I think this counts a major oops:
A newly reported security problem in Microsoft's Internet Explorer Web browser allows attackers to create a fake Web site that looks exactly like a genuine site.
The vulnerability lets an attacker display any Web site while the address bar in IE will display a trusted Web address and even show the icon indicating SSL (Secure Socket Layer) security, security researchers warn.
Sheesh. How is an end user supposed to spot that? Time to load up Firefox...