Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Danger - Phishing ahead » Don't trust the Lock icon either!
Search Topic:
Uniqs:
2		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
AuthorAll Replies


justin
Australian
join:1999-05-28
Brooklyn, NY		reply to The Way Out
Re: Don't trust the Lock icon either!

Did you knock this site up? i was going to try an https redirect to see if it could be done, it seemed like it could but I didn't have a domain handy.
to forum · permalink · · 2003-12-11 01:07:58 · Reply to this

The Way Out

join:2003-01-20		 Yes, I set it up. As long as the "real" webhost has a valid SSL certificate (and is issued by a root that is trusted by the browser), no warning is popped up at all. Scary, huh.
to forum · permalink · · 2003-12-11 01:10:03 · Reply to this


justin
Australian
join:1999-05-28
Brooklyn, NY		 I figured it would work, as its just a display bug, really. Damn. I updated the news bit to link to your post demonstrating the fake encrypted site that gives no alerts about the certificate not matching what is displayed in the address bar.
to forum · permalink · · 2003-12-11 01:11:49 · Reply to this


Googled
Yay, I have FIOS

join:2001-08-13
Orchard Park, NY
·VoicePulse

 reply to justin
I was thinking some more about this bug and I came up with an even scarier usage.

Using the Apache "Redirect" directive you can phish an entire site! Just put this into your httpd.conf!


Redirect /test "http://www.domainyouwant.com^A@www.domainyouhave.com"


Now anyone who visits www.domainyouhave.com/test will be redirected to the phished site! Doing this makes IE automatically modify EVERY link on the page to a phished version!

--
DirecWay DW3000 DRS, SatMex 5 1170 gateway 164, P3-533/256 MB, AOL+ 7.0 4114.10712 on 98SE w/ICS,shared to 2 x 2K Pro, 1 x Redhat Linux 7.3, 1 x Netgear 802.11b
to forum · permalink · · 2003-12-12 17:43:22 · Reply to this


justin
Australian
join:1999-05-28
Brooklyn, NY

Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
 thats cute. I figured there would be creative use of redirectors.

I mean - you could post one of those "Special offer" links, the ones that nobody expects to look correct because they are long and have affiliate pay-on-click codes in them? - and then redirect to a phished version of SBC DSL signup page and keep them within it. Then collect credit card numbers for days before the victims noticed.
to forum · permalink · · 2003-12-12 17:48:59 · Reply to this
Forums » Danger - Phishing ahead

Tuesday, 10-Nov 03:36:38 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [83] VoIP Over 3G Still Not Working For iPhone
· [80] Verizon Keeps Swinging At AT&T
· [33] Bill Would Force ISPs To Block Financial Scams
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [14] Clearwire To Get Another $1.5 Billion
· [11] Monday Morning Links
· [9] 15 States Have Now Gotten Broadband Mapping Money
· [5] AT&T Launching New 7.2 Mbps 3G Modem
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· Know when to run! [Home Repair & Improvement]
· Framed for child porn 151; by a PC virus [Security]
· [SU] Apple Releases Mac OS X 10.6.2 [All Things Macintosh]
· MI424WR-GEN2 Rev E Configuration Thread [Verizon Fiber Optics]
· 60 Minutes piece on cyber security last night [Security]
· How in the world am I going to get into college? [General Questions]
· Google Has Acquired Gizmo5 [VOIP Tech Chat]
· My cat is reluctant to exercise. [General Questions]