 
tmccann11
Who, Me?
Premium
join:2001-06-10
Bayonne, NJ
clubs:
1 edit | Got Me Good Damn, I just might have fallen for that considering the fact that I get tons of mail from like best buy and staples.
F$%$%$ng Microsoft.
Tom
FP | |
|
 | |
| | 
Jason Levine
Premium
join:2001-07-13
USA
| Re: IE vulnerability - Now more than ever ... said by EGeezer  :
That's another good reason to be sure you type no sensitive information on any web page that does not have the secured lock and a valid security certificate.
This will work with an SSL secured site as well. See this post: »Don't trust the Lock icon either!
All the hacker would do is buy an SSL cert for his site (from Verisign, GeoTrust, etc) and then set up one of these links. The lock icon would show and the cert would appear to be valid in that no warnings would pop up. If you checked the cert, you'd see it is for a different site than the one that you appeared to be on, but how many people do this for every secure site they go to?
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ | |
|
| 
XuhQshinR
join:2001-09-18
Bradenton, FL
| Re: Got Me Good Very tricky! One possible way to tell is to go to FILE: and PROPERTIES and it will tell you the real deal is: »www.symantec.com�@i.dslr.net/···dex.html
But of coarse we don't all do that at every site we browse too.
Always someone finding a way to show MS's weakness. It's not that difficult is it?
Thanks for the heads up! | |
|
| 
netwire
Premium
join:2001-04-27
Mooresboro, NC | Thank God for Mozilla.... hehe | |
|
| |
| | 
AthlGrond
Premium,MVM
join:2002-04-25
Aurora, CO
 ·Comcast
| Re: Got Me Good Although .net is managed code (similar to java from a security standpoint, for the lack of a better analogy) I agree that you should want to be prompted to execute .net code on your computer.
If you regularly needed a .net program to run you would either want to change the site's security settings or turn off prompting. (but currently the internet isn't awash with .net content, so prompting makes the most sense.) | |
|
| | 
Googled
Yay, I have FIOS
join:2001-08-13
Orchard Park, NY
 ·VoicePulse
| Okay I figured out it was because I copied and pasted the link into IE. I tried it the way I was supposed to by clicking on the link and the address did change to http://www.symantec.com
I had seen this before, but I thought they used a bunch of javascript to do it.
What would happen if you changed the url to something like file://foobar.htm or perhaps http://localhost Would that make the page execute in a different zone?
I have just tested it and it doesn't appear to work on an http://localhost The address changes, but IE stays in the Internet zone.
I couldn't get it to work on file:// either, but I couldn't quite get file:// to work correctly, when I made my phished URL the browser kept looking for a server share on the network rather than trying to find the file on the C: drive. Could someone else try this and see if they can get it to work? | |
|
| 
user3657
join:2000-04-27
Trenton, NJ | this has been around for years...why is it just being noticed now? | |
|
| | 
Zertoss
Just Say No To Caps Lock
join:2001-08-01
Clute, TX
| Re: Got Me Good said by user3657 :
this has been around for years...why is it just being noticed now?
That's what I would like to know.
--
This lead apron will protect me from the gravity. | |
|
| | | 
Spiro0
join:2003-08-04
Austin, TX | Re: Got Me Good 2 million lines of code is why... Sort of a Denial of Maintenance attack by the Microsoft developers on themselves. | |
|
| | | | HackManiac
join:2003-12-18
Australia |  Re: Denial of Maintenance attack
I would love to use an acronym like "DOM" Attack! in reference to MS during my Linux close.
Can I quote you in my seminars?
And maybe add it to my T-Shirt ad's.
Cheers
Andy | |
|
| | | | |
Spiro0
join:2003-08-04
Austin, TX | Re: Denial of Maintenance attack Sure! If I just coined a phrase, maybe I should put my name on it...
Stephen D | |
|
| 
titoisme
join:2003-07-13
Brooklyn, NY | Reason #215 why I don't even look at IE | |
|
| 
rtcy
FACTS only please
Premium
join:1999-10-16
Beverly Hills, CA | always on mozilla, | |
|
| 
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
 ·Qwest.net
2 edits | I just received this in one of My E-mail accounts. This has got to be one of the funniest things I have ever seen.
Talk about STUPID!!!!!. Who ever this is must not be able to type and chew gum at the same time. I do see what you mean by the site it looks real. The "real" address is
»citibridgetrack.com this address naturally does not work
Dear OnlineCitibank Cardholders,
This letter was ssent by the Citi-Bank server to veerify your e-mail
adress. You must cltoepme this prcoses by clicking on the link
below and enntering in the small window your Citbiank Debit
Card Nummber and card pin that you use on ATM Machine.
That is donne for your pctreotion -u- because some of our members no
lngoer have acsecs to their email adedsress and we must verify it.
To veerify your e-mail adderss and akcess your Citi-bank account, klick on
the link below. If ntohing hapepns when you clic on the link -6 copye
and paste the link into the address bar of your web broswer.
»www.citibank.com/?YjT2X9uB3W0TOE···CYnylY8t
---------------------------------------------
Thank you for using Citi-Bank!
---------------------------------------------
This automatic email sent to: w7itc@msn.com
Do not reply to this email.
--
I love Irish Terriers, Low Brass, and the sound of a 1950 Johnson Viking 1 tranmitter on the air for the first time in 30 years. | |
|
|
KyleC
Nikon Guy
Premium
join:2001-12-13
Dallas, TX
3 edits | Holy Crap I have gotten fake paypal sites like this, trying to get me in enter my info, i knew it was fake, cause paypal never sends email out requesting info. | |
|
|
tmccann11
Who, Me?
Premium
join:2001-06-10
Bayonne, NJ
clubs:
| Re: Holy Crap But what if (insert favorite store here) emailed you stating that they were having a one day sale with 50% off any one item, and had an html page embedded in the email that looked legit enough. You follow it, and go through the whole process, and you think you placed an order....and gotcha.
I know the scenario may be unlikely for most of us, but there are alot of people that would fall for it in a heart beat, and could you really blame them?
JM2C
Tom
--
My baby: Asus A7N8X-Deluxe, XP2500+, 1GB Kingston Value Ram, 2 80GB WD 7200 8MB, Sound Blaster Audigy, Powercolor Radeon 9800 Pro, NEC DVD+/- RW,Lite-on 52x CDR, Antec SB1040II | |
|
| 
copperdoctor
Premium
join:2003-12-08
Palatine, IL
| I just received 2 consecutive emails from "Paypal"in 2 days. Both had attachments(virus)and a redirect link. Fortunatly my Email was scanned before it was sent to my inbox, and the virus was removed, but Im sure a lot of other people arent so lucky. I reported both emails to spoof@paypal.com, which confirmed there is a rash of these emails being sent out lately. Be careful! | |
|
CenTex2
join:2003-04-16
Marlin, TX | Oh bloody HELL! Here we go again.... | |
|
Headbanger
join:2001-12-28
Charleston, SC | This is scary I can see that people will fall for this and not ever know. | |
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| dammm.. this is too scary....
btw. using and old version of OPERA, you get a popup warning, and the whole address shows on the address bar..
there is no excuse for microsoft to have the address display the way it does... by trying to make stuff easier, they make windows so insecure, that it is a public menace. I guess you can get away with sloppy code when you are a near-monopoly. | |
|
cmhbob
Did...Did I Do That?
Premium
join:2001-03-13
Grove City, OH
clubs: | One way to be more careful In IE, make sure "Show friendly URLs" is not checked. Then just watch your status bar to see where you're really going.
| |
|
| 
wheelzoff
join:2001-02-14
Irving, TX
clubs:
1 edit | Re: One way to be more careful The status bar is my best friend.
--
"The Stars Win The Stanley Cup, The Stars Win The Stanley Cup", Ralph Strangis. | |
|
| | |
| | | |
| | | | 
justin
Australian
join:1999-05-28
Brooklyn, NY | Re: One way to be more careful There is an onMouseOver that sets the status bar if javascript is enabled (as it is, on 99.9999% of the worlds MSIE browsers). Do you have javascript disabled for 'untrusted' sites or something? (i.dslr.net)? | |
|
| | | | | |
| | | | | |
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| Re: One way to be more careful said by 2kmaro :
Scripting disabled on untrusted sites - security for those is set to High to match my paranoia of M$ products. Screen shot to show difference between address bar and status bar displays.
that is the screenshot while you are still on dslr, what about when you are in "the symantec" site, that is the key. | |
|
| | | | |
| | | | | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| Re: One way to be more careful said by novaflare :
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
I think I know what you are talking about, but no, this is different, and far better. Like the CNN blowjob one, it had »funnysatire.cnn.whatever.com. The address looked bogus on site. This is what I remember although, I might be wrong.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
|
| | | | |
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| said by novaflare :
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
No, the difference is how it looks after you get there. That it (the address) looks indistinguishable, is the biggerr problem here, and just makes an existing scam (phishing) easier to do. | |
|
| | | |
| | | | 
Smokey
Even drunk on a bet ya make it to Canada
Premium
join:2003-05-20
Va Beach
clubs:
·Cox HSI
4 edits | Re: One way to be more careful Same for me. If your not looking, you wont catch it as it is very fast. | |
|
| | | 
Synon29
join:2003-09-13
Cabot, AR | Well it seems to show up in my status bar, and if i right click the properties it shows the true url. The address bar is not your friend. | |
|
| |
lalaas
join:2002-01-01
Oak Park, MI
| Other phish being caught I caught a phish like this pretending to be Comcast, and asking for all kinds of info, even down to PIN number & CVV # on the back of your credit card - bank phone #, etc. Really crafty, and I wonder how many people got scammed by them. I posted it here in the CC forum (IIRC) and notified comcast. Within an hour the site had disappeared. | |
|
FLea973
Premium
join:2001-02-27
Morristown, NJ
clubs:
| 1 way to spot it - At least I saw a way to spot it on the demo site - hover over a link on the spoofed site and look at the status bar. It displays the full path of that link:
"http://www.symantec.com @www.dslreports.com/front/symantec/www.symantec.com/gotcha.html"
Unfortunately what is displayed in the status bar can also be controlled through Java scripts - so yet another reason to disable java. | |
|
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| Re: 1 way to spot it - That is true - the status bar (if enabled) will show the full link if you pause and look at it. However, the domain name (easy to spot www.dslreports.com) could easily be a number, or a plain IP.
Then, the beginning of the URL and the END of the URL both look ok... only the middle and @ symbol look odd (in the status bar).
The people targetted for fraud are not likely to be folks who know why the status bar is even there, let alone how to use it  | |
|
| | |
| | |
| | |
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| Re: 1 way to spot it - said by koam :
on the demo page, the status bar shows only »www.symantec.com.
status bar does not give it away for me. looks like a real link to a legit site.
Yes, but that is nothing new (hiding the real destination of a link). It is easy to create a link with onMouseOver to set the status bar, and TITLE to set the tool tip. You can do that in mozilla as well.
What is new is AFTER you click the link to go to the site, it STILL looks real.. that is the issue.
I think this latter point is being lost by many here. | |
|
| | | | |
statecop
Premium
join:2002-09-16
Beverly Hills, CA |  Not good!
| |
|
|
|
justin
Australian
join:1999-05-28
Brooklyn, NY | Re: What's new about "@"? What is new is what shows in the location bar AFTER you reach the "fake site". | |
|
|
| |
SanJoseNerd
Premium
join:2002-07-24
San Jose, CA
1 edit | Wow After following the link to the Phish page, I went up to the IE address bar and typed in ht tp://www.symantec.com (extra space here so DSLR won't convert to a link) ... and it still went to the Phish page.
Once you're there, typing in the URL just to "double check" that you are where you think you are, doesn't work. Wow. | |
|
| |
| | nl4jy
join:2002-05-02
Brooklyn, NY | Re: Wow And that is even more dangerous as one may think, oh, I'll just manually type in the address (thinking he/she'll be safe)
--
If it ain't broken, don't try to fix it. If it's broken, buy a new one. | |
|
The Way Out
join:2003-01-20
| Don't trust the Lock icon either! Want to see something scary? Try this link:
https://www.paypal.com
It says PayPal in the URL, but it's not paypal! You'll notice that it still displays the "Lock" in the bottom right hand corner, too. Be afraid. :| | |
|
|
See 16 replies to this post |
|
|
|
See 7 replies to this post |
|
Hayward
K A R - 1 2 0 C
Premium
join:2000-07-13
Key West, FL
4 edits | Doesn't tihs all still just prove.... Don't just take what is AUTO-CRAMMED down your throat.
OK we sort of have to reluctantly accept WINDOZE.... but IE??? NO WAY
It bis nothing but a copy cat wannabe since day one, ONLY successful because M$ got away with making it a part of the OS before it was too late.
On the other hand the ROCK SOLID relatively speaking Mozilla/Firebird... has it roots all the way back to the pioneer Mosaic (1993) the first browser that lead to Netscape... then after battling Microshaft for years, was completely TRASHED by AoHell that acquired NS and then abandoned it (To BIG surprise still stick with Internet Exploder for AoHell)... but now still surviving as the open source Mozilla. (And again as its roots really started as, before someone thought to make money at it.) And by the way the guy who created the WWW/HTML beginnings has never made a PENNY from it... he just gave it to the world knowing that was the only way it would ever really happen. (And boy didn't it???!!!)
As open source many developers around the world are on Mozilla all the time (for the users good)... the FEW minor problems that have occurred have been taken care of in updates rather than the probably on monthly, but seemingly weekly PATCHES to IE... that seem to be trying to futilely try to turn endlessly hole fill IE Swiss Cheese into solid cheddar 
--
»haywardm.com (Hayward's Key West)
| |
|
insomniac84
join:2002-01-03
Schererville, IN
2 edits | Damn microsoft Are we going to have to wait a month to get this update now? They had better post a fix asap. Also unchecking show friendly URLs doesn't work because mine was not checked and it only shows www.symantec.com. God damn it, why is this not patched yet. You'd think since microsoft is the only idiots with their source code, they could make a patch it in a matter of an hour or so. There are always going to be exploits, but damn you'd think they'd have enough sense to patch them quick. Also as for the people who never run windows update, yet again another reason why they suck. Now we are going to here tons of people bitching about being scammed and try to blame microsoft even though they have never ran one update ever. | |
|
|
See 6 replies to this post |
|
Jaime
Premium
join:2001-06-03
Huntington Beach, CA
 ·Verizon FIOS
·Charter Pipeline
1 edit | Ok ok ok, I converted Well, I finally broke. I have downloaded firebird and am liking it. I clicked on the link in IE than everything *looked* normal, now I see it as a bogus page. I really hope MS gets their stuff together before even more people start migrating to alternative browsers.
--
Join the BBR BF 1942 clan | |
|
|
See 7 replies to this post |
|
rjackson
Premium,Mod
join:2002-04-02
Ringgold, GA
clubs:
Host:
SMC Networks
Automotive
VOIP Tech Chat
ViaTalk
Teleblend
| Somebody say Phish? Oh well.
I've never use Microsoft Internet Explorer for any extended period of time, mainly cause it is so devoid of useful features. But man, this is huuuuge. An exploit that doesn't depend even on basic scripting to be turned on. Sure am glad I don't have to worry with it. | |
|
|
|
See 21 replies to this post |
|
|
|
|
