Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Danger - Phishing ahead » Don't trust the Lock icon either!
Search Topic:
Uniqs:
2		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
AuthorAll Replies


justin
Australian
join:1999-05-28
Brooklyn, NY		reply to The Way Out
Re: Don't trust the Lock icon either!

Did you knock this site up? i was going to try an https redirect to see if it could be done, it seemed like it could but I didn't have a domain handy.
to forum · permalink · · 2003-12-11 01:07:58 · Reply to this

The Way Out

join:2003-01-20		 Yes, I set it up. As long as the "real" webhost has a valid SSL certificate (and is issued by a root that is trusted by the browser), no warning is popped up at all. Scary, huh.
to forum · permalink · · 2003-12-11 01:10:03 · Reply to this


justin
Australian
join:1999-05-28
Brooklyn, NY		 I figured it would work, as its just a display bug, really. Damn. I updated the news bit to link to your post demonstrating the fake encrypted site that gives no alerts about the certificate not matching what is displayed in the address bar.
to forum · permalink · · 2003-12-11 01:11:49 · Reply to this


Googled
Yay, I have FIOS

join:2001-08-13
Orchard Park, NY
·VoicePulse

 reply to justin
I was thinking some more about this bug and I came up with an even scarier usage.

Using the Apache "Redirect" directive you can phish an entire site! Just put this into your httpd.conf!


Redirect /test "http://www.domainyouwant.com^A@www.domainyouhave.com"


Now anyone who visits www.domainyouhave.com/test will be redirected to the phished site! Doing this makes IE automatically modify EVERY link on the page to a phished version!

--
DirecWay DW3000 DRS, SatMex 5 1170 gateway 164, P3-533/256 MB, AOL+ 7.0 4114.10712 on 98SE w/ICS,shared to 2 x 2K Pro, 1 x Redhat Linux 7.3, 1 x Netgear 802.11b
to forum · permalink · · 2003-12-12 17:43:22 · Reply to this


justin
Australian
join:1999-05-28
Brooklyn, NY

Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
 thats cute. I figured there would be creative use of redirectors.

I mean - you could post one of those "Special offer" links, the ones that nobody expects to look correct because they are long and have affiliate pay-on-click codes in them? - and then redirect to a phished version of SBC DSL signup page and keep them within it. Then collect credit card numbers for days before the victims noticed.
to forum · permalink · · 2003-12-12 17:48:59 · Reply to this
Forums » Danger - Phishing ahead

Friday, 27-Nov 17:38:00 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [119] Time Warner Cable Fires Broadside At Broadcasters
· [109] New AT&T Ad Campaign Hits Back At Verizon
· [95] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [70] TiVo Sees Record Customer Losses
· [68] In-Flight Internet Headed For Bumpy Landing?
· [60] Thanksgiving Open Thread
· [55] Verizon CEO: Hulu Will Be Dead Soon
· [38] EFF Wages War On Fine Print
· [38] ICANN Slams DNS Redirection
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Leveling to 85 [World of Warcraft]
· Newegg Black Friday Sale started [Users Find Hot Deals]
· 5 hour energy for diabetic [General Questions]
· HOW-TO: QoS and Tomato (fixes "choppy voice") [MagicJack]
· Bell Response to PIPEDA Request [TekSavvy]
· What to use while demonoid is down? [Filesharing Software]
· Whats the big deal about being "Old School"....? [World of Warcraft]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]