... more
later ...
bookmark
The Digital
Choke story
I was looking at one of my regular security newsletters, and found a claim that you could easily fool someone into getting to a bogus page by putting a supposedly valid link in a form. So here is a sample form page that will show the problem.
This page shows a form with a simple box and link. Notice that it points to Microsoft's home page (you can use any site name in the exploit). The bogus form is shown between the horizontal lines. It's not very pretty, but it's functional. Don't click on the link yet, read the rest of this page.
"Hover" the mouse over the box with the link, then look at the bottom of your browser window (usually) for the URL of the site for the link. It should say "http://www.microsoft.com". At least, that's what I see on my fully-patched and current version of Internet Explorer browser, and on my "NetCaptor" browser page.
Now assume that the text/info between our horizontal lines is a lot more clever and authentic-looking than my quick implementation of this problem. (It can be done; just take a look at the examples at www.anti-phishing.org .)
So you are ready for the test. Go ahead and click on the link in our form. And see where you end up.
Click the link below to get to our current page.
... more
later ...
|
||||
|
bookmark |
The Digital
Choke story
|
||
|
Entire
Site Contents Copyright (c) 2000-2004 Two
Bridges Group, All Rights Reserved
|