Hacker uncovers Internet Explorer 7 phishing hole

Posted by Mark Raby

Columbus (OH) - Despite the fact that increased phishing security is one of the most touted features in Internet Explorer 7, a newly announced flaw makes it much easier for hackers to circumvent the browser's phishing filters.

A flaw in the software can be used to mask the display of the current website.  IE7’s phishing filter automatically blocks sites that are known phishing havens, but a potential exploit would be able to circumvent that by masking the true identity of the site.

The hole affects Internet Explorer 7 on Windows XP and Windows Vista operating systems, according to Michal Zalewski, who is credited with uncovering the security issue. Microsoft said that it is still working on its own internal assessment of the reported flaw.