Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Danger - Phishing ahead » Don't trust the Lock icon either!
Uniqs:
2		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:

justin
Australian
join:1999-05-28
Brooklyn, NY

Re: Don't trust the Lock icon either!

Did you knock this site up? i was going to try an https redirect to see if it could be done, it seemed like it could but I didn't have a domain handy.
permalink · 2003-12-11 01:07:58 · Reply to this
The Way Out

join:2003-01-20

Re: Don't trust the Lock icon either!

Yes, I set it up. As long as the "real" webhost has a valid SSL certificate (and is issued by a root that is trusted by the browser), no warning is popped up at all. Scary, huh.
permalink · 2003-12-11 01:10:03 · Reply to this

justin
Australian
join:1999-05-28
Brooklyn, NY

Re: Don't trust the Lock icon either!

I figured it would work, as its just a display bug, really. Damn. I updated the news bit to link to your post demonstrating the fake encrypted site that gives no alerts about the certificate not matching what is displayed in the address bar.
permalink · 2003-12-11 01:11:49 · Reply to this

Googled
Yay, I have FIOS

join:2001-08-13
Orchard Park, NY
·VoicePulse

I was thinking some more about this bug and I came up with an even scarier usage.

Using the Apache "Redirect" directive you can phish an entire site! Just put this into your httpd.conf!


Redirect /test "http://www.domainyouwant.com^A@www.domainyouhave.com"


Now anyone who visits www.domainyouhave.com/test will be redirected to the phished site! Doing this makes IE automatically modify EVERY link on the page to a phished version!

--
DirecWay DW3000 DRS, SatMex 5 1170 gateway 164, P3-533/256 MB, AOL+ 7.0 4114.10712 on 98SE w/ICS,shared to 2 x 2K Pro, 1 x Redhat Linux 7.3, 1 x Netgear 802.11b
permalink · 2003-12-12 17:43:22 · Print · Reply to this

justin
Australian
join:1999-05-28
Brooklyn, NY

Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech

Re: Don't trust the Lock icon either!

thats cute. I figured there would be creative use of redirectors.

I mean - you could post one of those "Special offer" links, the ones that nobody expects to look correct because they are long and have affiliate pay-on-click codes in them? - and then redirect to a phished version of SBC DSL signup page and keep them within it. Then collect credit card numbers for days before the victims noticed.
permalink · 2003-12-12 17:48:59 · Reply to this
Forums » Danger - Phishing ahead

Wednesday, 02-Dec 16:24:14 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [159] Comcast Releasing Promised Usage Meter
· [85] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [78] Latest Consumer Reports Survey Not Kind To AT&T
· [70] Baltimore To Ban Lazy Cable Installs
· [60] Broadband Killed The Game Console
· [54] Rogers Unveils The ISP Dream Model
· [46] ACTA: Global Three Strikes
· [41] Rural Carriers Quickly Embracing Fiber
· [38] Charter Exits Chapter 11
· [33] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
Most people now reading
· MS admits Windows Updates principally created to annoy [Security]
· A little freaky, not sure if its legit. [Spam, Scam and Phishbusters]
· Am I the only one that loves to work in IT? [No, I Will Not Fix Your #@$!! Computer]
· Quality/longevity of 15A 120V receptacles [Home Repair & Improvement]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· [Business] how to bridge a smc 8014 business class modem [Comcast HSI]
· [video] Crazy Lady At The Aerial Turkey Drop [56k Lookout (Broadband Heavy)]
· UBB round 2 at the CRTC [Canadian Broadband]
· So I found a gold mine... [World of Warcraft]
· Using AirMax to provide triple play services? [Wireless Service Providers]