Security Spoofing vulnerability in IE

[LittleKing]

I don't know if anybody has posted about this or not (since I haven't been on the boards for a while) but there is a spoofing security vulnerablity in IE. More info can be found at TheInquirer.net.

Apprently this also can partially affect Mozilla browsers as well.

Here you can test to see if you are vulnerable.

Just wanted to make you guys aware of this.

LK

[DVNT1]

Combine that spoof with the fake Paypal and ebay emails and you have a potentially nasty problem for most users.

So don't follow links from untrusted sources!

[DVNT1]

The more I think about it, the more I realize it is a big issue.

For example, so many accounts are being compromised do to the html email that shows http://signin.ebay.com//aw-cgi/eBayI...ame=h:h:sin:US but really directs you some malicious site just showing http://192.168.28.97/aw-cgi/eBayISAP...ame=h:h:sin:US and displaying the exact same content.

Now this exploit hides the IP portion from the URL and displays the trusted site name, but you still go to the malicious site in the background!

[jmichna]

My wife -- a frequent eBay user -- has gotten literally dozens of the "eBay" requests for her to confirm her username/password, other "her account will be terminated" or some such nonsense.

Fortunately, she is not gullible ( I've managed to convey a certain amount of cyber-cynicism ).

These emails are REALLY well done, and look like the real deal, including links to (certain) legitimate eBay pages.

She forwards them to a security section of eBay (don't recall exactly where) and then eBay pursues. I've looked at the email header info, and most of these are from a European server source.

Another thing I've seen people get are e-mails -- purportedly from Microsoft -- telling the recipient to run an attached (executable) file for some "security issue."

Again, the uninfomed/ill-informed would likely do so (the letters are well done, and look like they are from M$!)... but Microsoft NEVER sends users any sort of patch/upgrade as an attachment. You need to go to the MS Update site.

[DVNT1]

Also see http://www.techimo.com/forum/t92100.html for an example I created.

[Starfury_2260]

now how can you stop it?

[jmichna]

Quote:

Originally posted by Starfury_2260
now how can you stop it?

We forward what we receive to the company being spoofed/victimized. Most have a section like eBay's "Safe Harbor."

[DVNT1]

Quote:

Originally posted by Starfury_2260
now how can you stop it?

When you receive an email that looks legitimate and you think may need to logon to that site... directly type the URL into your browser, don't trust the hyperlink in the email. Even a copy & paste of the link should work, just be sure to examine the pasted link for the @ sign or anything else that isn't common (also numeric addresses in place of domains is rarely legitimate).

[Derek79602+]

Quote:

Originally posted by Starfury_2260
now how can you stop it?

Answer to that question.

Opera freaks out when I try to go to any of those "modified" sites and ask me, "are you sure you want to do this?"

It also shows the REAL address when you do a mouseover.