Another Little Phishy

OK, so maybe it's time to shelve the "my browser is more secure than your browser" arguments once and for all. Sam Greenhalgh has discovered a new phishing technique that uses cross-site scripting to successfully spoof either IE or Mozilla browsers. There are plenty of reasonable arguments to be made for one or another browser's superiority on performance, feature-richness, or functional bases, but the growing legions of script kiddies are going to do their best to make sure that no browser is immune from attack.

I think we're heading into a time when more and more folks are going to start looking for scapegoats for security problems like this one. Here's my nominee for the top of the list: Web site designers so eager to insulate users from the fact that they're using computers (rather than televisions with keyboards) that they sought out ways to keep information on which server was providing information to the user. Microsoft (and, frankly, every web-side technical committee) was more than happy to help since the result seemed to be more, and happier, web users. Now, though, the "happy user experience" chickens are coming home to roost with phish in their beaks.

Thanks to Larry Seltzer for the pointer to this one.