| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200406110103.i5B13lf6012016@web185.megawebservers.com> Date: Fri, 11 Jun 2004 01:03:47 -0000 From: "http-equiv@...ite.com" <1@...ware.com> To: <bugtraq@...urityfocus.com> Cc: <NTBugtraq@...tserv.ntbugtraq.com> Subject: FOUND: COELACANTH: Phreak Phishing Expedition >From the original discover, 'bitlance winter' one big fat coelacanth: <a href="http://www.malware.com%2F redir=www.e-gold.com">test</a> "i guess that this issue is not e-gold's BUG, IE6 and Opera7.51 is vulnerable. Some server's DNS allow magic number subdomainname. the server allow , www.site.tld wwwww.site.tld wwwwwwwwwwww.site.tld www www.site.tld wwwURLEncodecharcterswww.site.tld when the server allows URLEncodecharacters evil attackers can fake victim users who use Opera and IE . the attacker will make their DNS *.evilsite.tld IN A 333.333.333.333 using this DNS, victim's IE can shows victim http://w.evilsite.tld http://wwwwwwwwwwwwwwwwwww.evilsite.tld and then, attacker makes an evil link as http://www.microsoft.com [malicious falke char$] evilsite.tld and then, attacker set tricks Bugtraq: Stupid Phishing Tricks (you find it) victim user will input his userID and password. I guess many server's DNS allow *.evilsite.tld IN A 333.333.333.333 because they use magicnumber SSL cert. Attacker can use this method." -- http://www.malware.com
Powered by blists - more mailing lists