This Spoof Ain't Funny

A new security flaw allows crooks to place false, or "spoofed," information into Web pages displayed by virtually any browser, not just Microsoft's Internet Explorer.

This represents a large--and frightening--step beyond the ability to place a counterfeit url in the browser's address bar. That scheme involved loading a completely false page while the navigation bar displayed a legitimate url.

The new technique is more insidious, in that it can seamlessly insert false information into the browser display of legitimate pages.

The announcement that the new exploitation approach crossed browser lines came just as the Department of Homeland Security, among others, recommended that users shift to non-Microsoft browsers, such as Mozilla or Opera.

The timing of the recommendation turned out to be ironic, of course, but irony is cold comfort in an environment in which we're almost daily being forced to distrust the content that appears in our browsers and mail programs.