![]() |
|
|
|
#1 |
|
I've asked this question in a Microsoft group but I'm wondering if
anyone here has a view, too. Here is a signature block from a post made in the groups ............. microsoft.public.windows.inetexplorer.ie6_outlooke xpress and microsoft.public.outlookexpress.general >>> -- >>> ~Robear Dyer (PA Bear) >>> MS MVP-IE, Mail, Security, Windows Client - since 2002 >>> www.banthecheck.com >>> In this signature block, www.banthecheck.com resolves to http://www.bleepingcomputer.com/blog...showentry=1564 if I click on the link. I should be grateful if someone will explain how this is done. Presumably any link shown in any post could be similarly disguised and take 'the unsuspecting' to a fraudulent site. Is this a correct assumption? Thanks. -- Dave ~BD~ |
|
|
|
|
#2 |
|
Posts: n/a
|
On Sat, 8 Aug 2009 15:08:19 +0100, "~BD~"
<> wrote: >www.banthecheck.com resolves to >http://www.bleepingcomputer.com/blog...showentry=1564 >I should be grateful if someone will explain how this is done. http://en.wikipedia.org/wiki/HTTP_302 and http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html >Presumably any link shown in any post could be similarly disguised >and take 'the unsuspecting' to a fraudulent site. > > Is this a correct assumption? Yes, it is. Bottom line: don't click and be carefull. -- Kind regards, Gerard Bok Gerard Bok |
|
|
|
#3 |
|
Posts: n/a
|
Gerard Bok wrote:
> On Sat, 8 Aug 2009 15:08:19 +0100, "~BD~" > <> wrote: > >> www.banthecheck.com resolves to >> http://www.bleepingcomputer.com/blog...showentry=1564 > >> I should be grateful if someone will explain how this is done. > > http://en.wikipedia.org/wiki/HTTP_302 > and > http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html > >> Presumably any link shown in any post could be similarly disguised >> and take 'the unsuspecting' to a fraudulent site. >> >> Is this a correct assumption? > > Yes, it is. > Bottom line: don't click and be carefull. Hello Gerard - thank you for your reply. I've looked at each of the links you have provided and have gleaned a little more knowledge but I'm really a bit out of my depth. I don't want to create disguised URL's myself, simply ensure that the one I illustrated was bona fide. I remembered you had once advised me before and found this thread via Google:- http://forums.speedguide.net/showthread.php?t=254235 I never did receive a response to my final question to David H Lipman which said: Quote: "I've *never* spotted anyone - ever - recommending folk should post at Annexcafe User2User to have questions answered. It seems really good (superficially) - so why is it never mentioned?" Have others reading here ever been there or seen the site recommended? Thanks -- Dave ~BD~ |
|
|
|
#4 |
|
Posts: n/a
|
"~BD~" <> writes:
> I've asked this question in a Microsoft group but I'm wondering if > anyone here has a view, too. This is actually a good security question. >>>> -- >>>> ~Robear Dyer (PA Bear) >>>> MS MVP-IE, Mail, Security, Windows Client - since 2002 >>>> www.banthecheck.com >>>> > > > In this signature block, www.banthecheck.com resolves to > http://www.bleepingcomputer.com/blog...showentry=1564 > if I click on the link. > > > I should be grateful if someone will explain how this is done. There are two main ways this is done. The server could be configured to do a 302 redirect in HTTP header responses to tell the browser essentially "that URL moved--go here to get it" Or, a meta redirect can be put into the returning html where an html meta refresh directive is included and the meta refresh takes an argument of where the page should be refreshed to goto. > Presumably any link shown in any post could be similarly disguised > and take 'the unsuspecting' to a fraudulent site. > > Is this a correct assumption? Yup. We'll get you surfing the web inside a throw away virtual machine in no time. -- Todd H. http://www.toddh.net/ Todd H. |
|
|
|
#5 |
|
Posts: n/a
|
Todd H. wrote:
> "~BD~" <> writes: > >> I've asked this question in a Microsoft group but I'm wondering if >> anyone here has a view, too. > > This is actually a good security question. Wow! What an acolade! Thanks Todd! >>>>> -- >>>>> ~Robear Dyer (PA Bear) >>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002 >>>>> www.banthecheck.com >>>>> >> >> >> In this signature block, www.banthecheck.com resolves to >> http://www.bleepingcomputer.com/blog...showentry=1564 >> if I click on the link. >> >> >> I should be grateful if someone will explain how this is done. > > There are two main ways this is done. > > The server could be configured to do a 302 redirect in HTTP header > responses to tell the browser essentially "that URL moved--go here to > get it" > > Or, a meta redirect can be put into the returning html where an html > meta refresh directive is included and the meta refresh takes an > argument of where the page should be refreshed to goto. How do you know all these things? Rhetorical question! I respect your expertise! >> Presumably any link shown in any post could be similarly disguised >> and take 'the unsuspecting' to a fraudulent site. >> >> Is this a correct assumption? > > Yup. > > We'll get you surfing the web inside a throw away virtual machine in > no time. When I get home after this summer cruise, I'll investigate in depth how to do just that thing! Thanks for still talking to me, btw! Best wishes -- Dave ~BD~ |
|
|
|
#6 |
|
Posts: n/a
|
"~BD~" <> wrote in news:h5slim$2b3$-
september.org: >> We'll get you surfing the web inside a throw away virtual machine in >> no time. > > > When I get home after this summer cruise, I'll investigate in depth how > to do just that thing! You could just run vmware player and janusvm - it's that simple. Regards, nemo_outis |
|
|
|
#7 |
|
Posts: n/a
|
nemo_outis wrote:
> "~BD~" <> wrote in > news:h5slim$2b3$- september.org: > >>> We'll get you surfing the web inside a throw away virtual machine in >>> no time. >> >> >> When I get home after this summer cruise, I'll investigate in depth >> how to do just that thing! > > You could just run vmware player and janusvm - it's that simple. Many thanks! I've made a note and will have a look at them later. -- Dave ~BD~ |
|