Security Flaw Annoucned - Deceptive Links

  Jester2K II 18:51 11 Dec 03
Locked

IE phishing scam exploit unearthed

click here

Quote

"Security researchers have discovered a way for scam artists to disguise more effectively the location of bogus Web sites.

A flaw in IE displays URLs in the address bar takes the old trick of fooling users into visiting dodgy sites to the next level."

Details of a new scam that can be used to make "phishing" e-mails look even more credible. a link in the e-mail takes you to the Microsoft/ eBay / LloydsTSB / NatWest etc etc site - or does it?

  Pesala 18:56 11 Dec 03
  Djohn 19:17 11 Dec 03

I'm a little confused here, [Usually happens]. Clicked on your link to the register page then the "Test exploit link" from there.

New blank window opens with the button "Test exploit" I clicked on that and the message said.

www microsoft com should be in the address window. It was, so does this mean that my system passed the test OK, or is it referring to the dingbat address in the previous window and saying that I would be under the impression that was where I was going when I clicked the button? :o(

  VoG II 19:23 11 Dec 03

It actually takes you to

http: //www. microsoft.com@zapthedingbat.com/security/ex01/vun2.htm

  Pesala 19:27 11 Dec 03

The point is that you are misled into thinking that you are at Microsoft's site, when you are not. Using this security flaw in Internet Explorer a spammer could make you do all sorts of things by making a website that looked like your bank's website for example, and showed the correct address, though it was the spammer's address.

  Djohn 19:28 11 Dec 03

Thanks VoG, so even though microsoft was showing in the address bar and the message said that is what I should see, I was in fact at the dingbat sight?

  Djohn 19:28 11 Dec 03

Thanks Pesala, posted before seeing your reply.

  VoG II 19:30 11 Dec 03

Yes, that's right. The only reason I was aware of the "scam" was that, as Pesala said, Opera firstly warns you and then displays the above address in the address bar.

  Djohn 19:40 11 Dec 03

Thank you jester for bringing the scam to our attention. thanks to VoG and Pesala for the explanation.

It's a scary world out there and we really do need to be aware of what we are doing. This forum comes to the rescue yet again in keeping us all up to-date on what these people are attempting to do.

  cycoze 19:48 11 Dec 03

Try it again , once the page is up , right click it and click on "Properties".

I did say this once before but the thread seems to have vanished !

Also put a link in for www .securiteam. com click here regarding "Chromeless Windows" , there is a link on that page for a test showing why ActiveX signing dialogs cannot be trusted , how a false box can cover another , not good .

  ©®@$? 20:00 11 Dec 03

is this going to be patched soon

This thread is now locked and can not be replied to.

Amazon Fire HD 8 review: A brilliant combination of function and value – with one massive caveat

1995-2015: How technology has changed the world in 20 years

How to create an introvert-friendly workplace

Apple Watch 2 review | Apple Watch Series 2 review: New Apple Watch is faster, brighter, water-resit…