republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » No Phishing Exploit Patch » Microsoft's Solution
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Patch is available »
« third party?  

SpyderWoman
Premium
join:2002-06-11
Mustang, OK
clubs:

Re: Microsoft's Solution

Talk about an "educate the user" problem!! Microsoft's recommendation begins with:
"Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information."

Well, it's already been demonstrated in our Security forum that the lock can be spoofed. So that's not a safe indicator. The Microsoft article goes on to say to then right click on the lock symbol and check the source of the digital signature. I'm not certain but what that couldn't be spoofed up or obfuscated enough to confuse most users.

Most of the people "falling" for these phishing expeditions do not have the knowledge available right here in this forum: they are trusting their email to be a "what you see is what you get" thing, and while you and I know it's not that way, they don't.

Does anyone really think that the general public is going to get that boned up on this stuff? Heck, 90% of them never heard the simple guideline: "most legitimate businesses won't even ask you to update over the internet via email" much less the stronger guideline "when in doubt, don't until after YOU VERIFY either by email or phone call, that the request is legitimate".
permalink · 2004-01-15 09:50:10 · Print · Reply to this

mastermind278
Premium
join:2001-07-12
Newark, NJ
clubs:
·Optimum Voice
·Optimum Online

Re: Microsoft's Solution

Click for full size
My solution seems to be stop using IE, or let Mcafee catch it for me.
--
Mastermind 4 Life ® ™ ©
permalink · 2004-01-15 10:00:10 · Print · Reply to this

Omega
Displaced Ohioan
Premium
join:2002-07-30
Cheyenne, WY
clubs:

Re: Microsoft's Solution

The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.
permalink · 2004-01-15 12:11:57 · Reply to this

Morac

join:2001-08-30
Riverside, NJ
·Comcast

Re: Microsoft's Solution

said by Omega See Profile:
The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.
There's a very easy way to stop the real address from showing up in the status bar. Just add a NULL character (%00) after the %01 character in the URL. Then the fake URL will show in the status bar.

Or use scripting to obscure it.

Either way, looking at the status bar doesn't guarantee you're going to a real site.
permalink · 2004-01-15 13:35:00 · Print · Reply to this
Forums » No Phishing Exploit PatchPatch is available »
« third party?  

Thursday, 10-Dec 22:25:53 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [136] AT&T Launching New 24 Mbps U-Verse Tier
· [87] AT&T Hints At Usage-Based iPhone Data Pricing
· [82] 3G Network Test Says AT&T Is Tops
· [75] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [72] Mediacom Unveils 105 Mbps Pricing
· [66] Sprint Poised For A Turnaround?
· [55] Average American Consumes 34 Gigabytes Daily
· [53] AT&T: iPhone Data Pricing Comments 'Taken Out Of Context'
· [51] The Future Of Wi-Fi Is Bright
Most people now reading
· New Mediacom Email [Mediacom]
· [WIN7] Well, I was dumb, but do I have recourse? [Microsoft Help]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· ICC strats [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· malware has been found hidden inside an Ubuntu screensaver [Security]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Flashing headlights on/off to warn of speed trap (FL) [Automotive Social]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]