dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3232
The Way Out
join:2003-01-20

The Way Out

Member

Don't trust the Lock icon either!

Want to see something scary? Try this link:

https://www.paypal.com

It says PayPal in the URL, but it's not paypal! You'll notice that it still displays the "Lock" in the bottom right hand corner, too. Be afraid. :|

justin
..needs sleep
Mod
join:1999-05-28
2031

justin

Mod

Did you knock this site up? i was going to try an https redirect to see if it could be done, it seemed like it could but I didn't have a domain handy.
The Way Out
join:2003-01-20

The Way Out

Member

Yes, I set it up. As long as the "real" webhost has a valid SSL certificate (and is issued by a root that is trusted by the browser), no warning is popped up at all. Scary, huh.

justin
..needs sleep
Mod
join:1999-05-28
2031

justin

Mod

I figured it would work, as its just a display bug, really. Damn. I updated the news bit to link to your post demonstrating the fake encrypted site that gives no alerts about the certificate not matching what is displayed in the address bar.
espionage007
join:2003-06-14
Herndon, VA

espionage007 to The Way Out

Member

to The Way Out
omg no way!! you're one evil genius

Fireshield
join:2001-10-08
Champlin, MN

Fireshield to The Way Out

Member

to The Way Out
Hmmmm...when I click it I get »secure.divo.net/notpaypal/ in the address bar.

IE Version 6.0.2800.1106.xpsp2.030422-1633

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

1 edit

justin

Mod

hover your link over his paypal link .. see (phish removed) ?

I added phish protection to these forums

but it did work just fine, he is right.

edit: protection will be lifted shortly just for his post. Try it later if you're still interested.

kwitko7
Shacklyn Nights
Premium Member
join:2000-06-10
Middle Village, NY

kwitko7 to The Way Out

Premium Member

to The Way Out
Interesting, using IE through Avant Browser, I get
»www.paypal.com@secur ··· tpaypal/

But using IE standalone I get:
»www.paypal.com/

Using Firebird I get
»www.paypal.com%01@secure ··· tpaypal/
steven s
Premium Member
join:2002-09-14
Dearborn, MI

steven s to The Way Out

Premium Member

to The Way Out
The address bar doesn't even say www.paypal.com
It says "https://www.paypal.com%01@secure.divo.net/notpaypal/"
petrus
join:2002-01-09
Atlanta, GA

1 edit

petrus to kwitko7

Member

to kwitko7

Avant Browser

I experienced the same thing using Avant Browser. Does Avant Browser somehow make IE more secure?

Fireshield
join:2001-10-08
Champlin, MN

Fireshield to justin

Member

to justin

Re: Don't trust the Lock icon either!

Thanks justin See Profile. You're right, it does work. Rather scary!

Googled
Yay, I have FIOS
join:2001-08-13
Orchard Park, NY

Googled to justin

Member

to justin
I was thinking some more about this bug and I came up with an even scarier usage.

Using the Apache "Redirect" directive you can phish an entire site! Just put this into your httpd.conf!


Redirect /test "http://www.domainyouwant.com^A@www.domainyouhave.com"


Now anyone who visits www.domainyouhave.com/test will be redirected to the phished site! Doing this makes IE automatically modify EVERY link on the page to a phished version!

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

thats cute. I figured there would be creative use of redirectors.

I mean - you could post one of those "Special offer" links, the ones that nobody expects to look correct because they are long and have affiliate pay-on-click codes in them? - and then redirect to a phished version of SBC DSL signup page and keep them within it. Then collect credit card numbers for days before the victims noticed.

mod bait
Premium Member
join:2001-06-11
Rochester, NY

mod bait to The Way Out

Premium Member

to The Way Out

/extreme_sarcasm

Well, hopefully, Microsoft will give this matter several weeks or months of careful consideration and analysis, as they seem to be with the recently-announced active scripting exploits.
jbone_99
join:2003-12-21
Washington, DC

jbone_99 to The Way Out

Member

to The Way Out
I actually blocked the link from showing up using ad blocker in norton IS

HalfFull
Premium Member
join:2002-12-20
Chesapeake, VA

HalfFull to The Way Out

Premium Member

to The Way Out
said by The Way Out:
Want to see something scary? Try this link:

https://www.paypal.com

It says PayPal in the URL, but it's not paypal! You'll notice that it still displays the "Lock" in the bottom right hand corner, too. Be afraid. :|

sad...since Micro$oft is to cheap to fix the flaw, legitimate businesses will be hurt as the security problem is more publicized. Computer-challenged people won't buy on-line because they will be afraid of a scam...
ephilipps
Premium Member
join:2004-01-09
Buffalo, NY

ephilipps to The Way Out

Premium Member

to The Way Out
ViruScan Enterprise pops a window just by opening the forum post. I guess Microsoft will get around to this soomer or later....