similar vulnerability in . But the problem crept back into the browser with version 5.01 and up. The problem has been confirmed to affect even a fully patched Internet Explorer 6 on Windows XP SP2.
What to do: Make sure you're using the latest version of your browser of choice, and keep it updated with any patches that are available. If there isn't an upgrade or patch for the browser that you're using, switch to one of the browsers listed above that isn't affected by this problem.
If you've implemented the recommendations for hardening Internet Explorer in the , issue of the Windows Secrets Newsletter, then you're already protected from this problem.
If not, you can disable IE's Navigate sub-frames across different domains setting as follows:
• Open the Tools menu in Internet Explorer.
• Click Internet Options and select the Security tab.
• Select Internet Zone, then click the Custom Level button.
• In the dialog box that opens, look for the Miscellaneous section.
• Finally, click Disable on Navigate sub-frames across different domains.
For more info about the problem, see Secunia's advisories on the and a that shows whether your browser suffers from the security hole.
By Chris Mosby
The "Bait and Switch" routine is an old sales tactic. A store will advertise something for an outrageously low price or some other kind of unbelievable deal. That gets you in the door, and then you hear things like, "We're out of stock right now, but since you're here, wouldn't you like to look at this instead?" It's an unethical thing to do, but I'm sure that more than one store out there still uses this practice.
Under the right conditions, hackers can do the same thing when you're surfing the Web. Browser and application vulnerabilities allow a hacker to make you think you're on one Web site, when you're actually on another. From there, anything can happen.
Don't let hackers frame you
Security firm Secunia last July that a 6-year-old vulnerability that was thought to be patched is still present in browsers from multiple vendors.
This vulnerability allows a hacker to hijack a frame in a legitimate Web page. The perpetrator can then insert his own page in an effort to make you think that page is legit, too.
The booby-trapped page can then use other hacker methods to trick you. Because the page looks normal, you might reveal bank or credit card information, unknowingly install a Trojan horse on your computer, or fall prey to other tricks. This vulnerability exists because browsers didn't validate frames to ensure they belonged to the Web site of the parent window.
Since this vulnerability was re-discovered, most browser vendors have supplied patches or upgrades to their browsers to re-fix this problem yet again. But not all have done so.
Browsers that are still vulnerable include:
• Internet Explorer 5.01 through 6.x
• Safari 1.2.2
• Konqueror 3.1-15redhat
Here's a list of browsers that are no longer vulnerable:
• Mozilla Firefox 0.9 and later
• Mozilla 1.7
• Opera 7.52
• Netscape 7.2
• Camino 0.8 (build 2004062308)
Yes, you read that right. Internet Explorer is still defenseless against this 6-year-old vulnerability.
Microsoft tried once before, patching a similar vulnerability in . But the problem crept back into the browser with version 5.01 and up. The problem has been confirmed to affect even a fully patched Internet Explorer 6 on Windows XP SP2.
What to do: Make sure you're using the latest version of your browser of choice, and keep it updated with any patches that are available. If there isn't an upgrade or patch for the browser that you're using, switch to one of the browsers listed above that isn't affected by this problem.
If you've implemented the recommendations for hardening Internet Explorer in the , issue of the Windows Secrets Newsletter, then you're already protected from this problem.
If not, you can disable IE's Navigate sub-frames across different domains setting as follows:
• Open the Tools menu in Internet Explorer.
• Click Internet Options and select the Security tab.
• Select Internet Zone, then click the Custom Level button.
• In the dialog box that opens, look for the Miscellaneous section.
• Finally, click Disable on Navigate sub-frames across different domains.
For more info about the problem, see Secunia's advisories on the and a that shows whether your browser suffers from the security hole.
Tu Dhadkan Main Dil
Hindi TV Shows
