Security Basics mailing list archives

RE: Fake Sites

From: "J. Oquendo" <sil () disgraced org>
Date: Sat, 6 Sep 2003 10:24:40 -0400

I don't know of anything that will report a site if someone
visits it that will tell them if the site is genuine or not,
and that's not to say one doesn't exist, but you can write
a quick explanation for your users to check the integrity
of the site their on. E.g.: Supposing you were on Disney.com
and wanted to make sure this indeed is Disney.com, obviously
you could look at the address bar to tell this.

If you're referring to 'Obfuscated URL's' such as:
http://www.microsoft.com:windows=query&somethinghere@192.168.1.1
Where at first it would look like Microsoft's website but
on arrival would be something else, you may be able to set
perhaps your IDS to strip links but I wouldn't do so
in case someone accesses certain sites with a username
and password something such as:

http://john:doe () www foosite org/members.html

Check up Google for Obfuscated URL and you should find
a slew of information on this.

=======================================================
Hi

Does any one know if there are a comercial product (like a robot) or a Service Provider that can search for fake sites 
based on the similarity with the original one ?

Additionally, what can i do to prove to the user of a site that the site he is accessing is the original one, not a 
fake ? How can i prove the authenticity of the site in a user friendly manner ?

Thanks 
=======================================================

-- 
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Jesus Oquendo
sil @ disgraced . org
sil @ antioffline . com
segment ... antioffline . com
PGP Fingerprint
39A7 24C6 A9A0 6C67 96CA 0302 F1D3 2420 851E E3D0

http://www.antioffline.com
http://www.politrix.org

You're free. And freedom is beautiful. And, you know, 
it'll take time to restore chaos and order, order out
of chaos. But we will." George W. Bush Washington, 
D.C., April 13, 2003


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Fake Sites Jensen (Sep 05)
- Re: Fake Sites Ian Kelly (Sep 08)
- RE: Fake Sites Jeremiah Powell (Sep 08)
- <Possible follow-ups>
- RE: Fake Sites J. Oquendo (Sep 08)
- RE: Fake Sites MARZIOU,GAEL (HP-France,ex1) (Sep 08)