republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » No Phishing Exploit Patch » Microsoft's Solution
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Patch is available »
« third party?  
AuthorAll Replies


Morac

join:2001-08-30
Riverside, NJ
·Comcast

reply to Omega
Re: Microsoft's Solution

said by Omega See Profile:
The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.
There's a very easy way to stop the real address from showing up in the status bar. Just add a NULL character (%00) after the %01 character in the URL. Then the fake URL will show in the status bar.

Or use scripting to obscure it.

Either way, looking at the status bar doesn't guarantee you're going to a real site.
to forum · permalink · · 2004-01-15 13:35:00 · Reply to this


Omega
Displaced Ohioan
Premium
join:2002-07-30
Cheyenne, WY
clubs:		reply to mastermind278
The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.
to forum · permalink · · 2004-01-15 12:11:57 · Reply to this


mastermind278
Premium
join:2001-07-12
Newark, NJ
clubs:
·Optimum Voice
·Optimum Online

reply to SpyderWoman
Click for full size
My solution seems to be stop using IE, or let Mcafee catch it for me.
--
Mastermind 4 Life ® ™ ©
to forum · permalink · · 2004-01-15 10:00:10 · Reply to this


SpyderWoman
Premium
join:2002-06-11
Mustang, OK
clubs:

reply to Morac
Talk about an "educate the user" problem!! Microsoft's recommendation begins with:
"Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information."

Well, it's already been demonstrated in our Security forum that the lock can be spoofed. So that's not a safe indicator. The Microsoft article goes on to say to then right click on the lock symbol and check the source of the digital signature. I'm not certain but what that couldn't be spoofed up or obfuscated enough to confuse most users.

Most of the people "falling" for these phishing expeditions do not have the knowledge available right here in this forum: they are trusting their email to be a "what you see is what you get" thing, and while you and I know it's not that way, they don't.

Does anyone really think that the general public is going to get that boned up on this stuff? Heck, 90% of them never heard the simple guideline: "most legitimate businesses won't even ask you to update over the internet via email" much less the stronger guideline "when in doubt, don't until after YOU VERIFY either by email or phone call, that the request is legitimate".
to forum · permalink · · 2004-01-15 09:50:10 · Reply to this
Forums » No Phishing Exploit PatchPatch is available »
« third party?  

Friday, 04-Dec 16:52:18 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [145] Avast Antivirus Has Gone Mad
· [124] Comcast Makes NBC Universal Acquisition Official
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [101] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [80] FCC Ponders Moving From PSTN To IP Voice
· [74] Sprint Defuses GPS Privacy Media Bomb
· [70] Baltimore To Ban Lazy Cable Installs
· [64] Broadband Killed The Game Console
Most people now reading
· False positive in Avast! or is it real? [Security]
· Windows 7 boot manager editing questions [Microsoft Help]
· Long ethernet runs [Wireless Service Providers]
· Maximizing Rogue DPS for ToC/ToGC (3.x) [World of Warcraft]
· DNS options, what are YOU using? [TekSavvy]
· Dr. Tim Ball On the Significance of the CRU Hacked Documents [Canadian Chat]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Nouveau DNS chez Google [Videotron]
· Linux is terrorist - according to MS... [All Things Unix]
· [ Professions] Northrend Herbalism and Mining Tracks [World of Warcraft]