tmccann11Who, Me? Premium Member join:2001-06-10 Parsippany, NJ 1 edit |
tmccann11
Premium Member
2003-Dec-11 12:19 am
Got Me GoodDamn, I just might have fallen for that considering the fact that I get tons of mail from like best buy and staples.
F$%$%$ng Microsoft.
Tom
FP | |
|
| EGeezer Premium Member join:2002-08-04 Midwest |
EGeezer
Premium Member
2003-Dec-11 12:26 am
IE vulnerability - Now more than ever ...That's another good reason to be sure you type no sensitive information on any web page that does not have the secured lock and a valid security certificate.
Too many "legitimate" sites have the input fields on a page without the lock and cert, then redirect to https only after the user has entered sensitive data and pressed enter to send it. Too many more have certs that don't match the sites or are expired.
EG | |
|
| | TechyDad Premium Member join:2001-07-13 USA |
TechyDad
Premium Member
2003-Dec-11 10:59 pm
Re: IE vulnerability - Now more than ever ...said by EGeezer: That's another good reason to be sure you type no sensitive information on any web page that does not have the secured lock and a valid security certificate.
This will work with an SSL secured site as well. See this post: » Don't trust the Lock icon either!All the hacker would do is buy an SSL cert for his site (from Verisign, GeoTrust, etc) and then set up one of these links. The lock icon would show and the cert would appear to be valid in that no warnings would pop up. If you checked the cert, you'd see it is for a different site than the one that you appeared to be on, but how many people do this for every secure site they go to? | |
|
| |
to tmccann11
Re: Got Me GoodVery tricky! One possible way to tell is to go to FILE: and PROPERTIES and it will tell you the real deal is: » www.symantec.com@i.d ··· dex.htmlBut of coarse we don't all do that at every site we browse too. Always someone finding a way to show MS's weakness. It's not that difficult is it? Thanks for the heads up! | |
|
| netwire Premium Member join:2001-04-27 Dallas, NC |
to tmccann11
Thank God for Mozilla.... hehe | |
|
| GoogledYay, I have FIOS join:2001-08-13 Orchard Park, NY |
to tmccann11
Internet Explorer 6 | Firebird |
Didn't work on mine. I'm not sure why either. Is it because I have Java set to run in "High Safety" mode? This topic drove me to venture into the security settings for IE6. I noticed that two items have been added since I last looked. They are settings for running .NET framework components. Both were set to "Enable", by default I assume. You all might want to check your settings. I changed mine to "Prompt" | |
|
| | AthlGrond Premium Member join:2002-04-25 Aurora, CO |
AthlGrond
Premium Member
2003-Dec-11 10:28 am
Re: Got Me GoodAlthough .net is managed code (similar to java from a security standpoint, for the lack of a better analogy) I agree that you should want to be prompted to execute .net code on your computer.
If you regularly needed a .net program to run you would either want to change the site's security settings or turn off prompting. (but currently the internet isn't awash with .net content, so prompting makes the most sense.) | |
|
| | GoogledYay, I have FIOS join:2001-08-13 Orchard Park, NY |
Googled
Member
2003-Dec-11 10:40 am
Okay I figured out it was because I copied and pasted the link into IE. I tried it the way I was supposed to by clicking on the link and the address did change to http://www.symantec.com I had seen this before, but I thought they used a bunch of javascript to do it. What would happen if you changed the url to something like file://foobar.htm or perhaps http://localhost Would that make the page execute in a different zone? I have just tested it and it doesn't appear to work on an http://localhost The address changes, but IE stays in the Internet zone. I couldn't get it to work on file:// either, but I couldn't quite get file:// to work correctly, when I made my phished URL the browser kept looking for a server share on the network rather than trying to find the file on the C: drive. Could someone else try this and see if they can get it to work? | |
|
| |
to tmccann11
this has been around for years...why is it just being noticed now? | |
|
| | ZertossJust Say No To Caps Lock join:2001-08-01 Clute, TX |
Zertoss
Member
2003-Dec-11 10:02 am
Re: Got Me Goodsaid by user3657: this has been around for years...why is it just being noticed now?
That's what I would like to know. | |
|
| | | Spiro0 join:2003-08-04 Austin, TX |
Spiro0
Member
2003-Dec-14 6:29 pm
Re: Got Me Good2 million lines of code is why... Sort of a Denial of Maintenance attack by the Microsoft developers on themselves. | |
|
| | | | |
Re: Denial of Maintenance attack(Smile) I love it. I would love to use an acronym like "DOM" Attack! in reference to MS during my Linux close.
Can I quote you in my seminars?
And maybe add it to my T-Shirt ad's.
Cheers
Andy | |
|
| | | | | Spiro0 join:2003-08-04 Austin, TX |
Spiro0
Member
2003-Dec-21 6:40 pm
Re: Denial of Maintenance attackSure! If I just coined a phrase, maybe I should put my name on it...
Stephen D | |
|
| |
to tmccann11
Reason #215 why I don't even look at IE | |
|
| rtcyFACTS only please Premium Member join:1999-10-16 Norwalk, CA |
to tmccann11
always on mozilla, | |
|
| TransmasterDon't Blame Me I Voted For Bill and Opus join:2001-06-20 Cheyenne, WY 2 edits |
to tmccann11
I just received this in one of My E-mail accounts. This has got to be one of the funniest things I have ever seen. Talk about STUPID!!!!!. Who ever this is must not be able to type and chew gum at the same time. I do see what you mean by the site it looks real. The "real" address is » citibridgetrack.com this address naturally does not work Dear OnlineCitibank Cardholders, This letter was ssent by the Citi-Bank server to veerify your e-mail adress. You must cltoepme this prcoses by clicking on the link below and enntering in the small window your Citbiank Debit Card Nummber and card pin that you use on ATM Machine. That is donne for your pctreotion -u- because some of our members no lngoer have acsecs to their email adedsress and we must verify it. To veerify your e-mail adderss and akcess your Citi-bank account, klick on the link below. If ntohing hapepns when you clic on the link -6 copye and paste the link into the address bar of your web broswer. » www.citibank.com/?YjT2X9 ··· CYnylY8t--------------------------------------------- Thank you for using Citi-Bank! --------------------------------------------- This automatic email sent to: w7itc@msn.com Do not reply to this email. | |
|
XzibitWtf Mate? Premium Member join:2002-04-19 Santa Clara, CA |
Xzibit
Premium Member
2003-Dec-11 12:21 am
Oh damn...Damn, got me | |
|
KyleCNikon Guy Premium Member join:2001-12-13 Dallas, TX 3 edits |
KyleC
Premium Member
2003-Dec-11 12:21 am
Holy CrapI have gotten fake paypal sites like this, trying to get me in enter my info, i knew it was fake, cause paypal never sends email out requesting info. | |
|
| tmccann11Who, Me? Premium Member join:2001-06-10 Parsippany, NJ |
tmccann11
Premium Member
2003-Dec-11 12:28 am
Re: Holy CrapBut what if (insert favorite store here) emailed you stating that they were having a one day sale with 50% off any one item, and had an html page embedded in the email that looked legit enough. You follow it, and go through the whole process, and you think you placed an order....and gotcha.
I know the scenario may be unlikely for most of us, but there are alot of people that would fall for it in a heart beat, and could you really blame them?
JM2C
Tom | |
|
| |
to KyleC
I just received 2 consecutive emails from "Paypal"in 2 days. Both had attachments(virus)and a redirect link. Fortunatly my Email was scanned before it was sent to my inbox, and the virus was removed, but Im sure a lot of other people arent so lucky. I reported both emails to spoof@paypal.com, which confirmed there is a rash of these emails being sent out lately. Be careful! | |
|
|
CenTex2
Member
2003-Dec-11 12:25 am
Oh bloody HELL!Here we go again.... | |
|
|
This is scaryI can see that people will fall for this and not ever know. | |
|
AVDRespice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ |
AVD
Premium Member
2003-Dec-11 12:31 am
dammm..this is too scary....
btw. using and old version of OPERA, you get a popup warning, and the whole address shows on the address bar..
there is no excuse for microsoft to have the address display the way it does... by trying to make stuff easier, they make windows so insecure, that it is a public menace. I guess you can get away with sloppy code when you are a near-monopoly. | |
|
cmhbobDid...Did I Do That? Premium Member join:2001-03-13 Fort Gibson, OK |
cmhbob
Premium Member
2003-Dec-11 12:37 am
One way to be more carefulIn IE, make sure "Show friendly URLs" is not checked. Then just watch your status bar to see where you're really going. | |
|
| 1 edit |
Re: One way to be more carefulThe status bar is my best friend. | |
|
| | |
| | | 2kmaroThink
join:2000-07-11 Oklahoma City, OK |
Re: One way to be more carefulsaid by justin:
said by wheelzoff: The status bar is my best friend.
How does your status bar look on
»i.dslr.net/symantec/worse2.html
then?
Status bar is hosed with bogus address, but the address bar shows the url you posted (as I'm sure you expected it to). Another way to detect the bogus link in either an email or on a site page is to right-click, choose "Copy Shortcut" and paste into the address bar - the entire address will appear as opposed to just the bogus portion. But as noted in all of this discussion: the targets for this kind of fraud are probably not going to do anything other than click the links. It will be interesting to see how long it takes to come up with a fix to this one and get it on the street. I suppose the one advantage to using IE is that as each hole is found the word does get around pretty well - whereas if the same type problem(s) were in another less used browser, the discovered exploits might not get as much publicity. I think this attitude is called sour grapes? For me reality says that the company I work for will continue to use IE as their browser and Outlook as their email client. For the moment I simply put out the word not to trust ANY link sent to them or that they just "stumble upon" on some website they're unsure of, recommending they use the right-click/copy shortcut method to double-check them. Thanks for writing up the story - as you said, the low key on this story might have left the exploit exploitable against me much longer! | |
|
| | | | justin..needs sleep Mod join:1999-05-28 2031 |
justin
Mod
2003-Dec-11 3:52 am
Re: One way to be more carefulThere is an onMouseOver that sets the status bar if javascript is enabled (as it is, on 99.9999% of the worlds MSIE browsers). Do you have javascript disabled for 'untrusted' sites or something? (i.dslr.net)? | |
|
| | | | | 2kmaroThink
join:2000-07-11 Oklahoma City, OK |
Re: One way to be more carefulScripting disabled on untrusted sites - security for those is set to High to match my paranoia of M$ products. Screen shot to show difference between address bar and status bar displays. | |
|
| | | | | | justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
justin
Mod
2003-Dec-11 10:31 am
Re: One way to be more carefulsaid by 2kmaro: Scripting disabled on untrusted sites - security for those is set to High to match my paranoia of M$ products. Screen shot to show difference between address bar and status bar displays.
that is the screenshot while you are still on dslr, what about when you are in "the symantec" site, that is the key. | |
|
| | | | Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
to 2kmaro
said by 2kmaro:
said by justin:
said by wheelzoff: The status bar is my best friend.
How does your status bar look on
»i.dslr.net/symantec/worse2.html
then?
Status bar is hosed with bogus address, but the address bar shows the url you posted (as I'm sure you expected it to). Another way to detect the bogus link in either an email or on a site page is to right-click, choose "Copy Shortcut" and paste into the address bar - the entire address will appear as opposed to just the bogus portion. But as noted in all of this discussion: the targets for this kind of fraud are probably not going to do anything other than click the links. It will be interesting to see how long it takes to come up with a fix to this one and get it on the street.
I suppose the one advantage to using IE is that as each hole is found the word does get around pretty well - whereas if the same type problem(s) were in another less used browser, the discovered exploits might not get as much publicity. I think this attitude is called sour grapes? For me reality says that the company I work for will continue to use IE as their browser and Outlook as their email client. For the moment I simply put out the word not to trust ANY link sent to them or that they just "stumble upon" on some website they're unsure of, recommending they use the right-click/copy shortcut method to double-check them.
Thanks for writing up the story - as you said, the low key on this story might have left the exploit exploitable against me much longer!
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real | |
|
| | | | | vic102482 Premium Member join:2002-04-30 Upper Marlboro, MD |
vic102482
Premium Member
2003-Dec-11 10:02 am
Re: One way to be more carefulsaid by Nanaki:
well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
I think I know what you are talking about, but no, this is different, and far better. Like the CNN blowjob one, it had » funnysatire.cnn.whatever.com. The address looked bogus on site. This is what I remember although, I might be wrong. | |
|
| | | | | justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
to Nanaki
said by Nanaki: well so far its going on about 5 years this is nothing new this trick is what some satire sites use to use to make their funny news stories look real
No, the difference is how it looks after you get there. That it (the address) looks indistinguishable, is the biggerr problem here, and just makes an existing scam (phishing) easier to do. | |
|
| | | |
| | | | SmokeyI'd rather be skiing Premium Member join:2003-05-20 Wild West 4 edits |
Smokey
Premium Member
2003-Dec-11 4:08 am
Re: One way to be more carefulSame for me. If your not looking, you wont catch it as it is very fast. | |
|
| | | |
to justin
Well it seems to show up in my status bar, and if i right click the properties it shows the true url. The address bar is not your friend. | |
|
| N10Cities Premium Member join:2002-05-07 0000000 Asus RT-AC87
1 edit |
to cmhbob
said by cmhbob: In IE, make sure "Show friendly URLs" is not checked. Then just watch your status bar to see where you're really going.
I have that feature disabled, but when I enter the site "http://i.dslr.net/symantec/worse2.html" and hover over any of the links, they show the bogus address in the status bar, so don't think that setting will work... | |
|
lalaas join:2002-01-01 Oak Park, MI |
lalaas
Member
2003-Dec-11 12:42 am
Other phish being caughtI caught a phish like this pretending to be Comcast, and asking for all kinds of info, even down to PIN number & CVV # on the back of your credit card - bank phone #, etc. Really crafty, and I wonder how many people got scammed by them. I posted it here in the CC forum (IIRC) and notified comcast. Within an hour the site had disappeared. | |
|
FLea973 Premium Member join:2001-02-27 Morristown, NJ |
FLea973
Premium Member
2003-Dec-11 12:43 am
1 way to spot it -At least I saw a way to spot it on the demo site - hover over a link on the spoofed site and look at the status bar. It displays the full path of that link: "http://www.symantec.com @www.dslreports.com/front/symantec/www.symantec.com/gotcha.html"
Unfortunately what is displayed in the status bar can also be controlled through Java scripts - so yet another reason to disable java. | |
|
| ••••• |
statecop Premium Member join:2002-09-16 Heflin, AL |
statecop
Premium Member
2003-Dec-11 12:52 am
Not good!This is bad! | |
|
|
| justin..needs sleep Mod join:1999-05-28 2031 |
justin
Mod
2003-Dec-11 1:06 am
Re: What's new about "@"?What is new is what shows in the location bar AFTER you reach the "fake site". | |
|
Doctor OldsI Need A Remedy For What's Ailing Me. Premium Member join:2001-04-19 1970 442 W30 |
Safe here. :-)Didn't fool my 2002 version of Netscape v4.8 at all. It's old, but was updated in 2002 so it's not that old. Regards, Doctor Olds | |
|
| |
Re: Safe here. :-)said by Doctor Olds: Didn't fool my 2002 version of Netscape v4.8 at all. It's old, but was updated in 2002 so it's not that old.
Didnt fool my 2 day old copy of Netcaptor either which is IE at the core. | |
|
1 edit |
WowAfter following the link to the Phish page, I went up to the IE address bar and typed in ht tp://www.symantec.com (extra space here so DSLR won't convert to a link) ... and it still went to the Phish page.
Once you're there, typing in the URL just to "double check" that you are where you think you are, doesn't work. Wow. | |
|
| justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
justin
Mod
2003-Dec-11 1:56 am
Re: Wowsaid by SanJoseNerd:
Once you're there, typing in the URL just to "double check" that you are where you think you are, doesn't work. Wow.
You are right. It seems MSIE clings pretty hard to the cached copy of the fake page.. yuck.. | |
|
| | nl4jy join:2002-05-02 Brooklyn, NY |
nl4jy
Member
2003-Dec-11 1:21 pm
Re: WowAnd that is even more dangerous as one may think, oh, I'll just manually type in the address (thinking he/she'll be safe) | |
|
|
Don't trust the Lock icon either!Want to see something scary? Try this link: https://www.paypal.comIt says PayPal in the URL, but it's not paypal! You'll notice that it still displays the "Lock" in the bottom right hand corner, too. Be afraid. :| | |
|
| •••••••••••••••• |
MIABye Premium Member join:2001-10-28 united state |
MIABye
Premium Member
2003-Dec-11 1:06 am
Not So FastJust look at the status bar. | |
|
| ••••••• |
Hayward0 K A R - 1 2 0 C Premium Member join:2000-07-13 Key West, FL 4 edits |
Hayward0
Premium Member
2003-Dec-11 1:11 am
Doesn't tihs all still just prove.... Don't just take what is AUTO-CRAMMED down your throat. OK we sort of have to reluctantly accept WINDOZE.... but IE??? NO WAY It bis nothing but a copy cat wannabe since day one, ONLY successful because M$ got away with making it a part of the OS before it was too late. On the other hand the ROCK SOLID relatively speaking Mozilla/Firebird... has it roots all the way back to the pioneer Mosaic (1993) the first browser that lead to Netscape... then after battling Microshaft for years, was completely TRASHED by AoHell that acquired NS and then abandoned it (To BIG surprise still stick with Internet Exploder for AoHell)... but now still surviving as the open source Mozilla. (And again as its roots really started as, before someone thought to make money at it.) And by the way the guy who created the WWW/HTML beginnings has never made a PENNY from it... he just gave it to the world knowing that was the only way it would ever really happen. (And boy didn't it???!!!) As open source many developers around the world are on Mozilla all the time (for the users good)... the FEW minor problems that have occurred have been taken care of in updates rather than the probably on monthly, but seemingly weekly PATCHES to IE... that seem to be trying to futilely try to turn endlessly hole fill IE Swiss Cheese into solid cheddar | |
|
2 edits |
Damn microsoftAre we going to have to wait a month to get this update now? They had better post a fix asap. Also unchecking show friendly URLs doesn't work because mine was not checked and it only shows www.symantec.com. God damn it, why is this not patched yet. You'd think since microsoft is the only idiots with their source code, they could make a patch it in a matter of an hour or so. There are always going to be exploits, but damn you'd think they'd have enough sense to patch them quick. Also as for the people who never run windows update, yet again another reason why they suck. Now we are going to here tons of people bitching about being scammed and try to blame microsoft even though they have never ran one update ever. | |
|
| •••••• |
Jaime Premium Member join:2001-06-03 Huntington Beach, CA 1 edit |
Jaime
Premium Member
2003-Dec-11 1:30 am
Ok ok ok, I convertedWell, I finally broke. I have downloaded firebird and am liking it. I clicked on the link in IE than everything *looked* normal, now I see it as a bogus page. I really hope MS gets their stuff together before even more people start migrating to alternative browsers. | |
|
| ••••••• |
Netgear R6400 Switches Trash Bin Apple AirPort Extreme (2011)
|
Somebody say Phish?Oh well. I've never use Microsoft Internet Explorer for any extended period of time, mainly cause it is so devoid of useful features. But man, this is huuuuge. An exploit that doesn't depend even on basic scripting to be turned on. Sure am glad I don't have to worry with it. | |
|
2 edits |
AOL s'aightAOL 8.0 Browser catches somehow. | |
|
| •••••••••••••••••••••
|
|
|