Re: [NTLK] Followup: Spoof ebay mail READ!!!!

From: William Pence (bill_pence_at_mac.com)
Date: Tue Oct 28 2003 - 05:19:05 PST


It is VERY easy to spoof a web address!!!

the address
http://www.ebay.com/whaterver/itdoesnotmatter.com/@ real address
that has the credit card sniffer but looks like ebay goes here>

NOTE THE @ SIGN!!! this 'breaks' the url into 2 parts.
the www can 'log' you into a server this way.

it wokrs like this:
http://>;<password>@<web address>
so the www.ebay.com is a bogis user name and password, and the real web
page (with all the very well faked ebay, or citibank, or paypal
graphics and links is here.

ANOTHER VERY IMPORTANT POINT!!!
they don't really need the @. the web can take %20 as <space> so they
could put %40
and get similar results.
BOTTOM LINE:::::

watch for @ and %40 in URL!!!!!!!!!

regards,
bp
>>
>> On Monday, October 27, 2003, at 01:44 AM,
newtontalk_at_newtontalk.net
>> wrote:
>>
>>> From: alanshaw_at_comcast.net
>>> Subject: Re: [NTLK] Followup: Spoof ebay mail
>>> Date: Mon, 27 Oct 2003 04:12:38 +0000
>>>
>>> Frank wrote:
>>>
>>>> I'm still astonished how a url like blabla.ebay.com can be not an
>>>> ebay url. I >have always been under the impression that what is
>>>> before ".com" is a unique
>>>> idendifier that can't be hijacked.
>>>
>>> Frank, I thought this too. However a couple years ago I learned that
>>> isn't the case. Theforce.net pulled a wonderful April Fool's prank
>>> by creating a fake news story that George Lucas was going to do
>>> three *more* "Star Wars" movies. They even had a link to CNN that
>>> took you to a cnn.com address where a copy of the prank existed. At
>>> the very end of the story they gave away that it was a prank. I
>>> e-mailed Theforce.net's editors asking how they got CNN to
>>> cooperate. They e-mailed back that CNN didn't have anything to do
>>> with it and they just spoofed the address somehow.
>>>
>>> Alan
>>
>

-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
List FAQ/Etiquette/Terms: http://www.newtontalk.net/faq.html
Official Newton FAQ: http://www.chuma.org/newton/faq/


This archive was generated by hypermail 2.1.5 : Tue Oct 28 2003 - 05:30:01 PST