AviationBanter - View Single Post

#18 March 20th 05, 06:38 PM

"Jay Somerset" wrote in message
...
On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any
browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

Bruce Schneier covered this URL hack in his latest
security report. Write-up and very convincing fake
paypal page he-
http://www.schneier.com/crypto-gram-0503.html#6

Be careful out there.