| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Mar 16 16:23:13 2006 From: arley.leal at sonae.com (Arley Barros Leal) Subject: strange domain name in phishing email Hmmm...isn't that a base-10 representation? One may use the IP base-10 for phishing, one classic example would be: <a href="http://www.vatican.com@...4596099/">www.vatican.com</a> You may also use the base-10 representation for ping, nslookup and so on...it works for me at least... For some sites I was indeed able to bypass a (thousand-dollars) content filtering engine using this hack.. Cheers, Arley Silveira. S?nior Systems Engineer Cisco VPN/Firewall Specialist, CCNA, MCSE Security, MCSA, MCP+I, Security+, iNET+, OCP, CIWA -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Juha-Matti Laurio Sent: quinta-feira, 16 de Mar?o de 2006 Arley @ 16:03 To: Michael Holstein; full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] strange domain name in phishing email It seems that this case has the name Dotless IP Address Security Issue and KB article #168617 http://support.microsoft.com/?kbid=168617 describes it even in IE4. Correct if I'm wrong. - Juha-Matti > IIRC, Microsoft changed that as one of the security updates to IE. For > a time, it was a popular phishing trick. I also remember there was a > way to do that (or something similar) to bypass the security zones in > IE and make it think it was a trusted site, but can't find that reference at hand. > > The "rest" of windows will still do it though. Try "ping 2887060730" > or "telnet 2887060730 80". > > ~Mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4621 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060316/dc3be7b0/smime.bin
Powered by blists - more mailing lists