Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    Security MicroSoft Closes Browser Phishing Hole
    posted by michael on Tuesday February 03 2004, @04:49AM

    fnord writes "MicroSoft has released a patch for their Internet Explorer web browser to close a URL line exploit that mislead users as to which website they would reach by following a given domain name address. Scammers and others would send email (often in bulk) or by other methods (EG: Usenet postings) that contained obfuscated URLs of the form:
    which would somewhat counter-intuitively send the recipient to the rightmost address in the URL. You can give it a try if you have IExplorer (note that if you are already logged in it might forget that). Most other browsers no longer support such a 'feature'. While MicroSoft spins this as timely (even breaking from their normal monthly release schedule), the technique, called spoofing or phishing, was already well known and being (mis)used long before I reported on it here over two years ago."

    "In MicroSoft's defense this was originally a 'feature' meant to contain UserID info, but like so much of the internet these days, not everyone still plays nice. MicroSoft was also slow to implement this as it will cause a number of sites to either be unreachable or have to change, as MicroSoft's suggested workarounds make clear. And perhaps it is because a couple of additional wrinkles have more recently come to light. One makes the URL line look like the real thing, and another makes use of a popup above the real site.

    The patch also guards against sites being able to download malicious code to recipient machines (this is far from the first fix for that, and it likely won't be the last). With MyDoom currently richocheting around the net, it isn't beyond the realm of possibility that someone could use phishing to appear to be oh...say MicroSoft (it wouldn't be the first time) in bulk email about oh...say a security update, download code turning recipient machines into zombies, and then using something like oh...say a DRDos attack on oh...say the root servers, knocking them off is surely the unholy grail of those who don't play nice.

    One further sobering thought. I am often asked to work on Windoze machines and I doubt one in ten users ever does a Windows Update or installs patches or service packs, most don't even know they exist. With Microsoft's Internet Explorer being the browser used by about 95% of those online, that could still make for a lot of zombies. -g"

      ICANNWatch Login  


    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

      Related Links  
    · ICANNWatch.org
    · ICANN
    · workarounds
    · One
    · another
    · currently
    · time
    · DRDos
    · fnord
    · patch
    · http://icann.org@icannwatch.or g
    · spins
    · phishing
    · here
    · More Security stories
    · Also by michael
    This discussion has been archived. No new comments can be posted.
    MicroSoft Closes Browser Phishing Hole | Log in/Create an Account | Top | 7 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    Link correction
    by fnord (groy2kNO@SPAMyahoo.com) on Tuesday February 03 2004, @06:47AM (#12922)
    User #2810 Info
    Oops, the phishing link in the second paragraph should have pointed to anti-phishing.org [anti-phishing.org]. It was a mistake I missed during checking, in that instance there was no intent to deceive.

    And note that if you have your ICANNWatch prefs set to show the actual root domain name of a link following that link, a la SlashDot, as in:

    example.com/page.htm [example.com]

    the code is smart enough to show the actual destination, not the apparent one, that is, the link:

    http://icann.org@www.icannwatch.org/ [icannwatch.org]

    should be followed by [icannwatch.org]. Perhaps such a function could be added to email clients to unobfuscate incoming email. Of course MicroSoft's email clients would never have it because it will no longer be seen as necessary, and if they did decide to add such functionality it would probably take a few years. -g

    [ Reply to This | Parent ]
    by dtobias (dan@tobias.name) on Tuesday February 03 2004, @06:52AM (#12923)
    User #2967 Info | http://domains.dan.info/
    The Mozilla browser actually still supports that syntax, at least in the version I'm using.
    [ Reply to This | Parent ]
    • Re:Mozilla by fnord Tuesday February 03 2004, @09:09AM
    URL syntax is allowed
    by Huguei on Wednesday February 04 2004, @03:42AM (#12927)
    User #3840 Info
    But the syntax
    is allowed in the URI specification RFC (rfc2396).

    The problem with IExplorer was that certain character inside the URL (hidden right after the '@' sign) causes that explorer doesn't showed the rest or the url, even in the address bar or the body of a mail message !! So, the crackers could use that character to hide the real server.

    [ Reply to This | Parent ]

    Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com