Disguised URL's

I've asked this question in a Microsoft group but I'm wondering if
anyone here has a view, too.

Here is a signature block from a post made in the groups .............

microsoft.public.windows.inetexplorer.ie6_outlooke xpress and
microsoft.public.outlookexpress.general

>>> --
>>> ~Robear Dyer (PA Bear)
>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>> www.banthecheck.com
>>>


In this signature block, www.banthecheck.com resolves to
http://www.bleepingcomputer.com/blog...showentry=1564
if I click on the link.

I should be grateful if someone will explain how this is done.

Presumably any link shown in any post could be similarly disguised
and take 'the unsuspecting' to a fraudulent site.

Is this a correct assumption?

Thanks.

--
Dave

~BD~

On Sat, 8 Aug 2009 15:08:19 +0100, "~BD~"
<> wrote:

>www.banthecheck.com resolves to
>http://www.bleepingcomputer.com/blog...showentry=1564

>I should be grateful if someone will explain how this is done.

http://en.wikipedia.org/wiki/HTTP_302
and
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

>Presumably any link shown in any post could be similarly disguised
>and take 'the unsuspecting' to a fraudulent site.
>
> Is this a correct assumption?

Yes, it is.
Bottom line: don't click and be carefull.

--
Kind regards,
Gerard Bok

Gerard Bok

Gerard Bok wrote:
> On Sat, 8 Aug 2009 15:08:19 +0100, "~BD~"
> <> wrote:
>
>> www.banthecheck.com resolves to
>> http://www.bleepingcomputer.com/blog...showentry=1564
>
>> I should be grateful if someone will explain how this is done.
>
> http://en.wikipedia.org/wiki/HTTP_302
> and
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
>
>> Presumably any link shown in any post could be similarly disguised
>> and take 'the unsuspecting' to a fraudulent site.
>>
>> Is this a correct assumption?
>
> Yes, it is.
> Bottom line: don't click and be carefull.


Hello Gerard - thank you for your reply.

I've looked at each of the links you have provided and have gleaned a
little more knowledge but I'm really a bit out of my depth. I don't want
to create disguised URL's myself, simply ensure that the one I
illustrated was bona fide.

I remembered you had once advised me before and found this thread via
Google:-
http://forums.speedguide.net/showthread.php?t=254235

I never did receive a response to my final question to David H Lipman
which said:

Quote:

"I've *never* spotted anyone - ever - recommending folk should post at
Annexcafe User2User to have questions answered.

It seems really good (superficially) - so why is it never mentioned?"

Have others reading here ever been there or seen the site recommended?

Thanks
--
Dave

~BD~

"~BD~" <> writes:

> I've asked this question in a Microsoft group but I'm wondering if
> anyone here has a view, too.

This is actually a good security question.

>>>> --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>> www.banthecheck.com
>>>>
>
>
> In this signature block, www.banthecheck.com resolves to
> http://www.bleepingcomputer.com/blog...showentry=1564
> if I click on the link.
>
>
> I should be grateful if someone will explain how this is done.

There are two main ways this is done.

The server could be configured to do a 302 redirect in HTTP header
responses to tell the browser essentially "that URL moved--go here to
get it"

Or, a meta redirect can be put into the returning html where an html
meta refresh directive is included and the meta refresh takes an
argument of where the page should be refreshed to goto.

> Presumably any link shown in any post could be similarly disguised
> and take 'the unsuspecting' to a fraudulent site.
>
> Is this a correct assumption?

Yup.

We'll get you surfing the web inside a throw away virtual machine in
no time.

--
Todd H.
http://www.toddh.net/

Todd H.

Todd H. wrote:
> "~BD~" <> writes:
>
>> I've asked this question in a Microsoft group but I'm wondering if
>> anyone here has a view, too.
>
> This is actually a good security question.


Wow! What an acolade! Thanks Todd!


>>>>> --
>>>>> ~Robear Dyer (PA Bear)
>>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>> www.banthecheck.com
>>>>>
>>
>>
>> In this signature block, www.banthecheck.com resolves to
>> http://www.bleepingcomputer.com/blog...showentry=1564
>> if I click on the link.
>>
>>
>> I should be grateful if someone will explain how this is done.
>
> There are two main ways this is done.
>
> The server could be configured to do a 302 redirect in HTTP header
> responses to tell the browser essentially "that URL moved--go here to
> get it"
>
> Or, a meta redirect can be put into the returning html where an html
> meta refresh directive is included and the meta refresh takes an
> argument of where the page should be refreshed to goto.


How do you know all these things? Rhetorical question! I respect your
expertise!


>> Presumably any link shown in any post could be similarly disguised
>> and take 'the unsuspecting' to a fraudulent site.
>>
>> Is this a correct assumption?
>
> Yup.
>
> We'll get you surfing the web inside a throw away virtual machine in
> no time.


When I get home after this summer cruise, I'll investigate in depth how
to do just that thing!

Thanks for still talking to me, btw!

Best wishes

--
Dave

~BD~

"~BD~" <> wrote in news:h5slim$2b3$-
september.org:

>> We'll get you surfing the web inside a throw away virtual machine in
>> no time.
>
>
> When I get home after this summer cruise, I'll investigate in depth how
> to do just that thing!

You could just run vmware player and janusvm - it's that simple.

Regards,

nemo_outis

nemo_outis wrote:
> "~BD~" <> wrote in
> news:h5slim$2b3$- september.org:
>
>>> We'll get you surfing the web inside a throw away virtual machine in
>>> no time.
>>
>>
>> When I get home after this summer cruise, I'll investigate in depth
>> how to do just that thing!
>
> You could just run vmware player and janusvm - it's that simple.


Many thanks!

I've made a note and will have a look at them later.

--
Dave

~BD~