pretty good sppof I think

[MikeB]

I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!

Yes. I get it now.

 

[Michael Winter]

[snip]

You think loading a Windows classic address bar will fool people
running XP? Or even those using Win 2k with the default
interface?

In my IE on XP Pro, it doesn't exhibit any of the behavior described. I
just get the graphic of the "proposed" address bar about 3/4" down from
the IE address bar. A fizzle for the spoof.

Did you really have to quote 4KBs of text to add that? What I've left was
all that's needed.

You write your comments in conversation order. Good! Now please learn to
trim irrelevant text.

[snip]

Thanks,
Mike

 

[MikeT]

It fooled a number of us including me. I tried to get the domain when I
first saw it and couldn't figure out why my
address bar didn't highlight the address when I clicked inside it. The
address bar was just dead. Goes to show
you they aren't that dumb who came up with this.

I think it's pretty ingenious.

They are using window.createPopup - a microsoftism to create a
chrome-less always focussed window - and then a 25 microsecond
interval to continuously reposition this popup over where they assume
your address bar to be.

The fact that all the variables and functions are prefixed with "vuln"
shows their intentions are clear

 

[Lee]

George Hester said:

You are Wrong. But I can't tell you that you are all-knowing.


You implied it there and here.

I don't know why I bother, particularly since you insist on posting
quoted-printable, but what RobG is pointing out is that the address
bar has very obviously had the URL pasted in place very badly.
He didn't say or imply that you had done this.

 

[kaeli]

In my IE on XP Pro, it doesn't exhibit any of the behavior described. I just
get the graphic of the "proposed" address bar about 3/4" down from the IE
address bar. A fizzle for the spoof.

In my IE6 on Win 2K Pro, I get an image that looks nothing like my IE about
an inch down the page, surrounded by whitespace (much like you say). I do not
have any IE skins, but I do use Windows themes, so the colors are all off.
The paste job on the URL is laughable.

If this is a spoof, I don't think it would even fool my mother.

--
--
~kaeli~
If that phone was up your a$$, maybe you could drive a
little better!
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

 

[Matt Kruse]

I don't see anything but an image!
It doesn't work on my browser!

It boggles my mind that in a group of such intelligent individuals, so many
people were confused by this post.

Sure, the OP wasn't clear at all in pointing out that the URL he posted was
a screenshot of the "vulnerability" in action on his machine, not an example
of the vulnerability itself.

But if your intent is to view the site and understand what he is saying,
rather than looking for people to stomp on and yell at and insult, you'd
quickly realize what it was an respond accordingly.

Y'all need to take some ritalin and chill out a bit. Before you start
jumping down peoples' throats, make sure you understand what they are trying
to say, first! It's sad that so many technical groups are filled with people
so eager to beat down people rather than try to understand them.

 

[McKirahan]

Fools wrote: [snip]

Before you start jumping down peoples' throats, make sure you understand

what they are trying to say, first!

[snip]

So you've never seen a post that was unclear?

 

[Matt Kruse]

So you've never seen a post that was unclear?

Of course I have. The original post in this thread was very unclear.

But when I see posts that are unclear, I either ignore them or ask questions
to clarify.
I certainly wouldn't start insulting the poster - that doesn't help anyone!

 

[George Hester]

The reason I missed it was because I wasn't sure what I was supposed to
be looking for. All I saw was an image of a toolbar. Also, when I go to
the URL you gave, it didn't work as supposed because I used Mozilla. It
uses the window.createPopup() method to create that effect.

When viewing it in Mozilla, it obviously doesn't "work". But its written
to expose a security flaw (I can't call it anything else) in IE.


That is true, they are not dumb. Most spammers/thieves aren't though.


Yup. I saved the function for future tinkering

Hey thanks Randy for looking at it. Yes an IE security flaw and probably one that I have made
sure I am still susceptible to. I actually keep my browser on the brink of most security flaws as I have other ways to protect myself. At least I think I do.

What they are doing is really not something I waant to do myself I just like the crazy things IE can do without our knowledge. It's an adventure.

 

[George Hester]

They are using window.createPopup - a microsoftism to create a
chrome-less always focussed window - and then a 25 microsecond
interval to continuously reposition this popup over where they assume
your address bar to be.

I thought it would appear over the address bar wherever the browser is positioned. Am I wrong about that?
If not how do they do that? Is the address bar location accessible in scripting?

The fact that all the variables and functions are prefixed with "vuln"
shows their intentions are clear

Thanks

George Hester
__________________________________

 

[George Hester]

[snip]

They do. You want the link? OK here it is:

[link]

It still doesn't look good.

In Opera:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/op-spoof.png>

That is, nothing at all (there were no script errors).

In IE:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/ie-spoof.png>

That, combined with no certificate, makes it a very poor spoof.

By the way, it's a good idea to wrap URLs, especially long ones, with
<URL:...> (as I've done above). This has a better chance of them being
interpreted in full, rather than breaking when the client forces a new
line.

Mike


Those images will be deleted by the end of this week.

Your right yours doesn't look good. Mine was a little better. Yours would not have fooled me but mine did.
But yours was neater. Thanks for that. By the way the link eBay killed it. I'm sure I'll get another one in a few days. I'll see if they have made it any better.

George Hester
__________________________________

 

[Michael Winter]

[snip]

In IE:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/ie-spoof.png>

[snip]

Your right yours doesn't look good. Mine was a little better. Yours
would not have fooled me but mine did.

Also notice the frame border below the Address bar in the IE image. Notice
that the white background doesn't extend to the end? It would certainly be
odd to see:

...=h:h:sin:US &UpdateCreditCard...

[snip]

Mike

 

[Jim Ley]

I thought it would appear over the address bar wherever the browser is
positioned. Am I wrong about that?
If not how do they do that? Is the address bar location accessible in
scripting?

It's guesswork, createPopup lets you position a popup relative to the
top left of the browser area, if that's negative in the "top"
direction, then it will appear over the top of the search bar. If
you're running with them in default location, then they can position
it accurately, if you're not, then it could be anywhere.

phishing is a big problem, and not enough sites take it seriously -
there is no site you can trust - never follow a link to a site, or
use a form on one site to go to another (don't use those google
search this site forms for example)

Cheers,

Jim.

 

[George Hester]

[snip]

In IE:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/ie-spoof.png>

Also notice the frame border below the Address bar in the IE image. Notice
that the white background doesn't extend to the end? It would certainly be
odd to see:

...=h:h:sin:US &UpdateCreditCard...

[snip]

Mike

Yes I saw that. They don't know how to generate the length of it based on the user preference for the
length of the address bar. They will probably work on that. They need to get it flush. Do you think they can do
that with JavaScripting alone?

What's really cool is to change to 1024x768 and then minimize the browser. The image then goes out of the
viewable area of the screen. 800x600 it only goes to screen dim 0x0 and hugs up there. Can't test it anymore
though. I really should not have sent it off to eBay so fast. dumb dumb dumb.

 

[George Hester]

Of course I have. The original post in this thread was very unclear.

But when I see posts that are unclear, I either ignore them or ask questions
to clarify.
I certainly wouldn't start insulting the poster - that doesn't help anyone!

Matt I believe it was only unclear because the spoof was pretty good. If someone posted a "pretty good spoof"
and had a picture of what they were referring to, my first reaction would be "where's the spoof?"
I'd look at the picture and say, "I'm confused what are you talking about." Actually I got much more derision
than that. I am sorry if I did not point out the spoof and be more clear that what we were looking at was
the spoof. But I believe that would have lessened its impact.

Thanks for giving me the benefit of the doubt here Matt. You and Randy dealt with this post (sorry again)
admirably

George Hester
__________________________________

 

[Richard Cornford]

Matt Kruse wrote:

But if your intent is to view the site and understand what
he is saying, rather than looking for people to stomp on
and yell at and insult, you'd quickly realize what it was
an respond accordingly.

<snip>

You are assuming that there would be any intention to understand. If you
look at George Hester's record on posting to c.l.js (through
groups.google.com) you will find that he has put a lot of effort into
earning the reaction he solicits here, and if it is less than polite
sometimes he has earned that too:-

<URL:
http://www.google.com/[email protected].
rr.com>

Richard.

 

[George Hester]

<URL:

http://www.google.com/[email protected]..
rr.com>

Richard.

Lovely

 

[George Hester]

<URL:

http://www.google.com/[email protected]..
rr.com>

Richard.

You know Richard you been carrying this link around for years. Haven't you reformatted yet and lost it?
What is your problem? If that comment was directed to you you deserved it. And if it wasn't you still deserve it. Now why don't you just put me in your <plonk!> and be done with me? Why do you hound me like a long lost insect? Lay off me twirp!

 

[Michael Winter]

[snip]

Notice that the white background doesn't extend to the end?

[snip]

Yes I saw that. They don't know how to generate the length of it based
on the user preference for the length of the address bar. They will
probably work on that. They need to get it flush. Do you think they
can do that with JavaScripting alone?

Probably not. The position and size of the Address bar varies according to
user preference, not just browser size. They could choose a formula based
on the default layout, but I doubt they could adapt it for all users.

[snip]

Mike

 

[kaeli]

<URL:

You know Richard you been carrying this link around for years. Haven't you reformatted yet and lost it?
What is your problem? If that comment was directed to you you deserved it. And if it wasn't you still deserve it. Now why don't you just put me in your <plonk!> and be done with me? Why do you hound me like a long lost insect? Lay off me twirp!

The comment was actually directed towards Mike, who has been the one most
helping you here.
The comment was bascially to **** off ("fu"), for those who don't want to
load the thread. Nice.

You are regularly argumentative, you don't post clearly and then get pissed
when people misunderstand you, and you get pissed whenever anyone tries to
offer you advice as to how you could improve your code. I killfiled you long
ago because I got tired of the longwinded argument about posting styles, but
I am still subjected to the responses of people trying to talk to you -
people who have helped me so much, I'd never killfile them.
You get what you give.

--