republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » No Phishing Exploit Patch » Microsoft's Solution
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Patch is available »
« third party?  
AuthorAll Replies


SpyderWoman
Premium
join:2002-06-11
Mustang, OK
clubs:

reply to Morac
Re: Microsoft's Solution

Talk about an "educate the user" problem!! Microsoft's recommendation begins with:
"Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information."

Well, it's already been demonstrated in our Security forum that the lock can be spoofed. So that's not a safe indicator. The Microsoft article goes on to say to then right click on the lock symbol and check the source of the digital signature. I'm not certain but what that couldn't be spoofed up or obfuscated enough to confuse most users.

Most of the people "falling" for these phishing expeditions do not have the knowledge available right here in this forum: they are trusting their email to be a "what you see is what you get" thing, and while you and I know it's not that way, they don't.

Does anyone really think that the general public is going to get that boned up on this stuff? Heck, 90% of them never heard the simple guideline: "most legitimate businesses won't even ask you to update over the internet via email" much less the stronger guideline "when in doubt, don't until after YOU VERIFY either by email or phone call, that the request is legitimate".
to forum · permalink · · 2004-01-15 09:50:10 · Reply to this


mastermind278
Premium
join:2001-07-12
Newark, NJ
clubs:
·Optimum Voice
·Optimum Online

Click for full size
My solution seems to be stop using IE, or let Mcafee catch it for me.
--
Mastermind 4 Life ® ™ ©
to forum · permalink · · 2004-01-15 10:00:10 · Reply to this


Omega
Displaced Ohioan
Premium
join:2002-07-30
Cheyenne, WY
clubs:		 The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.
to forum · permalink · · 2004-01-15 12:11:57 · Reply to this


Morac

join:2001-08-30
Riverside, NJ
·Comcast
said by Omega See Profile:
The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.
There's a very easy way to stop the real address from showing up in the status bar. Just add a NULL character (%00) after the %01 character in the URL. Then the fake URL will show in the status bar.

Or use scripting to obscure it.

Either way, looking at the status bar doesn't guarantee you're going to a real site.
to forum · permalink · · 2004-01-15 13:35:00 · Reply to this
Forums » No Phishing Exploit PatchPatch is available »
« third party?  

Monday, 09-Nov 01:49:21 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [156] Cable Uncapper Faces Criminal Charges
· [140] AT&T Sues Verizon Over 3G Ads
· [112] Why Run Fiber When You Can Run Ads That Pretend You Do?
· [109] Comcast Is Simply Getting Huge
· [93] Apple Cooking Up New $30 A Month TV Service?
· [83] Bits Of ACTA Agreement Leaking Out
· [80] Will 'Three Strikes' Come To The United States?
· [78] Verizon To Double Smartphone ETFs?
· [77] Verizon: Droid Tethering Will Cost $30 Extra
· [73] Comcast, NBC Deal Almost Complete
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· My cat is reluctant to exercise. [General Questions]
· Hit and run [General Questions]
· Is Gear Score now the new requirement to get pug invite? [World of Warcraft]
· [Rant] Brand New 'Jasper' Xbox360 - RRoD Hardware Failure [Rants, Raves, and Praise]
· Garbage Disposal and Dishwasher [Home Repair & Improvement]
· [Need Info] Looking for backup software... [Software]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· [WIN7] Which Services in Win 7 Have You Turned Off? [Microsoft Help]
· Loaner flying mount broken? [World of Warcraft]