Microsoft denies spoofing is a security flaw
Microsoft has denied that a spoofing technique available on its Internet Explorer browser is a security vulnerability.
The software giant accepted the possibility that spoofing could occur on version six of IE, but rejected claims that this was a security flaw.
In a prepared email statement from the company, a spokesperson said: "Microsoft is aware of a security issue reported last week that could allow spoofing the URL a user sees in Internet Explorer’s status bar. Users could see a URL in the status bar when the mouse hovers over the link on a webpage, but clicking the link would take the user to a different URL. Our investigation has indicated that this is not a security vulnerability."
Last week, a researcher in Germany, Benjamin Tobias Franz, posted warnings on bulletin board Web site Bugtraq, stating that Internet Explorer could spoof links if users put two URLs and a table inside an HTML href tag.
The result, Franz claimed, was that malformed links to URLs, could take users to an entirely different Web site without their knowledge.
This technique could be used for spoofing – a way of making users think they are visiting their chosen Web site when they are in fact looking at a 'spoofed' site.
