Jump to content


Welcome to DBSTalk


Sign In 

Create Account
Welcome to DBSTalk. Our community covers all aspects of video delivery solutions including: Direct Broadcast Satellite (DBS), Cable Television, and Internet Protocol Television (IPTV). We also have forums to discuss popular television programs, home theater equipment, and internet streaming service providers. Members of our community include experts who can help you solve technical problems, industry professionals, company representatives, and novices who are here to learn.

Like most online communities you must register to view or post in our community. Sign-up is a free and simple process that requires minimal information. Be a part of our community by signing in or creating an account. The Digital Bit Stream starts here!
  • Reply to existing topics or start a discussion of your own
  • Subscribe to topics and forums and get email updates
  • Send private personal messages (PM) to other forum members
  • Customize your profile page and make new friends
 
Guest Message by DevFuse

Photo

Mousing over a link to verify destination no longer safe


  • Please log in to reply
24 replies to this topic

#1 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • DBSTalk Club
  • 12,742 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 17 March 2013 - 03:03 PM

I saw this retweeted by a well known security researcher, this page and the demo are safe.

It uses Javascript, it will show that it will take you to Paypal UK when you mouse over it, but in reality, you'll go somewhere else, in this case a different page on the original site.

This works in current versions of IE, Chrome and Firefox.

http://bilaw.al/2013...characters.html

...Ads Help To Support This SIte...

#2 OFFLINE   P Smith

P Smith

    Mr. FixAnything

  • Registered
  • 19,761 posts
  • LocationMediterranean Sea
Joined: Jul 25, 2002

Posted 17 March 2013 - 03:24 PM

oh man! it's never ending hunt for fool users ...

#3 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,742 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 17 March 2013 - 04:38 PM

Nope. Only safe thing to do really is to manually log into your account and check for anything there, or call a known number for them. These phishing emails are getting more and more sophisticated. They even use two factor authentication you've set up with the real site.

Edited by dpeters11, 17 March 2013 - 05:16 PM.


#4 OFFLINE   P Smith

P Smith

    Mr. FixAnything

  • Registered
  • 19,761 posts
  • LocationMediterranean Sea
Joined: Jul 25, 2002

Posted 17 March 2013 - 08:17 PM

up to the post, I was think I'm safe by hovering a mouse ...

#5 OFFLINE   James Long

James Long

    Ready for Uplink!

  • Super Moderators
  • 39,584 posts
Joined: Apr 17, 2003

Posted 17 March 2013 - 08:30 PM

Right click - open in new tab - takes me to the right site in Firefox. That is the way I normally open links anyways.

The second half of the problem, PayPal redirecting to unusual URLs, makes this exploit possible. Otherwise looking at the URL after clicking will show that you're not in the right place.

The initial scam page needs to be good as well. To be scammed I would need a good reason to click on that link in the first place.

#6 OFFLINE   P Smith

P Smith

    Mr. FixAnything

  • Registered
  • 19,761 posts
  • LocationMediterranean Sea
Joined: Jul 25, 2002

Posted 17 March 2013 - 08:35 PM

Right click - open in new tab - takes me to the right site in Firefox. That is the way I normally open links anyways.

That's simplest way to install malicious SW in a split of a second ...

#7 OFFLINE   The Merg

The Merg

    1*

  • Registered
  • 10,253 posts
  • LocationNorthern VA
Joined: Jun 24, 2007

Posted 17 March 2013 - 09:11 PM

Good info. Thanks.

- Merg

Today's problems don't worry me, I haven't solved yesterday's yet.

SlimLine-3 Dish w/ SWM16 (HD Service / WHDVR) / Full Setup
HR34-700 / Panasonic TC-P50G25 HDTV / HDMI / Networked - DECA / Family Room
HR44-700 / Samsung HCM5525W HDTV / Component / Networked - DECA / Bedroom

HR24-100 / Samsung HCM5525W HDTV / Component / Networked - DECA / Bedroom


#8 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,742 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 17 March 2013 - 09:22 PM

Thinking about it, I think it would be more of an issue with webmail. Email clients shouldn't do Javascript, especially by default.

#9 OFFLINE   wilbur_the_goose

wilbur_the_goose

    Hall Of Fame

  • Registered
  • 4,394 posts
Joined: Aug 16, 2006

Posted 18 March 2013 - 07:15 AM

Yep - safest way to go is to type the desired URL yourself.

#10 OFFLINE   Dude111

Dude111

    Legend

  • Registered
  • 491 posts
Joined: Aug 06, 2010

Posted 23 March 2013 - 02:32 AM

Im on IE6 and that doesnt work... TOOK ME TO PAYPAL!!!! (Like the demo link said it should)

EDIT:

I enabled scripts and it works (So i figured)


EDIT2:

If i put the domain into my restricted zone IT DOES NOT WORK! (scripts enabled)

Edited by Dude111, 23 March 2013 - 02:49 AM.


#11 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,742 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 23 March 2013 - 08:13 AM

I'm assuming its pointless to try to convince you not to use ie6, right? Or at least by summer 2014...

It certainly makes sense for it to not work in the restricted zone. But in my opinion, there are worse dangers using 6 than that script working or not.

#12 OFFLINE   Dude111

Dude111

    Legend

  • Registered
  • 491 posts
Joined: Aug 06, 2010

Posted 23 March 2013 - 02:27 PM

Your listening to all the Mainstream BS my friend.....

IE6 is just as good as any newer OVER-BLOATED browser! (As long as you have your security zone set right)

IE6 is not spying on the end user... YOU CANT SAY THAT FOR SURE ABOUT THESE NEWER BROWSERS!

#13 OFFLINE   wilbur_the_goose

wilbur_the_goose

    Hall Of Fame

  • Registered
  • 4,394 posts
Joined: Aug 16, 2006

Posted 23 March 2013 - 03:18 PM

Dude - IE6 is a swiss cheese browser, and you're putting yourself at risk. Unfortunately, you could be putting the rest of us at risk too by allowing your PC to become part of a botnet that could be used to commit a DDoS attack.

#14 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,742 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 23 March 2013 - 03:45 PM

Plus, IE 6 means XP. It will become more dangerous to be on XP after it no longer receives any updates. It's not BS. Unfortunately, though I'm not nearly at Wilbur_The_Goose's level, I really do know how these things actually work. Not liking Windows 8 is one thing, but Windows 7 is a very fine OS, until around February 11, 2020.

But, not everyone can be convinced of the truth :)

#15 OFFLINE   carlsbad_bolt_fan

carlsbad_bolt_fan

    Icon

  • Registered
  • 743 posts
  • LocationCarlsbad, CA
Joined: May 18, 2004

Posted 23 March 2013 - 03:55 PM

Dude - IE6 is a swiss cheese browser, and you're putting yourself at risk. Unfortunately, you could be putting the rest of us at risk too by allowing your PC to become part of a botnet that could be used to commit a DDoS attack.


The goose is golden with this advice. :)
HR20-700 Connected to 55" Samsung UN55D8000YF via HDMI
HR20-700 Connected to 24" Samsung P2570HD
R22-200 Connected to 32" Sony
D* Customer since 2000

#16 OFFLINE   SayWhat?

SayWhat?

    Hall Of Fame

  • Registered
  • 5,562 posts
Joined: Jun 06, 2009

Posted 23 March 2013 - 04:25 PM

Hovering is also why I won't use URL shorteners or click on links through them I want to see the underlying URL, not a Libyan domain name (.ly) followed by random characters.

Nor will I click on links from this board due to the Vigilink scrambling of the URLs.
Help stamp out Twits and Twitterers!

HD, SchmacHD!! Just be glad you've got a picture at all.

#17 OFFLINE   dpeters11

dpeters11

    Hall Of Fame

  • Topic Starter
  • DBSTalk Club
  • 12,742 posts
  • LocationCincinnati
Joined: May 30, 2007

Posted 23 March 2013 - 06:33 PM

Just for an FYI, add a + at he end of a bitly link, it will tell you where it goes, along with the statistics, like this.

Http://Bit.ly/dsxpcred+

#18 OFFLINE   James Long

James Long

    Ready for Uplink!

  • Super Moderators
  • 39,584 posts
Joined: Apr 17, 2003

Posted 23 March 2013 - 10:15 PM

Just for an FYI, add a + at he end of a bitly link, it will tell you where it goes, along with the statistics, like this.

Http://Bit.ly/dsxpcred+


Which, of course, shows up as something like this in the mouseover:
http://apicdn.viglin....com/usercp.php

#19 OFFLINE   Mark Holtz

Mark Holtz

    Day Sleeper

  • DBSTalk Club
  • 9,845 posts
  • LocationSacramento, CA
Joined: Mar 23, 2002

Posted 23 March 2013 - 11:39 PM

IE6 is just as good as any newer OVER-BLOATED browser! (As long as you have your security zone set right)

IE6 is not spying on the end user... YOU CANT SAY THAT FOR SURE ABOUT THESE NEWER BROWSERS!

Internet Explorer 6 was released in August, 2001. FWIW: Firefox (then known as Phoenix) was released as 0.1 on September, 2002, with the 1.0 release on November, 2004. It's predecessor, Netscape, was around version 6. Chrome wasn't a twinkle in Google's eye, and Safari was still being worked on.

Anyone who has done anything beyond "bare bones" HTML code, and actually use features such as Javascript and CSS will quickly find out how well IE doesn't follow established standards to the point where web programmers had to put in kludges in to make the web page work with Internet Explorer 6. Personally, when I was doing web development, I found it much easier to do it in Firefox (because of the robust tools at the time), then adapt the code for other browsers (including the adaptions for IE) rather than develop on IE.

The biggest reason why IE6 still is around is that some companies have developed internal applications many years ago that are still being used, probably with the aid of Frontpage. These pages break even with Internet Explorer 7 (released in October, 2006 -- FIVE YEARS after IE6), and the developers have long moved on, yet the company doesn't want to spend the money on the replacement and the required training.

Thank goodness that IE6 will End-Of-Life next year.
"In many ways, this opera does fulfil my often quoted description of what most operas is about. The tenor is trying to sleep with the soprano, and the baritone is trying to stop them." - Sean Bianco, KXPR At The Opera
Check out my list of links.

#20 OFFLINE   SayWhat?

SayWhat?

    Hall Of Fame

  • Registered
  • 5,562 posts
Joined: Jun 06, 2009

Posted 24 March 2013 - 02:48 AM

FWIW: Firefox (then known as Phoenix) was released as 0.1 on September, 2002, with the 1.0 release on November, 2004. It's predecessor, Netscape, was around version 6.

Thank goodness that IE6 will End-Of-Life next year.


Netscape and FF are distant cousins. Both were developed by the Mozilla Foundation, but were separate projects along with Thunderbird and several others. For some reason, they sold the Netscape name and package to AOL. From that point they continued to develop the full browser suite under the Mozilla name while developing Firefox as a stripped down, standalone project. That continues to this day with the full suite now renamed to SeaMonkey.

I thought IE6 was abandoned by MS years ago? There has been a big campaign on to kill it off once and for all.
Help stamp out Twits and Twitterers!

HD, SchmacHD!! Just be glad you've got a picture at all.




spam firewall