l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Sep 26 22:19

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] OT: one of the most pernicious spams i've ever seen.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] OT: one of the most pernicious spams i've ever seen.

Hi all -

This is really interesting and really concerning. I would like to take
selected parts of the discussion (for brevity and clarity) and send it to
my local paper. Please indicate (offline is fine) if you would prefer to be
named or kept anonymous.

If you do not want your comments included, or you want to see what I plan
to send to the paper before I send it, please note that. I would prefer
"opt-in", but if I don't hear anything negative for 3 days, I'll assume
it's OK. If there is a preponderance of interest in seeing my summary, I'll
post it back to this thread.


- Larry

At 02:23 PM 9/25/03 -0400, you wrote:
>On Thu, Sep 25, 2003 at 11:04:54AM -0700, Michael J Wenk wrote:
>> On Thu, Sep 25, 2003 at 10:23:11AM -0700, Mitch Patenaude wrote:
>> > On Thu, Sep 25, 2003 at 06:30:32AM -0700, p@dirac.org wrote:
>> > >http:// 
>> > >www.citibank.com:ac=VybznNffNxknAUxPrfE2jYaQUptJ@a3ksd.PiSeM.NeT/3/ 
>> > >?IYTEw
>> > >4eVTtbH1w6CpDrT
>> > 
>> > Maybe a way for places like Citibank, Paypal and other fraud prone sites
>> > to help prevent this would be to check the referer, and if it's a  
>> > strangely
>> > formed url that looks like it might be fraudulent (uses username, lots  
>> > of
>> > encoded characters, etc), put up a fraud warning instead of the main  
>> > page.
>> > 
>> > What do you guys think?
>> My only question/concern would be... What controls the referrer?  Is it
>> mutable?  If so, its just another layer for a cracker to hit.  I guess
>> for every layer added, some lazy crackers stop doing it is probably a
>> good enough reason... 
>The referrer is controlled by the browser (and is definitely not
>required). It was brought up at a LUGOD meeting a while back (the Don
>Marti DMCA meeting) that doing a 302 redirect (page has temporarily
>moved) was one way of avoiding sending a referer. I don't know if that
>was specific to any certain browser, but it wouldn't be hard to test for
>anyone who is running a webserver.
>I see a couple other problems with this idea too. First, this is the
>first phishing scheme I've seen that loaded the actual homepage. Most
>just steal their logos. Secondly, I'm almost potitive that your browser
>wouldn't send encoded characters in the referer. Your browser would have
>already decoded them, and it would send them unencoded. As for
>usernames, I don't think your browser would EVER send that as part of
>the referer. That would be a MAJOR security flaw.
>vox-tech mailing list

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!