|
Wow, this is dangerous...
It's just about Internet Explorer again, but it's been known for quite some time now, and as lot of people are using IE...
Well, you know, you can type in adresses in the format of Code:
http://username:password@hostnameBut if you include ASCII Char 0x01 in the part before the url, only this bit will be shown. Example: What would you think, this link goes to: Yeah, well, LOOKS like it would register you on the boards, including my email as referrer (some websites do this sort of thing). Ok, that's the first glance. Good informed people know, that there can't be "@"-chars in an url. But who would mistrust that link? In reality, it will bring you to (my non-existing imaginary) website jetworld.de All I had to do was copy the signup page of these boards, and steal your password. It's all shit, innit? Try THIS link: http://www.microsoft.com. Looks like you are visiting microsoft.com, but you obviously aren't... I know, the status bar reveals the truth, but using javascript, you could easily fake it as well... Bad world :-/ |
Re: Wow, this is dangerous...
OMG OMG OMG !!! INTERNET IN BEING OMG WTF PWNED SHOCKAH.
I heard that there are these things called busses... that move around and are normal. BUT if you step infront of them bad things could happen! Lets ban busses. |
Re: Wow, this is dangerous...
When it comes to eBay and PayPal accounts, it stops being funny, you know.
Also, it's not just about us tech-guys, geeks, and freaks. It's about the "normal" people, getting spam emails, doing their course work for uni, normal work, whatever, and getting viruses and trojans by this stupid method. That's what I meant. I could have also tried to trick some people of you, but as I told you know, you probably won't fall for it anymore (assuming you're using IE somewhere). Let's ban busses, if they go with 100miles an hour and are stealth and go over the pavements, where they drive over your girlfriend. If they're good and stop at red lights, they're ok.... |
Re: Wow, this is dangerous...
How is this any worse than someone linking to a trojan EXE? Any reputable company isnt going to do it, and if the link isnt from someone reputable... they why are you clicking on it? Its like the people that click every link they see on IRC.
There are far worse things to be concerned about if you use IE than a disguised URL from someone you shouldnt be trusting anyway. The ability for websites to execute arbitary code for 90% of (un patched) IE users is of a far greater concern. |
Re: Wow, this is dangerous...
Quote:
Quote:
If you want to see [i]any[/url] then you have to check the status bar - the link could be 'http://www.evilhackersite.com/trojan.php', the only way to see this would be to check the status bar (or tooltip). So in fact it's no different to a normal link... if you click on a link that you don't trust, you're taking your own risk. The problem isn't a problem with IE, it's a problem with URLs. The URLs you posted are perfectly valid URLs, and would fool people using other browsers just as easily. The lesson, I suppose, is to be careful about the URLs you click on, no matter which browser you use. |
Re: Wow, this is dangerous...
Quote:
Quote:
What, if some of your good mates sends you an ICQ msg or IRC pm, containing an eBay link to a product he really thinks is funny? You click it, but it''s a fake website. You log in, and wooooosh, you passwort is gone. Maybe your mate doesn't even want to trick you: He fell for it as well, and then he's spreading it... Quote:
But you CAN try to make sure, that no code is executed. You disable different scripts, get a nice virus scanner and firewall, build sandboxes etc. Still, you will NEVER disable clicking on Links. It's entirely up to you, and we humans DO make mistakes (like when you're tired late at night or whatever). Think of someone sending you a link to a scanreport or all those PA-related stuff. And you aren't really on the "official" scanreport site... Quote:
Also, you can use form-buttons, you know, like "Login" or "Submit", and they don't show any status messages. Quote:
Also, it's clearly a bug in IE, that it doesn't show which page your on. Ok ok, I know, you must ALWAYS be careful, but HEY, it's defenitely not ok this way. I'm just so annoyed. I could easily say now: Hey, have a look in this nice thread over there, it has all been said before. Here's a link for you. You get a page that looks like PABoards. In fact, it's an exact copy. But when you want to post, reply, or straight at the beginnig, it says, that you're not logged in. Your cookie has expired. The thread is too old, whatever. I really do wonder, who many people would fall for it, and enter their user name and passwort again. Reffer them back to the original site, and they wont even notice. Really, I think it's quite serious (you should have noticed ^^). Might wanna call me paranoid :banana: |
Re: Wow, this is dangerous...
mIRC* and ICQ and the like shouldn't parse those as URLs. The only way this seems to be any use at all is if you go to a webpage with a link on it (though if you're on a reputable site there's not going to be an issue), or you get a link via an email (which would be parsed out on Hotmail I guess, haven't tried but since they htmlify every link it seems logical).
I don't see the big deal. * mIRC shows you a square box in place of the 0x01, so you'd know something was up straight away. |
Re: Wow, this is dangerous...
Actually, the slash makes it not a username.
Try it! http://pirate.planetarion.com/[email protected] |
Re: Wow, this is dangerous...
Am I the only one who noticed the cnn.com (and similar) spoof sites using this years ago?
|
Re: Wow, this is dangerous...
JetLinus needs to learn how to read.
|
Re: Wow, this is dangerous...
Quote:
IMO it does actually... |
Re: Wow, this is dangerous...
Stupid people getting what they deserve.
|
Re: Wow, this is dangerous...
Quote:
(If you're arguing that anybody who uses IE is stupid, I might be more inclined to agree though..) |
Re: Wow, this is dangerous...
Quote:
|
Re: Wow, this is dangerous...
Quote:
Either way : Lack of knowledge != stupidity. The basic idea of trusting your browser to do simple things like show an url is a good one, because whatever tool you're using you have to trust it to some extenct. And even given the amount of ActiveX etc crapola around, I still think(thought) trusting something as simple as the adress bar to show what site it just requested is a sound decision. Ofc, you might argue that you'd have to be stupid to not catch up with how crap IE is, but that would just be trolling ;) |
Re: Wow, this is dangerous...
Quote:
|
Re: Wow, this is dangerous...
Quote:
|
Re: Wow, this is dangerous...
I think some of you have missed the point... Companies like ebay/paypal etc have for quite some time been telling their customers that due to the large amount of internet 'scam artists', they should only trust a site if it says "www.ebay.com" or "www.paypal.com" in their address bar. This bug allows alternative sites to display this in the address bar if they choose to. Why are the customers to blame for just beliving what they have been continually told to believe?
Theres no stupidity involved here on the part of those who get scammed by this, other than in their choosing to use an archaic bug ridden web-browser when objectively superior alternatives are freely available. The scam itself is hardly their fault - this isnt even remotely comparable to running 'trojan.exe' or whatvever. |
Re: Wow, this is dangerous...
Small little update: Some problems occur with Mozilla as well, but you got to use %00 (instead of %01). But apparently it's only the status and preview, but not the address bar (still a bug, coz users tend to trust the status bar as well sometimes).
Btw, Microsoft has got a "workaround" (<-- lol). Type this into your address bar: Code:
javascript:alert("Real URL: " + location.protocol + "//" + location.hostnameQuote:
Well, only if you got version 7.23 or greater. Any prior version has another big problem: The "save file" dialog supports relative paths, ie ".\..\.." etc. When you download a file, Opera creates a temporary file of the format c:\windows\temp\FILXXX.tmp.FILENAME.ext (XXX is a random string). If you've got a file called AAAAAAAAAA%5C..%5C..%5Ccalc.exe, it would give c:\windows\temp\AAAXXX.tmp.AAAAAAAAAA\..\..\calc.exe and hence overwrite c:\windows\calc.exe. This can be especially dangerous, when Opera uses certain auto-download functions (e.g. Skins)... I'm just saying, you know... |
Re: Wow, this is dangerous...
I remember using this on Nodrog in IRC years ago so he'd visit 'goat-se' :/
comedy gold |
Re: Wow, this is dangerous...
That Moz thing fools me:
What does your status bar say for this link? |
Re: Wow, this is dangerous...
Uh.. in IE, statusbar says "www.google.com" only, but the addressbar then contains full linkage.
I guess it's %01 for IE, and %00 for Mozilla then (just as reported). |
Re: Wow, this is dangerous...
Quote:
|
Re: Wow, this is dangerous...
What about this one? http://google.com
|
Re: Wow, this is dangerous...
Quote:
|
Re: Wow, this is dangerous...
yes, because most people think that the big stupid companies know what they're talking about
|
Re: Wow, this is dangerous...
Clearly a good reason why you should only submit personal infomation over SSL.
|
Re: Wow, this is dangerous...
Lol, you can fake SSL sites and URLs (https) and stuff as well.
That wasn't the point... What's the benefit of encrypted data, if you're talking to the wrong person (server)? |
| All times are GMT +1. The time now is 09:16. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2018