FROM: Bob Marchessault, Georgian College
Barrie, Ontario, Canada
TO: Members of the WWWDEV Distance Learning ListServer
About 700+ Worldwide including Bob Richardson, Pompano Beach, Florida
"Web Sites Using Frames Vulnerable to New Spoofing Attack"
from: Bob Marchessault
This very serious problem affects even the biggest and best known Web sites. A simple hack can apparently cause any Web site that uses frames to display anything the hacker chooses or cause a site to display a form which, if filled in, would send information back to the attacker. SecureXpert Labs found the problem, dubbed the "Frame Spoofing" vulnerability (FSV), and demonstrated it by hacking the New York Stock Exchange Web site. Due to the way Web browsers handle frame content, attackers who know the URL of a frame on your Web page can insert false information into that frame when it is presented to a user. Tasty Bits from the Technology Front (TBTF) offers a workaround but it's not pretty (don't use static frame names). You'll find a threaded discussion of the issue on Bugtraq. Webmasters at high profile Web sites can bet that somebody will try to use this against them."
Bob Marchessault is a distinguished fine arts teacher at Georgian College and a very erudite and experienced HTML programmer too! By all means visit his homepage by selecting the underlined line below.
Bob Marchessault's homepage
You will enjoy many of his paintings as I did. His "Winds of Change" painting of a tornado coming your way put the "fear of God" in me as it seems that I live in "Tornado Alley." The last one only missed us by a mile or so during the summer of 1998 and was followed by hurricane "Mitch" the next month.
Good luck, Bob