cmhbob
Did...Did I Do That?
Premium
join:2001-03-13
Grove City, OH
clubs: | One way to be more careful
In IE, make sure "Show friendly URLs" is not checked. Then just watch your status bar to see where you're really going.
|
|
wheelzoff
join:2001-02-14
Irving, TX
clubs:
1 edit | The status bar is my best friend.
--
"The Stars Win The Stanley Cup, The Stars Win The Stanley Cup", Ralph Strangis. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| said by wheelzoff  :
The status bar is my best friend.
How does your status bar look on
»i.dslr.net/symantec/worse2.html
then? |
|
2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
clubs:
| said by justin :
said by wheelzoff :
The status bar is my best friend.
How does your status bar look on
»i.dslr.net/symantec/worse2.html
then?
Status bar is hosed with bogus address, but the address bar shows the url you posted (as I'm sure you expected it to). Another way to detect the bogus link in either an email or on a site page is to right-click, choose "Copy Shortcut" and paste into the address bar - the entire address will appear as opposed to just the bogus portion. But as noted in all of this discussion: the targets for this kind of fraud are probably not going to do anything other than click the links. It will be interesting to see how long it takes to come up with a fix to this one and get it on the street.
I suppose the one advantage to using IE is that as each hole is found the word does get around pretty well - whereas if the same type problem(s) were in another less used browser, the discovered exploits might not get as much publicity. I think this attitude is called sour grapes? For me reality says that the company I work for will continue to use IE as their browser and Outlook as their email client. For the moment I simply put out the word not to trust ANY link sent to them or that they just "stumble upon" on some website they're unsure of, recommending they use the right-click/copy shortcut method to double-check them.
Thanks for writing up the story - as you said, the low key on this story might have left the exploit exploitable against me much longer!
--
»www.jlathamsite.com/holidays/sea···ings.htm Happy Holidays, Everyone! |
|
wheelzoff
join:2001-02-14
Irving, TX
clubs:
| reply to justin
said by justin :
said by wheelzoff :
The status bar is my best friend.
How does your status bar look on
»i.dslr.net/symantec/worse2.html
then?
It still shows the bogus address.
--
"The Stars Win The Stanley Cup, The Stars Win The Stanley Cup", Ralph Strangis. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | reply to 2kmaro
There is an onMouseOver that sets the status bar if javascript is enabled (as it is, on 99.9999% of the worlds MSIE browsers). Do you have javascript disabled for 'untrusted' sites or something? (i.dslr.net)? |
|
Smokey
Even drunk on a bet ya make it to Canada
Premium
join:2003-05-20
Va Beach
clubs:
 ·Cox HSI
4 edits | reply to wheelzoff
Same for me. If your not looking, you wont catch it as it is very fast. |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| reply to 2kmaro
said by 2kmaro :
said by justin :
said by wheelzoff :
The status bar is my best friend.
How does your status bar look on
»i.dslr.net/symantec/worse2.html
then?
Status bar is hosed with bogus address, but the address bar shows the url you posted (as I'm sure you expected it to). Another way to detect the bogus link in either an email or on a site page is to right-click, choose "Copy Shortcut" and paste into the address bar - the entire address will appear as opposed to just the bogus portion. But as noted in all of this discussion: the targets for this kind of fraud are probably not going to do anything other than click the links. It will be interesting to see how long it takes to come up with a fix to this one and get it on the street.
I suppose the one advantage to using IE is that as each hole is found the word does get around pretty well - whereas if the same type problem(s) were in another less used browser, the discovered exploits might not get as much publicity. I think this attitude is called sour grapes? For me reality says that the company I work for will continue to use IE as their browser and Outlook as their email client. For the moment I simply put out the word not to trust ANY link sent to them or that they just "stumble upon" on some website they're unsure of, recommending they use the right-click/copy shortcut method to double-check them.
Thanks for writing up the story - as you said, the low key on this story might have left the exploit exploitable against me much longer!
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
--
my fav mmorpg »www.rubiesofeventide.com if you sign up use novaflare as referal |
|
2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
clubs:
| reply to justin
Scripting disabled on untrusted sites - security for those is set to High to match my paranoia of M$ products. Screen shot to show difference between address bar and status bar displays.
--
»www.jlathamsite.com/holidays/sea···ings.htm Happy Holidays, Everyone! |
|
vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| reply to novaflare
said by novaflare :
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
I think I know what you are talking about, but no, this is different, and far better. Like the CNN blowjob one, it had »funnysatire.cnn.whatever.com. The address looked bogus on site. This is what I remember although, I might be wrong.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| reply to 2kmaro
said by 2kmaro :
Scripting disabled on untrusted sites - security for those is set to High to match my paranoia of M$ products. Screen shot to show difference between address bar and status bar displays.
that is the screenshot while you are still on dslr, what about when you are in "the symantec" site, that is the key. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| reply to novaflare
said by novaflare :
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
No, the difference is how it looks after you get there. That it (the address) looks indistinguishable, is the biggerr problem here, and just makes an existing scam (phishing) easier to do. |
|
N10Cities
SILENCE I Keel You
Premium
join:2002-05-07
Roland, OK
clubs:
·Cox HSI
 ·World Lynx
1 edit | reply to cmhbob
said by cmhbob :
In IE, make sure "Show friendly URLs" is not checked. Then just watch your status bar to see where you're really going.
I have that feature disabled, but when I enter the site "http://i.dslr.net/symantec/worse2.html" and hover over any of the links, they show the bogus address in the status bar, so don't think that setting will work... |
|
Synon29
join:2003-09-13
Cabot, AR | reply to justin
Well it seems to show up in my status bar, and if i right click the properties it shows the true url. The address bar is not your friend. |
|
