Interesting People mailing list archives
more on re spoofing scams?
From: Dave Farber <dave () farber net>
Date: Fri, 16 Jan 2004 13:30:41 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Fri, 16 Jan 2004 12:14:29 -0600 From: gep2 () terabites com Subject: [IP] re spoofing scams? To: dave () farber net > How can one tell if an organization is what it claims to be online? Matt Dircks, vice president of anti-spam software developer NetIQ Corp., of San Jose, Calif., said if you receive an offer online, make sure to check out the seller's Internet Protocol address, before transacting any business. "If it says Citibank.ru, as in Russia, be wary," he told UPI. One of the things that Microsoft needs to change in Internet Explorer is that there needs to be a way you can see what ACTUAL IP address (and domain name!)you're dealing with... after all the obscuring, bogus links, forwarding through
geocities.com and other stuff is done. Second, there ought to be a way in IE that you can "authenticate" a Web server you're connected with, perhaps with a built-in "Traceroute" function that you can use to see if the domain name in question resolves to that of a known "bad guy" rogue server. For example, spammers have started using disposable domain names, randomly generated subdomains, and "front" servers (often atwww.geocities.com) that make it harder to block these rogue sites. It would be
a big improvement if one could block actual final IP addresses (and not justdomain names and specific subdomains) such that a fraudster's geocities.com site
that forwards folks to a known rogue server somewhere else could be easily blocked. > Whether a for-profit or non-profit company sends an e-mail solicitation, and the IP address seems legitimate, people should look through the site to see if there is a corporate history page, as well as sufficient contact information to reach the firm offline, Larson said. "If you can't reach them by telephone to confirm the offer, it could be fraudulent," Larson added. > Lastly, experts advise, never respond directly to an e-mail ad by clicking on a link in the message -- no matter how familiar you are with the brand. "E-mail seems to be the medium of choice for these hackers," Weider said. "But very few real banks, or companies, will ask you for financial information by e-mail. These are definitely criminals." Again, the big problem there is caused by HTML-burdened E-mail, scripting, and links which claim they're one thing (say, "http://confirm.ebay.com") and whichactually behind the scenes link to some rogue site in Romania or somewhere. The
fact that HTML-burdened E-mail is permitted by default (both for sending and receiving) by Outlook, AOL, MSN and other folks is **directly** to blame forthis. If people would instead have to cut-and-paste the URL into their browser
then much of this kind of URL spoofing wouldn't be possible... (likewise when the images come from a different server than the rest of the page) and if the browser would tell people what Web server(s) they ACTUALLY are connected with, that would also be a BIG help. HTML, and attachments (by class, perhaps) in E-mail messages ought to ONLY be allowed when sent by individual WHITELISTED senders (as specified by each individual recipient). The default should ABSOUTELY be to block HTML-burdened E-mail from unapproved senders. That, combined with a similar restriction on attachments (and especially executable attachments) would have an IMMEDIATE impact on the effectiveness of both spam AND viruses/worms. This is an area where I'm surprised there hasn't been a class action lawsuit against Microsoft (yet). Their not-very-clever design choices have explicitly provided a strong cover for this kind of widespread fraud and abuse. Gordon Peterson http://personal.terabites.com/ 1977-2002 Twenty-fifth anniversary year of Local Area Networking! Support the Anti-SPAM Amendment! Join at http://www.cauce.org/ 12/19/98: Partisan Republicans scornfully ignore the voters they "represent". 12/09/00: the date the Republican Party took down democracy in America. ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on re spoofing scams? Dave Farber (Jan 16)