[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200406110244.i5B2iuTn009803@web122.megawebservers.com>
Date: Fri, 11 Jun 2004 02:44:56 -0000
From: "http-equiv@...ite.com" <1@...ware.com>
To: <bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>
Subject: SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition
We wrap this up with a full-on ssl site spoof. It seems limited
how far you can 'shove' the real domain out of the way, but just
enough to make it convincing so we adapt the window to 'cover'
it up. Interestingly [with apologies to e-gold for playing with
their site], they have a secured connection [ignore the warning]
which gives us our https, our little golden 'safe' padlock and
most interestingly, all the links inside the site function and
show the spoofed address:
http://www.malware.com/gutted.html
couple all that with the absurd ability to trick Internet
Explorer into believing it is in a 'trusted zone' by inserting
whatever gibberish you want into the fake link regardless of the
actual domain, and you have the catch of the day.
Big thanks to Drew Copley for whacking the sucker on the head,
Brett Moore for correctly pointing out that it can be achieved
without the 'redir' thing as well being able to stuff it with
anything else you want and expedition leader: 'bitlance winter'
who sighted it, tracked it, snagged it and reeled it in.
End Call
--
http://www.malware.com
Powered by blists - more mailing lists