IE bug lets fake sites look real

Status
Not open for further replies.
Julio Franco

Julio Franco

Posts: 9,097   +2,048
Staff member
Microsoft on Tuesday said it was looking into reports of a potential bug in its Web browser that could help malicious hackers design convincing Web site spoofs.

The bug, according to security alerts by a bug hunter and a Danish security company, Secunia, could let hackers use a technique to display a false Web address on a fake site.

Read more: CNet News.
 
Hasn't this been going on for quite some time? I seem to remember someone in the IRC channel once getting an email that led them to a site that looked very much like it could have been a legit tracking site for some online retailer. It wanted them to varify CC info or something. The link and content looked legit, but it was actually a fake url, iirc.
 
i too remember seeing several instances of this in the recent past. at least a few times in ebay or paypal scams. it's tough, b/c even if it's not perfect, a majority of computer users may not know enough to know the difference.
 
Yes, this has been around for quite a while. In a very few cases it can be beneficial, such as if you are using multiple hosts and would like a single name displayed in the address bar, rather than a www4, www3, or mirror1, et cetera.

However it really is used to trick people who don't know to look for the more subtle hints, such as where the URLs in the document refer to. In the end it's all the same - abuse of ignorance. I don't know whether to pity the ignorant and chide the criminals, or cheer on the criminals and chide the ignorant.

And hey, there's always Mozilla.
 
Yes, as always the best defense against this sort of thing is a keen awareness. If you pay attention to what you are doing, instead of just clicking, clicking, clicking then you probably won't have to worry about these sort of things.

Just be smart, plain and simple
 
Originally posted by Julio
The bug, according to security alerts by a bug hunter and a Danish security company, Secunia, could let hackers use a technique to display a false Web address on a fake site.
Click to expand...
If I'm reading that statement correctly (and I may not be, as its ambiguous), then it seems to imply that a genuine url could be faked on a non-genuine website (i.e. the displayed url is different to the actual url). Thats a whole new ball game to displaying a similar looking url on a fake site. Whoops ... :blush:
 
If I understand it correctly, it won't be much different than what v3 and other redirectors are using to give you a single easy url that'll show up in the adresse field..

This is quite handy for smaller companies, who can't afford their own server, or those who move around from one server to another quite often...

So I hope that this exploit won't remove that option in the future, but instead that certain safeguards'll be put in place to hinder people "stealing" an url without the owners permission...
 
What are we really trying to say?

Well, I am new to the posting scene but I have been following up on industry news and such every since I discovered this site..
Anyway, I don't see this as being a positive thing by any stretch... Think about it, how many more vunerabilities could there possibly be in IE.. it's ridiculous. Anything that will allow for easy paths to misleading innocent users to their ultimate demise should be seen as unacceptable. The only reason they(MS) have been able to get away with this is because there was never an alternative available and thus, allowing them to completely eat up the market.
I say everyone and their mother should boycott Microsoft and use Mozilla or some other browser.. Let them feel the sqeeze.... Oops, I forgot, there's one problem with that, MS has a strangle hold on the industry forcing them to use their software, so for MS to really feel the squeeze, the industry itself will have to turn on Microsoft.
Anyway, that's my piece on this whole thing!

Great site!

Asand4
 
Spoofed Sites

I have already seen several very convincing e-mails attempting to get me to enter either my Paypal or Ebay credentials. In each case, a web address comprised only of an unresolved IP address confirmed my suspicions of a ruse. If the address can now be faked to actually contain paypal or ebay in the name, it will be a lot harder to figure out these are fakes.
 
Originally posted by MrGaribaldi
If I understand it correctly, it won't be much different than what v3 and other redirectors are using to give you a single easy url that'll show up in the adresse field..

This is quite handy for smaller companies, who can't afford their own server, or those who move around from one server to another quite often...

So I hope that this exploit won't remove that option in the future, but instead that certain safeguards'll be put in place to hinder people "stealing" an url without the owners permission...
Click to expand...

Thats what I took it to mean as well, which I've seen in several legit sites, especially those that have content spanned over several free hosts.

It does seem that there should be some way of keeping people from spoofing URLs.
 
Originally posted by StormBringer
Thats what I took it to mean as well, which I've seen in several legit sites, especially those that have content spanned over several free hosts.

It does seem that there should be some way of keeping people from spoofing URLs.
Click to expand...

Glad to see I wasn't the only one to think along those lines :)

As for how to keep people from spoofing urls, I doubt there'll be a fool-proof way of doing it, but it shouldn't be too hard to implement some code which makes it much harder than it is today....
Ie. some code would have to be present in the url you're "spoofing" (legaly) that tells the browser to accept the "spoofing" if the site "spoofing" is a) on a list and/or b) has sendt the right parameters...

This would make it much harder to spoof without doing some real hacking...


The reason I doubt we'll be able to keep it spoof-free is that with the right knowledge you can spoof someone's hardware encoded mac adresse, and if that is possible, it will be possible to spoof anything less "secure"...
 
According to this article in TheInquirer, Mozilla is at least partially vulnerable to this problem also. Also, there's a link to a handy little test, so that you can check your browser to see if it is also vulnerable. I tried this test on MyIE2 and it's vulnerable. Also on Opera, it shows this in the address bar, at the end of the url, "spoofing_test".
THE BUG WE REPORTED earlier this week that allows people to spoof fake URL addresses, also partly affects Mozilla, according to Secunia today.

And there's a further vulnerability in Internet Explorer, Secunia claims. This allows the bottom left, status bar of a browser to be manipulated as well as the address bar, so that you're more likely to think a forged site is real.

Secunia said that Mozilla is partly vulnerable to this problem, as you can read here.

Secunia told the INQ this morning that it has devised a test to demonstrate the bug, which you can find here, and has also revised its bulletin to describe these additional problems, here.
Click to expand...
 
Originally posted by olefarte
According to this article in TheInquirer, Mozilla is at least partially vulnerable to this problem also. Also, there's a link to a handy little test, so that you can check your browser to see if it is also vulnerable.
Click to expand...
as for the people that said this resembled the earlier way you'd seen spoofing done, is it the same thing? i can't remember myself cause i havent seen one in a while. the link i posted was the same as the above article, where it shows only www.microsoft.com in the address bar and status bar, but the actual address is ww.microsoft.com%01%00@secunia.com/internet_explorer_address_bar_spoofing_test/
cause that seems very very dangerous to me. to be able to totally mimic a site's url in both the address bar and status bar with no way to know unless you copy and paste the link itself... that's asking for ripoff bank/CC/paypal-ebay sites that are undetectable to the average users. more so than the fake ones you see now...
 
the link i posted was the same as the above article
Click to expand...
Sorry, Krugger, I missed your link.

By the way, when I ran that test, at almost the same moment that the test page loaded, Zone Alarm Pro, shut down my internet access, gave me warning, (don't remember exactly what it said, I had a panic attack, but it said to run a virus scan), and made me restart ZAP to get access again. I don't know if this was caused by the test or some other problem.
 
no no, i didnt mean to imply anything, i was just sayin if they wanted to see what it looked like, they could examine the link in my post that's all. i don't care about who posted first :)
 
Originally posted by Krugger
as for the people that said this resembled the earlier way you'd seen spoofing done, is it the same thing? i can't remember myself cause i havent seen one in a while.
Click to expand...

Well, not as such no... The other way is to load an invisible frame from the target site, and then the rest from the real server. But doing it that way means that if you bookmark a different page (on the same site) you'll only get to the front page.

But using this (the url) spoofing would make the site look more professional, and still being able to use different/cheaper solution than otherwise possible.

Which is why I hope for a "secure" solution, and not just permanent removal of it.
 
Status
Not open for further replies.

Similar threads

A
Microsoft left a kernel-level, zero-day bug in Windows for six months before patching it
Replies
9
Views
217
LimyG
LimyG
A
AI-generated bug reports are becoming a big waste of time for developers
Replies
4
Views
211
StrikerRocket
S
A
VMware forced to patch dangerous vulnerabilities in discontinued products
Replies
0
Views
105
Alfonso Maruccia
A

Latest posts

Back