lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: sdodson at sdodson.com (Scott Dodson)
Subject: US Bank scam

-----Original Message-----
>From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure->admin@...ts.netsys.com] On Behalf Of David
Lederman
>Sent: Tuesday, June 15, 2004 12:30 PM
>To: full-disclosure@...ts.netsys.com
>Subject: [Full-Disclosure] US Bank scam
>
>This is the best phishing scam I've seen yet:
>http://www.bis1bp.com/a12/index.html
>
>I have Windows Server 2003 fully patched and this works. The program
fakes >an address bar so this
>would pass through most people's safety check, after all the address
bar >clearly has the correct
>address. 

>There are bugs in the code, for example, all your Internet Explorer
windows >will now have this
>address, but again for most people would only have one window open. 
>


With XP SP2 build 2149 (RC2) it shows up immediately below the address
bar.  

http://www.sdodson.com/phishing.jpg for a view.

--
Scott

Powered by blists - more mailing lists