Hacker group "Shmoo" demonstrated an amazing new browser exploit to the audience of Shmoocon.The exploit allows ANY domain name to be hi-jacked from a link, including its SSL secure addresses.

Their example showed a joke page being masked by eBays address. Surprisingly enough its not Microsoft Internet Explorer this time that is venerable. All other browsers however are currently susceptible to the attack.

The reason being, Internet Explorer does not implement the international url encoding format that all other browsers have had for a while now. While prior to this exploit, that would seem to be another example of Microsoft’s behind the eight ball browser support, this time its saved their users from possible abuse.

Expect this exploit to be utilized by Phishing scammers by the time of writing. Any user not on Internet Explorer could easily be fooled into disclosing private information such as passwords and credit card numbers.

There are some temporary fixes that require the user to configure their browser to ignore these types of url's however the average user may not even know of the exploits existence.

While Microsoft still has a higher user base in the browser wars there is still an estimated 30+% users who could be affected. In times when everyone is encouraging migration to alternate browsers such as Firefox, this exploit will give pause to the average user still using Internet Explorer.