This cross-domain activity is extremely dangerous, and IE 7 has attempted to
prevent these behaviors.
To help mitigate cross-domain attacks, IE 7 will attempt to script a URL to the same
domain from which it originated as well as limit its interaction with only windows and
content from the same domain. Specifically, IE 7 will attempt to block a script URL by
default, redirect DOM objects, and prevent any IE window/frame from accessing another
window/frame if it does not have explicit permission to do so.
Phishing Filter
IE 7 comes with a built-in anti-phishing filter, which protects users against known or
suspected phishing sites. The filter will protect users from visiting web sites that appear
to be a trusted entity. For example, the web site for a bank, PayPal, or a credit card
company can be easily spoofed by an attacker. Instead of visiting www.paypal.com, the
246
attacker can trick a user into visiting www.paypal.com.cybervillians.com. The legitimate
site and fake site will look identical; however, the latter site is obviously a phishing site
that is trying to compromise a username/password or credit card information.
To protect users against phishing sites, IE 7??™s phishing filter has two modes, including
Automatic Website Checking Off (default) and Automatic Website Checking On.
Pages:
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428