Microsoft's Solution - dslreports.com

Forums » No Phishing Exploit Patch » Microsoft's Solution


Uniqs: 147	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Post a:	Post a:

Patch is available »
« third party?

Morac join:2001-08-30 Riverside, NJ ·Comcast	Microsoft's Solution "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself." - »support.microsoft.com/default.as···];833786
	permalink · 2004-01-15 09:42:21 ·

SpyderWoman
Premium
join:2002-06-11
Mustang, OK
clubs:

Re: Microsoft's Solution

Talk about an "educate the user" problem!! Microsoft's recommendation begins with:
"Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information."

Well, it's already been demonstrated in our Security forum that the lock can be spoofed. So that's not a safe indicator. The Microsoft article goes on to say to then right click on the lock symbol and check the source of the digital signature. I'm not certain but what that couldn't be spoofed up or obfuscated enough to confuse most users.

Most of the people "falling" for these phishing expeditions do not have the knowledge available right here in this forum: they are trusting their email to be a "what you see is what you get" thing, and while you and I know it's not that way, they don't.

Does anyone really think that the general public is going to get that boned up on this stuff? Heck, 90% of them never heard the simple guideline: "most legitimate businesses won't even ask you to update over the internet via email" much less the stronger guideline "when in doubt, don't until after YOU VERIFY either by email or phone call, that the request is legitimate".

permalink · 2004-01-15 09:50:10 · Print ·

mastermind278
Premium
join:2001-07-12
Newark, NJ
clubs:

·Optimum Voice

·Optimum Online

Re: Microsoft's Solution

My solution seems to be stop using IE, or let Mcafee catch it for me.
--
Mastermind 4 Life ® ™ ©

permalink · 2004-01-15 10:00:10 · Print ·

Omega Displaced Ohioan Premium join:2002-07-30 Cheyenne, WY clubs:	Re: Microsoft's Solution The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.
	permalink · 2004-01-15 12:11:57 ·

Morac

join:2001-08-30
Riverside, NJ

·Comcast

Re: Microsoft's Solution

said by Omega :
The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.

There's a very easy way to stop the real address from showing up in the status bar. Just add a NULL character (%00) after the %01 character in the URL. Then the fake URL will show in the status bar.

Or use scripting to obscure it.

Either way, looking at the status bar doesn't guarantee you're going to a real site.

permalink · 2004-01-15 13:35:00 · Print ·

ParanoiaInc join:2002-08-28 Tucker, GA	True, but for those in a rush this is still a major problem when the fake links start infecting search engines.
	permalink · 2004-01-15 13:24:31 ·

your comment..

Forums » No Phishing Exploit Patch

Patch is available »
« third party?


Friday, 27-Nov 15:42:49	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF