Internet Explorer phish bug, works with https, ie paypal

fatkorean

Senior member
Dec 17, 2001
793
0
0
I looked up phish, ie, explorer, bug, internet and didn't come up with anything so hope this isn't a repost..

Well I was browsing another forum and I saw this. Its kinda scary if you have IE...

here is the link

-fk

edited to add another link... https://www.paypal.com
 

fatkorean

Senior member
Dec 17, 2001
793
0
0
click that link, then click the symantec link in the "fake" email. then look at your address bar, also look at the status bar if you have it on ie and hold your mouse over the link. Then right click on the page and goto properties.. what do you see?

Can you imagine if it was paypal? or your bank?

-fk
 

Occifer

Golden Member
Mar 27, 2002
1,002
0
0
Wow, hopefully there's a patch for this soon or it could really mess some people up!
 

jfall

Diamond Member
Oct 31, 2000
5,975
2
0
/me gets ready to see a lot more of those ebay/paypal update credit card information e-mails.

That is crazy, thanks for the info
 

WobbleWobble

Diamond Member
Jun 29, 2001
4,867
1
0
Wow! And there's no way of telling if the site you're being direct to is real or not.

Good find.
 

PrincessGuard

Golden Member
Feb 5, 2001
1,435
0
0
MyIE2 isn't fooled :)

Edit: I take that back. Proxomitron will show the whole address but MyIE2 itself won't.
 

fatkorean

Senior member
Dec 17, 2001
793
0
0
How is this a repost? I posted this on 12/11/2003 12:46 AM
and you posted this on 12/11/2003 12:38 PM

???

-fk
 

gwlam12

Diamond Member
Apr 4, 2001
6,946
1
71
Originally posted by: fatkorean
bump because no one cares and this could be potentially very bad bug

maybe ppl care but dont have anything to say about it.
 

kranky

Elite Member
Oct 9, 1999
21,019
156
106
Unless they can come up with a way to squash this, I think it could be very bad. Even n00bs don't reply to spam any more, but they will click links.

I don't know if this would work in an email, though.

<edit> removed stupid question ;) </edit>
 

This has been done with paypal, so I don't have to imagine it.

Redirects are as old as html. If you get hit by one, you deserve it.
 
Apr 16, 2003
179
0
0
Opera gives the following in a dialog - even better than firebird IMO:
Security warning:

You are about to go to an address containing a username.

Username: www.paypal.com
Server: secure.divo.net

Are you sure you want to go to this address?
 

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
Originally posted by: SammySon
This has been done with paypal, so I don't have to imagine it.

Redirects are as old as html. If you get hit by one, you deserve it.
It's not a redirect - read up, it's far worse than that.