Don't trust the Lock icon either!

Forums » Danger - Phishing ahead » Don't trust the Lock icon either!


Uniqs: 1403	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Post a:	Post a:

The Way Out join:2003-01-20	Don't trust the Lock icon either! Want to see something scary? Try this link: https://www.paypal.com It says PayPal in the URL, but it's not paypal! You'll notice that it still displays the "Lock" in the bottom right hand corner, too. Be afraid. :\|
	permalink · 2003-12-11 01:03:36 ·

justin Australian join:1999-05-28 Brooklyn, NY	Re: Don't trust the Lock icon either! Did you knock this site up? i was going to try an https redirect to see if it could be done, it seemed like it could but I didn't have a domain handy.
	permalink · 2003-12-11 01:07:58 ·

The Way Out join:2003-01-20	Re: Don't trust the Lock icon either! Yes, I set it up. As long as the "real" webhost has a valid SSL certificate (and is issued by a root that is trusted by the browser), no warning is popped up at all. Scary, huh.
	permalink · 2003-12-11 01:10:03 ·

justin Australian join:1999-05-28 Brooklyn, NY	Re: Don't trust the Lock icon either! I figured it would work, as its just a display bug, really. Damn. I updated the news bit to link to your post demonstrating the fake encrypted site that gives no alerts about the certificate not matching what is displayed in the address bar.
	permalink · 2003-12-11 01:11:49 ·

Googled
Yay, I have FIOS

join:2001-08-13
Orchard Park, NY

·VoicePulse

I was thinking some more about this bug and I came up with an even scarier usage.

Using the Apache "Redirect" directive you can phish an entire site! Just put this into your httpd.conf!


Redirect /test "http://www.domainyouwant.com^A@www.domainyouhave.com"

Now anyone who visits www.domainyouhave.com/test will be redirected to the phished site! Doing this makes IE automatically modify EVERY link on the page to a phished version!

--
DirecWay DW3000 DRS, SatMex 5 1170 gateway 164, P3-533/256 MB, AOL+ 7.0 4114.10712 on 98SE w/ICS,shared to 2 x 2K Pro, 1 x Redhat Linux 7.3, 1 x Netgear 802.11b

permalink · 2003-12-12 17:43:22 · Print ·

justin
Australian
join:1999-05-28
Brooklyn, NY

Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech

Re: Don't trust the Lock icon either!

thats cute. I figured there would be creative use of redirectors.

I mean - you could post one of those "Special offer" links, the ones that nobody expects to look correct because they are long and have affiliate pay-on-click codes in them? - and then redirect to a phished version of SBC DSL signup page and keep them within it. Then collect credit card numbers for days before the victims noticed.

permalink · 2003-12-12 17:48:59 ·

espionage007 join:2003-06-14 Herndon, VA	omg no way!! you're one evil genius
	permalink · 2003-12-11 01:26:05 ·

Fireshield join:2001-10-08 Champlin, MN	Hmmmm...when I click it I get »https://secure.divo.net/notpaypal/ in the address bar. IE Version 6.0.2800.1106.xpsp2.030422-1633
	permalink · 2003-12-11 11:12:56 ·

justin Australian join:1999-05-28 Brooklyn, NY Host: IPv6 Business Connectiv.. Home/Office setup .. Console/Handheld g.. Console Tech 1 edit	Re: Don't trust the Lock icon either! hover your link over his paypal link .. see (phish removed) ? I added phish protection to these forums but it did work just fine, he is right. edit: protection will be lifted shortly just for his post. Try it later if you're still interested.
	permalink · 2003-12-11 11:32:52 ·

Fireshield join:2001-10-08 Champlin, MN	Re: Don't trust the Lock icon either! Thanks justin . You're right, it does work. Rather scary!
	permalink · 2003-12-12 09:23:39 ·

kwitko Shacklyn Nights Premium join:2000-06-10 Middle Village, NY	Interesting, using IE through Avant Browser, I get »https://www.paypal.com@secure.divo.n···tpaypal/ But using IE standalone I get: »https://www.paypal.com/ Using Firebird I get »https://www.paypal.com%01@secure.divo.net/notpaypal/ -- "Comparing information and knowledge is like asking whether the fatness of a pig is more or less green than the designated hitter rule."-- David Guaspari
	permalink · 2003-12-11 15:15:36 · Print ·

petrus join:2002-01-09 Atlanta, GA 1 edit	Avant Browser I experienced the same thing using Avant Browser. Does Avant Browser somehow make IE more secure?
	permalink · 2003-12-11 16:09:15 ·

steven s Premium join:2002-09-14 Dearborn, MI	The address bar doesn't even say www.paypal.com It says "https://www.paypal.com%01@secure.divo.net/notpaypal/"
	permalink · 2003-12-11 15:28:41 ·

mod bait Premium join:2001-06-11 Rochester, NY	/extreme_sarcasm Well, hopefully, Microsoft will give this matter several weeks or months of careful consideration and analysis, as they seem to be with the recently-announced active scripting exploits. -- "Security is a tax on the honest." --Bruce Schneier, Beyond Fear, Copernicus, 2003
	permalink · 2003-12-15 12:48:53 ·

jbone_99 join:2003-12-21 Washington, DC	I actually blocked the link from showing up using ad blocker in norton IS
	permalink · 2003-12-24 23:19:05 ·

HalfFull
Premium
join:2002-12-20
Chesapeake, VA

said by The Way Out :
Want to see something scary? Try this link:

https://www.paypal.com

It says PayPal in the URL, but it's not paypal! You'll notice that it still displays the "Lock" in the bottom right hand corner, too. Be afraid. :|

sad...since Micro$oft is to cheap to fix the flaw, legitimate businesses will be hurt as the security problem is more publicized. Computer-challenged people won't buy on-line because they will be afraid of a scam...

permalink · 2003-12-28 16:03:51 · Print ·

ephilipps Premium join:2004-01-09 Depew, NY	ViruScan Enterprise pops a window just by opening the forum post. I guess Microsoft will get around to this soomer or later....
	permalink · 2004-01-30 16:02:45 ·

your comment..

Forums » Danger - Phishing ahead


Saturday, 28-Nov 19:39:07	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF