A clever function could be leveraged by phishers to steal credentials
Windows 8 promises a lot of innovative security features, but experts fear that many of the functionality improvements, especially the ones that come with the Metro interface, bring with them a number of risks that until now haven’t existed.McAfee introduces a series of articles in which they detail the risks that come with the brand new Microsoft operating system and the first piece focuses on Internet Explorer 10 in Metro.
In Metro, Internet Explorer 10 has a cleaner look, mainly because the address bar and all the buttons are not visible by default. However, this could be a great advantage for cybercriminals that specialize in phishing campaigns.
First of all, users cannot see on which domain they’re actually on. If they’re presented with a well-designed replica of a PayPal webpage, for instance, internauts who fail to bring up the address bar could easily hand over their credentials to fraudsters.
When the address bar is visible, it actually represents a great security improvement, because it turns green if a secure connection is identified.
Experts say that the address bar should be programmed to automatically reveal itself whenever the user is on a page that requests login details.
“Malware may require only active browser instances to start and propagate instead of executable control over the entire system,” McAfee Security Architect Prashant Gupta explained.