TechSpot

IE bug lets fake sites look real

By Julio Franco
Dec 10, 2003
  1. Microsoft on Tuesday said it was looking into reports of a potential bug in its Web browser that could help malicious hackers design convincing Web site spoofs.

    The bug, according to security alerts by a bug hunter and a Danish security company, Secunia, could let hackers use a technique to display a false Web address on a fake site.

    Read more: CNet News.
     
  2. StormBringer

    StormBringer TS Rookie Posts: 2,871

    Hasn't this been going on for quite some time? I seem to remember someone in the IRC channel once getting an email that led them to a site that looked very much like it could have been a legit tracking site for some online retailer. It wanted them to varify CC info or something. The link and content looked legit, but it was actually a fake url, iirc.
     
  3. Krugger

    Krugger TS Rookie Posts: 210

    i too remember seeing several instances of this in the recent past. at least a few times in ebay or paypal scams. it's tough, b/c even if it's not perfect, a majority of computer users may not know enough to know the difference.
     
  4. Justin

    Justin TS Rookie Posts: 1,595

    Yes, this has been around for quite a while. In a very few cases it can be beneficial, such as if you are using multiple hosts and would like a single name displayed in the address bar, rather than a www4, www3, or mirror1, et cetera.

    However it really is used to trick people who don't know to look for the more subtle hints, such as where the URLs in the document refer to. In the end it's all the same - abuse of ignorance. I don't know whether to pity the ignorant and chide the criminals, or cheer on the criminals and chide the ignorant.

    And hey, there's always Mozilla.
     
  5. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,745

    Yes, as always the best defense against this sort of thing is a keen awareness. If you pay attention to what you are doing, instead of just clicking, clicking, clicking then you probably won't have to worry about these sort of things.

    Just be smart, plain and simple
     
  6. Nic

    Nic TechSpot Paladin Posts: 1,928

    If I'm reading that statement correctly (and I may not be, as its ambiguous), then it seems to imply that a genuine url could be faked on a non-genuine website (i.e. the displayed url is different to the actual url). Thats a whole new ball game to displaying a similar looking url on a fake site. Whoops ... :blush:
     
  7. MrGaribaldi

    MrGaribaldi TechSpot Ambassador Posts: 2,802

    If I understand it correctly, it won't be much different than what v3 and other redirectors are using to give you a single easy url that'll show up in the adresse field..

    This is quite handy for smaller companies, who can't afford their own server, or those who move around from one server to another quite often...

    So I hope that this exploit won't remove that option in the future, but instead that certain safeguards'll be put in place to hinder people "stealing" an url without the owners permission...
     
  8. asand4

    asand4 TS Rookie

    What are we really trying to say?

    Well, I am new to the posting scene but I have been following up on industry news and such every since I discovered this site..
    Anyway, I don't see this as being a positive thing by any stretch... Think about it, how many more vunerabilities could there possibly be in IE.. it's ridiculous. Anything that will allow for easy paths to misleading innocent users to their ultimate demise should be seen as unacceptable. The only reason they(MS) have been able to get away with this is because there was never an alternative available and thus, allowing them to completely eat up the market.
    I say everyone and their mother should boycott Microsoft and use Mozilla or some other browser.. Let them feel the sqeeze.... Oops, I forgot, there's one problem with that, MS has a strangle hold on the industry forcing them to use their software, so for MS to really feel the squeeze, the industry itself will have to turn on Microsoft.
    Anyway, that's my piece on this whole thing!

    Great site!

    Asand4
     
  9. Tom Ferguson

    Tom Ferguson TS Rookie

    Spoofed Sites

    I have already seen several very convincing e-mails attempting to get me to enter either my Paypal or Ebay credentials. In each case, a web address comprised only of an unresolved IP address confirmed my suspicions of a ruse. If the address can now be faked to actually contain paypal or ebay in the name, it will be a lot harder to figure out these are fakes.
     
  10. Krugger

    Krugger TS Rookie Posts: 210

  11. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,745

    Looks like my browser is OK :D

    Opera rules.
     
     
  12. Tarkus

    Tarkus TechSpot Ambassador Posts: 837

  13. BrownPaper

    BrownPaper TS Rookie Posts: 467

    is this vulnerability fixable with pivx quik-fix?
     
  14. StormBringer

    StormBringer TS Rookie Posts: 2,871

    Thats what I took it to mean as well, which I've seen in several legit sites, especially those that have content spanned over several free hosts.

    It does seem that there should be some way of keeping people from spoofing URLs.
     
  15. MrGaribaldi

    MrGaribaldi TechSpot Ambassador Posts: 2,802

    Glad to see I wasn't the only one to think along those lines :)

    As for how to keep people from spoofing urls, I doubt there'll be a fool-proof way of doing it, but it shouldn't be too hard to implement some code which makes it much harder than it is today....
    Ie. some code would have to be present in the url you're "spoofing" (legaly) that tells the browser to accept the "spoofing" if the site "spoofing" is a) on a list and/or b) has sendt the right parameters...

    This would make it much harder to spoof without doing some real hacking...


    The reason I doubt we'll be able to keep it spoof-free is that with the right knowledge you can spoof someone's hardware encoded mac adresse, and if that is possible, it will be possible to spoof anything less "secure"...
     
  16. olefarte

    olefarte TechSpot Ambassador Posts: 1,427

    According to this article in TheInquirer, Mozilla is at least partially vulnerable to this problem also. Also, there's a link to a handy little test, so that you can check your browser to see if it is also vulnerable. I tried this test on MyIE2 and it's vulnerable. Also on Opera, it shows this in the address bar, at the end of the url, "spoofing_test".
     
  17. Krugger

    Krugger TS Rookie Posts: 210

    as for the people that said this resembled the earlier way you'd seen spoofing done, is it the same thing? i can't remember myself cause i havent seen one in a while. the link i posted was the same as the above article, where it shows only www.microsoft.com in the address bar and status bar, but the actual address is ww.microsoft.com%01%00@secunia.com/internet_explorer_address_bar_spoofing_test/
    cause that seems very very dangerous to me. to be able to totally mimic a site's url in both the address bar and status bar with no way to know unless you copy and paste the link itself... that's asking for ripoff bank/CC/paypal-ebay sites that are undetectable to the average users. more so than the fake ones you see now...
     
  18. olefarte

    olefarte TechSpot Ambassador Posts: 1,427

    Sorry, Krugger, I missed your link.

    By the way, when I ran that test, at almost the same moment that the test page loaded, Zone Alarm Pro, shut down my internet access, gave me warning, (don't remember exactly what it said, I had a panic attack, but it said to run a virus scan), and made me restart ZAP to get access again. I don't know if this was caused by the test or some other problem.
     
  19. Krugger

    Krugger TS Rookie Posts: 210

    no no, i didnt mean to imply anything, i was just sayin if they wanted to see what it looked like, they could examine the link in my post that's all. i don't care about who posted first :)
     
  20. MrGaribaldi

    MrGaribaldi TechSpot Ambassador Posts: 2,802

    Well, not as such no... The other way is to load an invisible frame from the target site, and then the rest from the real server. But doing it that way means that if you bookmark a different page (on the same site) you'll only get to the front page.

    But using this (the url) spoofing would make the site look more professional, and still being able to use different/cheaper solution than otherwise possible.

    Which is why I hope for a "secure" solution, and not just permanent removal of it.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.