New IE URL Spoof Technique

I use Mozilla. Aside from having built in popup protection, tabbed browsing, and proper HTML/CSS rendering Mozilla is also a little more secure.

The newest IE vulernability allows any upper level url (ebay.com, signin.ebay.com, etc.) to be spoofed. Spoofing is just a techie word for saying un-noticably altered.

Clicking the button in IE will take you to “www.microsoft.com” – which is actually on my server. If you were using Mozilla it would take you to “http://www.microsoft.com%01@bofe.org/ms.htm” which is an obviously faked URL.

This exploit is also easily made into a HTML link via some easily done Javascript. If the lousy Koreans that made the eBay scam had known how to do this, I’m sure they would have gotten a few more victims.

There are lots of other ways to obscure a URL that spammers and company frequently use, (ever see a link that says http://239482039484098/ ?) but this new technique is very difficult to detect without viewing the site’s source.

If you must use IE, be sure you trust the links you click.

(Code grabbed from Zapthedingbat )

Advertisements

About andyhillky
I'm cool.

2 Responses to New IE URL Spoof Technique

  1. jules says:

    you, head geek *grunt*

  2. RipperHoss says:

    I <3 Mozilla

%d bloggers like this: