Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Phishing
From: "Damon McMahon" <inst_karma () hotmail com>
Date: Sat, 15 May 2004 11:01:47 +1000

Note that Microsoft removed exactly this functionality for exactly these reasons in their MS04-004 update to Internet Explorer:

834489 - A security update is available that modifies the default behavior of Internet Explorer for handling user information in HTTP and in HTTPS URLs

I'm not sure about the current state of support in Mozilla for this - there's a bug submited at http://bugzilla.mozilla.org/show_bug.cgi?id=232560 but this is pretty vague.

Yet another reason to keep your browser right up to date (as if you needed another one!) I suppose...

&gt;From: &quot;Griffiths, Ian&quot; &lt;Ian.Griffiths () liv-coll ac uk&gt;
&gt;To: &lt;webappsec () securityfocus com&gt;
&gt;Subject: RE: Phishing
&gt;Date: Thu, 13 May 2004 10:55:05 +0100
&gt;MIME-Version: 1.0
&gt;Received: from outgoing3.securityfocus.com ([]) by mc12-f15.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Fri, 14 May 2004 00:05:22 -0700 &gt;Received: from lists.securityfocus.com (lists.securityfocus.com [])by outgoing3.securityfocus.com (Postfix) with QMQPid 44852236F2E; Thu, 13 May 2004 13:59:42 -0600 (MDT)
&gt;Received: (qmail 18325 invoked from network); 13 May 2004 04:45:57 -0000
&gt;X-Message-Info: 6sSXyD95QpXlzPKtFvjFb2uiK+2iswY3
&gt;Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm
&gt;Precedence: bulk
&gt;List-Id: &lt;webappsec.list-id.securityfocus.com&gt;
&gt;List-Post: &lt;mailto:webappsec () securityfocus com&gt;
&gt;List-Help: &lt;mailto:webappsec-help () securityfocus com&gt;
&gt;List-Unsubscribe: &lt;mailto:webappsec-unsubscribe () securityfocus com&gt;
&gt;List-Subscribe: &lt;mailto:webappsec-subscribe () securityfocus com&gt;
&gt;Delivered-To: mailing list webappsec () securityfocus com
&gt;Delivered-To: moderator for webappsec () securityfocus com
&gt;Message-ID: &lt;541C33250DE1B04E950D6A414182A490012C9D33 () mercury liv-bus co uk&gt; &gt;Return-Path: webappsec-return-3924-inst_karma=hotmail.com () securityfocus com &gt;X-OriginalArrivalTime: 14 May 2004 07:05:23.0850 (UTC) FILETIME=[D3B2EEA0:01C43981]
&gt;This is the most workable of all ideas I think, it would certainly draw peoples attention to the fact that the submission was a little bit iffy. Whether this would then prompt them not to continue or indeed whether the message could be clearer in its explantation of what is going on is less likely.
&gt;It may also be that as authentication on a URL is possibly an advanced feature, it could be off by default, and explicitly turned on by the user who understands what the resultant addresses look like and would therefore be better educated to spot things like this.
&gt;Protecting the user with default config is possibly the way to go with this. However, as without Outlook, I'd occasionally like override this. For example, to open the Word doc that my colleague has sent from across the room and not be told it can't ever be done.
&gt;        -----Original Message-----
&gt;        From: Rogan Dawes [mailto:discard () dawes za net]
&gt;        Sent: Thu 13/05/2004 07:42
&gt;        To: Griffiths, Ian
&gt;        Cc: webappsec () securityfocus com
&gt;        Subject: Re: Phishing
&gt;        &quot;You have clicked a link to 'nefarious.fraud.net', with username
&gt;        'secure.bank.com' and password '********'. Do you want to continue? Ask
&gt;        me next time (x)&quot;
&gt;        I guess this could be a password dialogue, with the username and
&gt;        password filled in, similar to the current basic auth password dialogs.

SEEK: Now with over 50,000 dream jobs! Click here: http://ninemsn.seek.com.au?hotmail

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]