pretty good sppof I think

[George Hester]

How do they do it?

http://home.nycap.rr.com/foryorisonly/spoof.htm

It doesn't matter where the browser is when opened. But if the browser is minimazed then it jumps to (0,0) of the screen.

 

[Randy Webb]

How do they do it?

Who is "they" and what is "it"?

http://home.nycap.rr.com/foryorisonly/spoof.htm

All I see is an image file.

It doesn't matter where the browser is when opened.
But if the browser is minimazed then it jumps to (0,0) of the screen.

Maybe yours does but mine doesn't. Not IE, not Mozilla, not Opera. None
of them "jumps" anywhere except where I put them.

When I go to the URL in that image, I get an error page telling me that
I didn't put the correct data in.

What did I miss here?

 

[McKirahan]

Who is "they" and what is "it"?


All I see is an image file.


Maybe yours does but mine doesn't. Not IE, not Mozilla, not Opera. None
of them "jumps" anywhere except where I put them.

When I go to the URL in that image, I get an error page telling me that
I didn't put the correct data in.

What did I miss here?

What's the big deal?

<html>
<head>
<title>Site</title>
</head>
<body>
<table width="100%">
<tr align="center"><td>
<img src="spoof.gif" width="791" height="77"></td>
</tr>
<tr>

</table>
</body>
</html>

 

[George Hester]

What's the big deal?

<html>
<head>
<title>Site</title>
</head>
<body>
<table width="100%">
<tr align="center"><td>
<img src="spoof.gif" width="791" height="77"></td>
</tr>
<tr>

</table>
</body>
</html>

No no you guys aren't seeing it. That's what makes it a pretty good spoof. Had me too at first. Look closely again and tell me if you don't recognize the spoof. If you still don't see it I'll let you know. It's actually clear as day. You'll kick yourself when I point it out.

 

[Nik Coughin]

No no you guys aren't seeing it. That's what makes it a pretty good
spoof. Had me too at first. Look closely again and tell me if you
don't recognize the spoof. If you still don't see it I'll let you
know. It's actually clear as day. You'll kick yourself when I point
it out.

<breakfast onCornflakes="crack" />

 

[George Hester]

Who is "they" and what is "it"?


All I see is an image file.

it, the spoof does.

What did I miss here?

OK I see a hint is in order Randy. That URL you see there that you tried - that is not really the URL that is in the browser. Look closely not at the URL but at the address box. That is the spoof.

 

[Nik Coughin]

it, the spoof does.

You were being too oblique for me. I get it, now. If you had have said
"the spoof" instead of "it" in the first place it would have been obvious.

 

[George Hester]

You were being too oblique for me. I get it, now. If you had have said
"the spoof" instead of "it" in the first place it would have been obvious.

So how do they do it?

 

[RobG]

George Hester wrote:
[snip]

So how do they do it?

I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?

The address bar area of the image looks tampered with and it is clearly
within my browser. On my spoof-ometer, this rates about 0.01.

 

[George Hester]

George Hester wrote:
[snip]

So how do they do it?

I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?

I really don't see the significance of this. So what your browser? I use IE and since the vast majority of human beings use IE the spoofer could care less about the 15% that don't use IE. He\She is concerned about the 85% who do. Because they are trying to get confidential info and are addressing the largest audience.

The address bar area of the image looks tampered with and it is clearly
within my browser. <snip>.

what does that mean? "The address bar of the image looks tampered with." Are you implying I made this up? I assure you I did not make it up.

This is done with JavaScript. It loads this image over the address bar wherever the browser appears on the desktop. It then will jump to Screen (0,0) if the browser is minimaized. In fact it will jump out of the viewable area if you are using more than 800x600 pixel depth.

How do they do it? If you are unclear how it is done don't fret. I actually saved the source. I am thinking the image is on their server and they just load it and position it with scripting. But how they are able to adjust for the user preferences so that it at least makes a valiant attempt to cover the address bar is what I was asking how do they do it? Don't know OK OK OK Ok.

 

[Matt Kruse]

How do they do it?
http://home.nycap.rr.com/foryorisonly/spoof.htm

I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!

Apparently, some site somewhere is loading a graphic image with no borders
or anything and placing over the top of the address bar in visitors'
browsers. This is indeed tricky, but without seeing the actual _source_ page
which accomplishes this, there is no way for us to know for sure how it is
done!

 

[RobG]

George Hester wrote:
[snip]

So how do they do it?

I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?

I really don't see the significance of this.

You think loading a Windows classic address bar will fool people
running XP? Or even those using Win 2k with the default interface?

So what your browser?

You have no idea what my browser is, I didn't tell you. I didn't say I
*wasn't* using IE either. In fact I tried it in Firefox and IE.

I use IE and since the vast majority of human beings use IE the spoofer
could care less about the 15% that don't use IE. He\She is concerned
about the 85% who do.

They may fool those running a Windows classic interface, maybe those
running Windows 95-98-ME and NT, provided they haven't loaded one of
the many skins available off the web or applied a theme and are still
using the Windows classic interface without even modifying the standard
colours.

Because they are trying to get confidential info and are addressing the largest audience.

How? By presuming I have an eBay account? That I'd be silly enough to
give that information to eBay? I presume some type of form would be
loaded below the image at some point?

what does that mean? "The address bar of the image looks tampered with."

Exactly that. The image has obviously been modified.

Are you implying I made this up? I assure you I did not make it up.

Why would I think that? Why do you think I would think that? I
certainly didn't say it - heaven forbid!

This is done with JavaScript. It loads this image over the address bar
wherever the browser appears on the desktop. It then will jump to
Screen (0,0) if the browser is minimaized. In fact it will jump out of
the viewable area if you are using more than 800x600 pixel depth.

Now that you've explained what I couldn't see (even in IE), I can
confirm that none of the described behaviour occurred.

How do they do it? If you are unclear how it is done don't fret.
I actually saved the source. I am thinking the image is on
their server and they just load it and position it with scripting.
But how they are able to adjust for the user preferences so

They don't.

that it at least makes a valiant attempt to cover the address bar

It doesn't.

is what I was asking how do they do it? Don't know OK OK OK Ok.

Don't know, don't care - Regards, Rob.

 

[George Hester]

George Hester wrote:
[snip]

So how do they do it?


I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?

I really don't see the significance of this.

You think loading a Windows classic address bar will fool people
running XP? Or even those using Win 2k with the default interface?

Yes I do.

You have no idea what my browser is, I didn't tell you. I didn't say I
*wasn't* using IE either. In fact I tried it in Firefox and IE.

Tried what? You don't have the source. Come on man give me a break.

They may fool those running a Windows classic interface, maybe those
running Windows 95-98-ME and NT, provided they haven't loaded one of
the many skins available off the web or applied a theme and are still
using the Windows classic interface without even modifying the standard
colours.

I am running Windows 2000 Web View. It makes no difference. The skins do NOT effect the inner space
of the address section.

How? By presuming I have an eBay account? That I'd be silly enough to
give that information to eBay? I presume some type of form would be
loaded below the image at some point?

Yes a eBay login that looks exactly like an eBay login. They just hot link eBay's links in the page.

Exactly that. The image has obviously been modified.

You are Wrong. But I can't tell you that you are all-knowing.

Why would I think that? Why do you think I would think that? I
certainly didn't say it - heaven forbid!

You implied it there and here.

Now that you've explained what I couldn't see (even in IE), I can
confirm that none of the described behaviour occurred.

You are unable to confirm anything since you do not have the source.

They don't.

They do. You want the link? OK here it is:

http://halfebay.us/aw-cgi/eBayISAPI...sg=-1&runame=&ruparams=&ruproduct=&bshowgif=0

 

[George Hester]

I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!

Apparently, some site somewhere is loading a graphic image with no borders
or anything and placing over the top of the address bar in visitors'
browsers. This is indeed tricky, but without seeing the actual _source_ page
which accomplishes this, there is no way for us to know for sure how it is
done!

Yes Matt I have responded to someone who thinks I made it up. The link is in there. RobG I responded to him.
I just thought maybe you excellent scripters could devise how it was done on your own. I'm sure it is possible to
do it other then how they have done it.

 

[George Hester]

George Hester wrote:
[snip]

http://halfebay.us/aw-cgi/eBayISAPI...sg=-1&runame=&ruparams=&ruproduct=&bshowgif=0

Don't know, don't care - Regards, Rob.

It won't last long eBay got it. I sent it to them and they shut these things down pretty quick.

 

[George Hester]

I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!

Apparently, some site somewhere is loading a graphic image with no borders
or anything and placing over the top of the address bar in visitors'
browsers. This is indeed tricky, but without seeing the actual _source_ page
which accomplishes this, there is no way for us to know for sure how it is
done!

Also Matt the reason why I did not explicitly say what the spoof was is because I wanted to see if it was
recognized. It wasn't so I guress they did a pretty good job.

It fooled a number of us including me. I tried to get the domain when I first saw it and couldn't figure out why my
address bar didn't highlight the address when I clicked inside it. The address bar was just dead. Goes to show
you they aren't that dumb who came up with this.

I think it's pretty ingenious.

George Hester
__________________________________

 

[RobG]

George Hester wrote:
[snip]

http://halfebay.us/aw-cgi/eBayISAPI...sg=-1&runame=&ruparams=&ruproduct=&bshowgif=0
[snip]
It won't last long eBay got it. I sent it to them and they shut these things down pretty quick.

Ah, I get it. Your link was to an image of *your* browser showing the
dodgy URL. You wanted us to enter the URL displayed in the image, not
the link you provided.

Have a good look at the image you provided, the address is not aligned
with the address bar, hence the image looks doctored.

What you wanted to know was how they got the image to display over the
browser address field.

Maybe I'm thick... RG

 

[Michael Winter]

[snip]

They do. You want the link? OK here it is:

[link]

It still doesn't look good.

In Opera:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/op-spoof.png>

That is, nothing at all (there were no script errors).

In IE:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/ie-spoof.png>

That, combined with no certificate, makes it a very poor spoof.

By the way, it's a good idea to wrap URLs, especially long ones, with
<URL:...> (as I've done above). This has a better chance of them being
interpreted in full, rather than breaking when the client forces a new
line.

Mike


Those images will be deleted by the end of this week.

 

[Randy Webb]

Also Matt the reason why I did not explicitly say what the spoof was
is because I wanted to see if it was recognized. It wasn't so I guess
they did a pretty good job.

The reason I missed it was because I wasn't sure what I was supposed to
be looking for. All I saw was an image of a toolbar. Also, when I go to
the URL you gave, it didn't work as supposed because I used Mozilla. It
uses the window.createPopup() method to create that effect.

When viewing it in Mozilla, it obviously doesn't "work". But its written
to expose a security flaw (I can't call it anything else) in IE.

It fooled a number of us including me. I tried to get the domain when
I first saw it and couldn't figure out why my address bar didn't highlight
the address when I clicked inside it. The address bar was just dead.
Goes to show you they aren't that dumb who came up with this.

That is true, they are not dumb. Most spammers/thieves aren't though.

I think it's pretty ingenious.

Yup. I saved the function for future tinkering

 

[MikeB]

George Hester wrote:
[snip]

So how do they do it?


I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?

I really don't see the significance of this.

You think loading a Windows classic address bar will fool people
running XP? Or even those using Win 2k with the default interface?

In my IE on XP Pro, it doesn't exhibit any of the behavior described. I just
get the graphic of the "proposed" address bar about 3/4" down from the IE
address bar. A fizzle for the spoof.