Security Basics mailing list archives
RE: Fake Sites
From: "J. Oquendo" <sil () disgraced org>
Date: Sat, 6 Sep 2003 10:24:40 -0400
I don't know of anything that will report a site if someone visits it that will tell them if the site is genuine or not, and that's not to say one doesn't exist, but you can write a quick explanation for your users to check the integrity of the site their on. E.g.: Supposing you were on Disney.com and wanted to make sure this indeed is Disney.com, obviously you could look at the address bar to tell this. If you're referring to 'Obfuscated URL's' such as: http://www.microsoft.com:windows=query&somethinghere@192.168.1.1 Where at first it would look like Microsoft's website but on arrival would be something else, you may be able to set perhaps your IDS to strip links but I wouldn't do so in case someone accesses certain sites with a username and password something such as: http://john:doe () www foosite org/members.html Check up Google for Obfuscated URL and you should find a slew of information on this. ======================================================= Hi Does any one know if there are a comercial product (like a robot) or a Service Provider that can search for fake sites based on the similarity with the original one ? Additionally, what can i do to prove to the user of a site that the site he is accessing is the original one, not a fake ? How can i prove the authenticity of the site in a user friendly manner ? Thanks ======================================================= -- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Jesus Oquendo sil @ disgraced . org sil @ antioffline . com segment ... antioffline . com PGP Fingerprint 39A7 24C6 A9A0 6C67 96CA 0302 F1D3 2420 851E E3D0 http://www.antioffline.com http://www.politrix.org You're free. And freedom is beautiful. And, you know, it'll take time to restore chaos and order, order out of chaos. But we will." George W. Bush Washington, D.C., April 13, 2003 --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Fake Sites Jensen (Sep 05)
- Re: Fake Sites Ian Kelly (Sep 08)
- RE: Fake Sites Jeremiah Powell (Sep 08)
- <Possible follow-ups>
- RE: Fake Sites J. Oquendo (Sep 08)
- RE: Fake Sites MARZIOU,GAEL (HP-France,ex1) (Sep 08)