.NET Buzz Forum - URL spoofing flaw could be used in bank scams

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

.NET Buzz Forum
URL spoofing flaw could be used in bank scams

0 replies on 1 page.

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 0 replies on 1 page

Paschal

Posts: 1621
Nickname: bigapple
Registered: Nov, 2003

Paschal is a .Net developer

URL spoofing flaw could be used in bank scams

Posted: Dec 16, 2003 7:59 AM

This post originated from an RSS feed registered with .NET Buzz by Paschal.
Original Post: URL spoofing flaw could be used in bank scams Feed Title: help.net Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/pleloup/Rss.aspx Feed Description: .Net for mankind !	Latest .NET Buzz Posts Latest .NET Buzz Posts by Paschal Latest Posts From help.net

This seems to be a serious flaw in IE, discovered by a graphic designer, and it's very simple to implement.

Check this page to have a demo on the effect in IE. So scary !

So by typing http://www.microsoft.com@zapthedingbat.com/security/ex01/vun2.htm Internet Explorer show only the first part before the @ and display in the address bar http://www.microsoft.com .

Why? Note the special non printing character included before the @.

Imagine a spammer who want to redirect some gullible users to a fictuous bank, something like asking account details !

Easy, the scam can go very far as duplicating website. I think MSFT should release a very quick answer to this. Remind me the 'old' $Data flaw in IIS 4 few years ago.

More details here or you can read the Microsoft KB here

Read: URL spoofing flaw could be used in bank scams

Previous Topic

Next Topic


	Web Artima.com