  tmccann11Who, Me?Premium
join:2001-06-10
Bayonne, NJ
1 edit | Got Me Good Damn, I just might have fallen for that considering the fact that I get tons of mail from like best buy and staples.
F$%$%$ng Microsoft.
Tom
FP | |
|
 |  EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
| IE vulnerability - Now more than ever ... That's another good reason to be sure you type no sensitive information on any web page that does not have the secured lock and a valid security certificate.
Too many "legitimate" sites have the input fields on a page without the lock and cert, then redirect to https only after the user has entered sensitive data and pressed enter to send it. Too many more have certs that don't match the sites or are expired.
EG
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred." -- The Mahabharata. | |
|
| | | | Re: IE vulnerability - Now more than ever ... said by EGeezer:
That's another good reason to be sure you type no sensitive information on any web page that does not have the secured lock and a valid security certificate.
This will work with an SSL secured site as well. See this post: »Don't trust the Lock icon either!
All the hacker would do is buy an SSL cert for his site (from Verisign, GeoTrust, etc) and then set up one of these links. The lock icon would show and the cert would appear to be valid in that no warnings would pop up. If you checked the cert, you'd see it is for a different site than the one that you appeared to be on, but how many people do this for every secure site they go to?
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ | |
|
| | | Re: Got Me Good Very tricky! One possible way to tell is to go to FILE: and PROPERTIES and it will tell you the real deal is: »www.symantec.com�@i.dslr.net/···dex.html
But of coarse we don't all do that at every site we browse too.
Always someone finding a way to show MS's weakness. It's not that difficult is it?
Thanks for the heads up! | |
|
|  netwirePremium
join:2001-04-27
Shelby, NC
kudos:1 | Thank God for Mozilla.... hehe | |
|
| |
| |  AthlGrondPremium,MVM
join:2002-04-25
Aurora, CO
 ·Comcast
| Re: Got Me Good Although .net is managed code (similar to java from a security standpoint, for the lack of a better analogy) I agree that you should want to be prompted to execute .net code on your computer.
If you regularly needed a .net program to run you would either want to change the site's security settings or turn off prompting. (but currently the internet isn't awash with .net content, so prompting makes the most sense.) | |
|
| | |
| | | this has been around for years...why is it just being noticed now? | |
|
| |  ZertossJust Say No To Caps Lock
join:2001-08-01
Clute, TX | Re: Got Me Good said by user3657:
this has been around for years...why is it just being noticed now?
That's what I would like to know.
--
This lead apron will protect me from the gravity. | |
|
| | |  Spiro0
join:2003-08-04
Austin, TX | Re: Got Me Good 2 million lines of code is why... Sort of a Denial of Maintenance attack by the Microsoft developers on themselves. | |
|
| | | | | |  Re: Denial of Maintenance attack
I would love to use an acronym like "DOM" Attack! in reference to MS during my Linux close.
Can I quote you in my seminars?
And maybe add it to my T-Shirt ad's.
Cheers
Andy | |
|
| | | | | Spiro0
join:2003-08-04
Austin, TX | Re: Denial of Maintenance attack Sure! If I just coined a phrase, maybe I should put my name on it...
Stephen D | |
|
| | | Reason #215 why I don't even look at IE | |
|
|  rtcyFACTS only pleasePremium
join:1999-10-16
Norwalk, CA | always on mozilla, | |
|
|  TransmasterDon't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
2 edits | I just received this in one of My E-mail accounts. This has got to be one of the funniest things I have ever seen.
Talk about STUPID!!!!!. Who ever this is must not be able to type and chew gum at the same time. I do see what you mean by the site it looks real. The "real" address is
»citibridgetrack.com this address naturally does not work
Dear OnlineCitibank Cardholders,
This letter was ssent by the Citi-Bank server to veerify your e-mail
adress. You must cltoepme this prcoses by clicking on the link
below and enntering in the small window your Citbiank Debit
Card Nummber and card pin that you use on ATM Machine.
That is donne for your pctreotion -u- because some of our members no
lngoer have acsecs to their email adedsress and we must verify it.
To veerify your e-mail adderss and akcess your Citi-bank account, klick on
the link below. If ntohing hapepns when you clic on the link -6 copye
and paste the link into the address bar of your web broswer.
»www.citibank.com/?YjT2X9uB3W0TOE···CYnylY8t
---------------------------------------------
Thank you for using Citi-Bank!
---------------------------------------------
This automatic email sent to: w7itc@msn.com
Do not reply to this email.
--
I love Irish Terriers, Low Brass, and the sound of a 1950 Johnson Viking 1 tranmitter on the air for the first time in 30 years. | |
|
|
 KyleCNikon GuyPremium
join:2001-12-13
Dallas, TX
3 edits | Holy Crap I have gotten fake paypal sites like this, trying to get me in enter my info, i knew it was fake, cause paypal never sends email out requesting info. | |
|
| tmccann11Who, Me?Premium
join:2001-06-10
Bayonne, NJ | Re: Holy Crap But what if (insert favorite store here) emailed you stating that they were having a one day sale with 50% off any one item, and had an html page embedded in the email that looked legit enough. You follow it, and go through the whole process, and you think you placed an order....and gotcha.
I know the scenario may be unlikely for most of us, but there are alot of people that would fall for it in a heart beat, and could you really blame them?
JM2C
Tom
--
My baby: Asus A7N8X-Deluxe, XP2500+, 1GB Kingston Value Ram, 2 80GB WD 7200 8MB, Sound Blaster Audigy, Powercolor Radeon 9800 Pro, NEC DVD+/- RW,Lite-on 52x CDR, Antec SB1040II | |
|
| | | I just received 2 consecutive emails from "Paypal"in 2 days. Both had attachments(virus)and a redirect link. Fortunatly my Email was scanned before it was sent to my inbox, and the virus was removed, but Im sure a lot of other people arent so lucky. I reported both emails to spoof@paypal.com, which confirmed there is a rash of these emails being sent out lately. Be careful! | |
|
| | Oh bloody HELL! Here we go again.... | |
|
| | This is scary I can see that people will fall for this and not ever know. | |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ | dammm.. this is too scary....
btw. using and old version of OPERA, you get a popup warning, and the whole address shows on the address bar..
there is no excuse for microsoft to have the address display the way it does... by trying to make stuff easier, they make windows so insecure, that it is a public menace. I guess you can get away with sloppy code when you are a near-monopoly. | |
|
 cmhbobDid...Did I Do That?Premium
join:2001-03-13
Grove City, OH | One way to be more careful In IE, make sure "Show friendly URLs" is not checked. Then just watch your status bar to see where you're really going.
| |
|
|
1 edit | Re: One way to be more careful The status bar is my best friend.
--
"The Stars Win The Stanley Cup, The Stars Win The Stanley Cup", Ralph Strangis. | |
|
| | |
| | |  2kmaroThinkPremium,ExMod 1 BC
join:2000-07-11
ColossalCave | Re: One way to be more careful said by justin:
said by wheelzoff:
The status bar is my best friend.
How does your status bar look on
»i.dslr.net/symantec/worse2.html
then?
Status bar is hosed with bogus address, but the address bar shows the url you posted (as I'm sure you expected it to). Another way to detect the bogus link in either an email or on a site page is to right-click, choose "Copy Shortcut" and paste into the address bar - the entire address will appear as opposed to just the bogus portion. But as noted in all of this discussion: the targets for this kind of fraud are probably not going to do anything other than click the links. It will be interesting to see how long it takes to come up with a fix to this one and get it on the street.
I suppose the one advantage to using IE is that as each hole is found the word does get around pretty well - whereas if the same type problem(s) were in another less used browser, the discovered exploits might not get as much publicity. I think this attitude is called sour grapes? For me reality says that the company I work for will continue to use IE as their browser and Outlook as their email client. For the moment I simply put out the word not to trust ANY link sent to them or that they just "stumble upon" on some website they're unsure of, recommending they use the right-click/copy shortcut method to double-check them.
Thanks for writing up the story - as you said, the low key on this story might have left the exploit exploitable against me much longer!
--
»www.jlathamsite.com/holidays/sea···ings.htm Happy Holidays, Everyone! | |
|
| | | |  justinAustralian
join:1999-05-28
New York, NY
kudos:7 | Re: One way to be more careful There is an onMouseOver that sets the status bar if javascript is enabled (as it is, on 99.9999% of the worlds MSIE browsers). Do you have javascript disabled for 'untrusted' sites or something? (i.dslr.net)? | |
|
| | | | | 2kmaroThinkPremium,ExMod 1 BC
join:2000-07-11
ColossalCave | Re: One way to be more careful Scripting disabled on untrusted sites - security for those is set to High to match my paranoia of M$ products. Screen shot to show difference between address bar and status bar displays.
--
»www.jlathamsite.com/holidays/sea···ings.htm Happy Holidays, Everyone! | |
|
| | | | | | justinAustralian
join:1999-05-28
New York, NY
kudos:7 Host:
IPv6
Business Connectiv..
Console/Handheld g..
Console Tech
Home/Office setup ..
| Re: One way to be more careful said by 2kmaro:
Scripting disabled on untrusted sites - security for those is set to High to match my paranoia of M$ products. Screen shot to show difference between address bar and status bar displays.
that is the screenshot while you are still on dslr, what about when you are in "the symantec" site, that is the key. | |
|
| | | |  novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | said by 2kmaro:
said by justin:
said by wheelzoff:
The status bar is my best friend.
How does your status bar look on
»i.dslr.net/symantec/worse2.html
then?
Status bar is hosed with bogus address, but the address bar shows the url you posted (as I'm sure you expected it to). Another way to detect the bogus link in either an email or on a site page is to right-click, choose "Copy Shortcut" and paste into the address bar - the entire address will appear as opposed to just the bogus portion. But as noted in all of this discussion: the targets for this kind of fraud are probably not going to do anything other than click the links. It will be interesting to see how long it takes to come up with a fix to this one and get it on the street.
I suppose the one advantage to using IE is that as each hole is found the word does get around pretty well - whereas if the same type problem(s) were in another less used browser, the discovered exploits might not get as much publicity. I think this attitude is called sour grapes? For me reality says that the company I work for will continue to use IE as their browser and Outlook as their email client. For the moment I simply put out the word not to trust ANY link sent to them or that they just "stumble upon" on some website they're unsure of, recommending they use the right-click/copy shortcut method to double-check them.
Thanks for writing up the story - as you said, the low key on this story might have left the exploit exploitable against me much longer!
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
--
my fav mmorpg »www.rubiesofeventide.com if you sign up use novaflare as referal | |
|
| | | | | vic102482Premium
join:2002-04-30
Upper Marlboro, MD Reviews:
 ·Verizon FiOS
| Re: One way to be more careful said by novaflare:
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
I think I know what you are talking about, but no, this is different, and far better. Like the CNN blowjob one, it had »funnysatire.cnn.whatever.com. The address looked bogus on site. This is what I remember although, I might be wrong.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
|
| | | | | justinAustralian
join:1999-05-28
New York, NY
kudos:7 Host:
IPv6
Business Connectiv..
Console/Handheld g..
Console Tech
Home/Office setup ..
| said by novaflare:
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
No, the difference is how it looks after you get there. That it (the address) looks indistinguishable, is the biggerr problem here, and just makes an existing scam (phishing) easier to do. | |
|
| | | | | said by justin:
said by wheelzoff:
The status bar is my best friend.
How does your status bar look on
»i.dslr.net/symantec/worse2.html
then?
It still shows the bogus address.
--
"The Stars Win The Stanley Cup, The Stars Win The Stanley Cup", Ralph Strangis. | |
|
| | | |  SmokeyI'd rather be skiingPremium
join:2003-05-20
Wild West
 ·Verizon Wireless..
4 edits | Re: One way to be more careful Same for me. If your not looking, you wont catch it as it is very fast. | |
|
| | | | | Well it seems to show up in my status bar, and if i right click the properties it shows the true url. The address bar is not your friend. | |
|
| Reviews:
·Cox HSI
 ·World Lynx
1 edit | said by cmhbob:
In IE, make sure "Show friendly URLs" is not checked. Then just watch your status bar to see where you're really going.
I have that feature disabled, but when I enter the site "http://i.dslr.net/symantec/worse2.html" and hover over any of the links, they show the bogus address in the status bar, so don't think that setting will work... | |
|
lalaas
join:2002-01-01
Oak Park, MI | Other phish being caught I caught a phish like this pretending to be Comcast, and asking for all kinds of info, even down to PIN number & CVV # on the back of your credit card - bank phone #, etc. Really crafty, and I wonder how many people got scammed by them. I posted it here in the CC forum (IIRC) and notified comcast. Within an hour the site had disappeared. | |
|
 FLea973Premium
join:2001-02-27
Morristown, NJ | 1 way to spot it - At least I saw a way to spot it on the demo site - hover over a link on the spoofed site and look at the status bar. It displays the full path of that link:
"http://www.symantec.com @www.dslreports.com/front/symantec/www.symantec.com/gotcha.html"
Unfortunately what is displayed in the status bar can also be controlled through Java scripts - so yet another reason to disable java. | |
|
| justinAustralian
join:1999-05-28
New York, NY
kudos:7 Host:
IPv6
Business Connectiv..
Console/Handheld g..
Console Tech
Home/Office setup ..
| Re: 1 way to spot it - That is true - the status bar (if enabled) will show the full link if you pause and look at it. However, the domain name (easy to spot www.dslreports.com) could easily be a number, or a plain IP.
Then, the beginning of the URL and the END of the URL both look ok... only the middle and @ symbol look odd (in the status bar).
The people targetted for fraud are not likely to be folks who know why the status bar is even there, let alone how to use it  | |
|
| | FLea973Premium
join:2001-02-27
Morristown, NJ | Re: 1 way to spot it - said by justin:
The people targetted for fraud are not likely to be folks who know why the status bar is even there, let alone how to use it
True - and a lot of those targeted people won't patch when/if it comes out - may not even know there is a batch much less a flaw... | |
|
| |  koamPink PeckerPremium
join:2000-08-16
East Puddle
·Shoreham Telephone
| on the demo page, the status bar shows only »www.symantec.com.
status bar does not give it away for me. looks like a real link to a legit site.
--
Danieli Consulting LLC, Strategy and Brandinghttp://kendanieli.tripod.com | |
|
| | | justinAustralian
join:1999-05-28
New York, NY
kudos:7 Host:
IPv6
Business Connectiv..
Console/Handheld g..
Console Tech
Home/Office setup ..
| Re: 1 way to spot it - said by koam:
on the demo page, the status bar shows only »www.symantec.com.
status bar does not give it away for me. looks like a real link to a legit site.
Yes, but that is nothing new (hiding the real destination of a link). It is easy to create a link with onMouseOver to set the status bar, and TITLE to set the tool tip. You can do that in mozilla as well.
What is new is AFTER you click the link to go to the site, it STILL looks real.. that is the issue.
I think this latter point is being lost by many here. | |
|
| | | | koamPink PeckerPremium
join:2000-08-16
East Puddle Reviews:
·Shoreham Telephone
| Re: 1 way to spot it - thanks for clarifying. i realized tht the destination page looks real (address bar looks real) but i didn't know you could fake the mouseover copy on status bar so easily all along. thanks.
--
Danieli Consulting LLC, Strategy and Brandinghttp://kendanieli.tripod.com | |
|
 statecopPremium
join:2002-09-16
Heflin, AL |  Not good!
| |
|
|
| justinAustralian
join:1999-05-28
New York, NY
kudos:7 | Re: What's new about "@"? What is new is what shows in the location bar AFTER you reach the "fake site". | |
|
|
| Reviews:
·Charter
| Re: Safe here. :-) said by Doctor Olds:
Didn't fool my 2002 version of Netscape v4.8 at all.  It's old, but was updated in 2002 so it's not that old.
Didnt fool my 2 day old copy of Netcaptor either which is IE at the core.
--
The difference between foresight and hindsight is only a matter of when you bother to think things through. | |
|
1 edit | Wow After following the link to the Phish page, I went up to the IE address bar and typed in ht tp://www.symantec.com (extra space here so DSLR won't convert to a link) ... and it still went to the Phish page.
Once you're there, typing in the URL just to "double check" that you are where you think you are, doesn't work. Wow. | |
|
| |
| | nl4jy
join:2002-05-02
Brooklyn, NY | Re: Wow And that is even more dangerous as one may think, oh, I'll just manually type in the address (thinking he/she'll be safe)
--
If it ain't broken, don't try to fix it. If it's broken, buy a new one. | |
|
| | Don't trust the Lock icon either! Want to see something scary? Try this link:
https://www.paypal.com
It says PayPal in the URL, but it's not paypal! You'll notice that it still displays the "Lock" in the bottom right hand corner, too. Be afraid. :| | |
|
|
See 16 replies to this post |
|
|
|
See 7 replies to this post |
|
 Hayward K A R - 1 2 0 CPremium
join:2000-07-13
Key West, FL
kudos:1
4 edits | Doesn't tihs all still just prove.... Don't just take what is AUTO-CRAMMED down your throat.
OK we sort of have to reluctantly accept WINDOZE.... but IE??? NO WAY
It bis nothing but a copy cat wannabe since day one, ONLY successful because M$ got away with making it a part of the OS before it was too late.
On the other hand the ROCK SOLID relatively speaking Mozilla/Firebird... has it roots all the way back to the pioneer Mosaic (1993) the first browser that lead to Netscape... then after battling Microshaft for years, was completely TRASHED by AoHell that acquired NS and then abandoned it (To BIG surprise still stick with Internet Exploder for AoHell)... but now still surviving as the open source Mozilla. (And again as its roots really started as, before someone thought to make money at it.) And by the way the guy who created the WWW/HTML beginnings has never made a PENNY from it... he just gave it to the world knowing that was the only way it would ever really happen. (And boy didn't it???!!!)
As open source many developers around the world are on Mozilla all the time (for the users good)... the FEW minor problems that have occurred have been taken care of in updates rather than the probably on monthly, but seemingly weekly PATCHES to IE... that seem to be trying to futilely try to turn endlessly hole fill IE Swiss Cheese into solid cheddar
--
»haywardm.com (Hayward's Key West)
| |
|
2 edits | Damn microsoft Are we going to have to wait a month to get this update now? They had better post a fix asap. Also unchecking show friendly URLs doesn't work because mine was not checked and it only shows www.symantec.com. God damn it, why is this not patched yet. You'd think since microsoft is the only idiots with their source code, they could make a patch it in a matter of an hour or so. There are always going to be exploits, but damn you'd think they'd have enough sense to patch them quick. Also as for the people who never run windows update, yet again another reason why they suck. Now we are going to here tons of people bitching about being scammed and try to blame microsoft even though they have never ran one update ever. | |
|
|
See 6 replies to this post |
|
 JaimePremium
join:2001-06-03
Huntington Beach, CA
1 edit | Ok ok ok, I converted Well, I finally broke. I have downloaded firebird and am liking it. I clicked on the link in IE than everything *looked* normal, now I see it as a bogus page. I really hope MS gets their stuff together before even more people start migrating to alternative browsers.
--
Join the BBR BF 1942 clan | |
|
|
See 7 replies to this post |
|
 rjacksonPremium,Mod
join:2002-04-02
Ringgold, GA
kudos:1
SMC Networks
VOIP Tech Chat
ViaTalk
Teleblend
Vonage
| Somebody say Phish? Oh well.
I've never use Microsoft Internet Explorer for any extended period of time, mainly cause it is so devoid of useful features. But man, this is huuuuge. An exploit that doesn't depend even on basic scripting to be turned on. Sure am glad I don't have to worry with it. | |
|
2 edits | AOL s'aight AOL 8.0 Browser catches somehow. | |
|
|
See 21 replies to this post |
|
|
