RE: Phishing

["Damon McMahon" <inst_karma () hotmail com>]

Note that Microsoft removed exactly this functionality for exactly these 
reasons in their MS04-004 update to Internet Explorer:

834489 - A security update is available that modifies the default behavior 
of Internet Explorer for handling user information in HTTP and in HTTPS URLs
http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

I'm not sure about the current state of support in Mozilla for this - 
there's a bug submited at http://bugzilla.mozilla.org/show_bug.cgi?id=232560 
but this is pretty vague.

Yet another reason to keep your browser right up to date (as if you needed 
another one!) I suppose...

>From: "Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>
>To: <webappsec () securityfocus com>
>Subject: RE: Phishing
>Date: Thu, 13 May 2004 10:55:05 +0100
>MIME-Version: 1.0
>Received: from outgoing3.securityfocus.com ([205.206.231.27]) by 
mc12-f15.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Fri, 14 May 2004 
00:05:22 -0700
>Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 
44852236F2E; Thu, 13 May 2004 13:59:42 -0600 (MDT)
>Received: (qmail 18325 invoked from network); 13 May 2004 04:45:57 -0000
>X-Message-Info: 6sSXyD95QpXlzPKtFvjFb2uiK+2iswY3
>Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm
>Precedence: bulk
>List-Id: <webappsec.list-id.securityfocus.com>
>List-Post: <mailto:webappsec () securityfocus com>
>List-Help: <mailto:webappsec-help () securityfocus com>
>List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com>
>List-Subscribe: <mailto:webappsec-subscribe () securityfocus com>
>Delivered-To: mailing list webappsec () securityfocus com
>Delivered-To: moderator for webappsec () securityfocus com
>Message-ID: 
<541C33250DE1B04E950D6A414182A490012C9D33 () mercury liv-bus co uk>
>Return-Path: 
webappsec-return-3924-inst_karma=hotmail.com () securityfocus com
>X-OriginalArrivalTime: 14 May 2004 07:05:23.0850 (UTC) 
FILETIME=[D3B2EEA0:01C43981]
>
>This is the most workable of all ideas I think, it would certainly draw 
peoples attention to the fact that the submission was a little bit iffy. 
Whether this would then prompt them not to continue or indeed whether the 
message could be clearer in its explantation of what is going on is less 
likely.
>
>It may also be that as authentication on a URL is possibly an advanced 
feature, it could be off by default, and explicitly turned on by the user 
who understands what the resultant addresses look like and would therefore 
be better educated to spot things like this.
>
>Protecting the user with default config is possibly the way to go with 
this.  However, as without Outlook, I'd occasionally like override this.  
For example, to open the Word doc that my colleague has sent from across the 
room and not be told it can't ever be done.
>
>Ian
>
>        -----Original Message-----
>        From: Rogan Dawes [mailto:discard () dawes za net]
>        Sent: Thu 13/05/2004 07:42
>        To: Griffiths, Ian
>        Cc: webappsec () securityfocus com
>        Subject: Re: Phishing
>
>        "You have clicked a link to 'nefarious.fraud.net', with username
>        'secure.bank.com' and password '********'. Do you want to continue? Ask
>        me next time (x)"
>
>        I guess this could be a password dialogue, with the username and
>        password filled in, similar to the current basic auth password dialogs.
>
>
>

_________________________________________________________________
SEEK: Now with over 50,000 dream jobs! Click here:  
http://ninemsn.seek.com.au?hotmail