Archive for January 31st, 2008
When it comes to internet phishing or spamming, much success relies upon tricking the user into clicking a link. Often times one can tell how legit a link is simply by looking at it. For example, if you’re telling me that you’re paypal but I don’t see paypal.com in the URL, I’m going to know it’s fake.
Recently though, some people (including myself) have stumbled upon a way to redirect people to a website using an innocent looking Google link. The trick revolves around the “I’m feeling Lucky” feature of Google.
By simply appending http://justrpg.com/reviews/dragon-ball-z-budokai &btnI=3564 to a Google search query, the user is taken to the first result for that query.
In order to use this trick, you’ll need to find a search term that your website comes up first for. Since it can be any term though, it’s quite easy to make up a random string and include it on your page. Here’s an example:
If I wanted to “Rick Roll” you (trick you into viewing a Rick Astley video) I could link to the youtube video, but you might not click. If I used this trick though, I could send you the following URL:
http://www.google.com/search?q=eBGIQ7ZuuiU&btnI=3564
In this URL, q= is the search term, and then the btnI=3564 tells Google to use the “I’m Feeling Lucky” feature. Clicking it, you’ll be taken straight to the YouTube page.
Ok, neat trick but where’s the security vulnerability?
I used Rick Astley here, but I could have easily used 2 girls 1 cup. Even worse, what if I had used a fake page made to look like Google instead? You might not notice that the URL at the top is different, and you may even type in your username and password to log in. It may not work on the sophisticated internet users, but using the trusted Google.com domain will certainly bypass any anti phishing software that works with email programs.
Note: The same can be done with any type of proxy site on the internet. GoDaddy recently told me I had to move Unblockd off of my server there for this reason.
January 31st, 2008
I remember the early days of the internet, when you had to have a service like prodigy or AOL or compuserve to get online. For me, those didn’t last long. As soon as I could get my own dial up, I did. Hell, I remember friends stopping by to use my super fast 28.8 modem to download stuff. Ahh.. those were the days.
Anyway, I also remember the revolution. The day when we discovered ICQ and AIM and ditched email for instant messaging. IM made a lot more sense – we didn’t have to wait for a response, and we were able to have a conversation with people when THEY felt like talking.
It was also great because IM didn’t come with chain letters or annoying spam (at least, not until AOHell and FateX came out.)
Today though, it looks like teens are taking another step. When I was in Dallas I noticed that my 16 year old cousin and her friends spent all day in the living room on their laptops. I also noticed that they didn’t use any email or instant messaging programs – only MySpace and Facebook.
When I asked about it, they told me that there’s no need for email or IM since all their friends are on MySpace anyway. If they’re online, they’re logged in and chat through there.
Are IM programs about to be obsolete? I doubt it, but it’s an intriguing trend among today’s teens. Personally I think it’s a step backwords, but what do I know? Knowing what ICQ and IRC are make me an internet geezer.
January 31st, 2008
Do you remember what you were doing on 1-31-07? It’s the day that the Boston police, anti-terror unit, bomb squad, and mass media went totally insane when Cartoon network put up some lite-brite style ads around the city.
It’s the day they arrested artists for placing advertisements. It’s the day the terrorists officially won again.
Of course, it’s not the first time Boston has over-reacted. They DID blow up a traffic monitoring device that the city placed when they confused it for a bomb.
In talking with Jim the other day, he brought up the old Franklin quote: “He who sacrifices freedom for security deserves neither.”
Then, I reminded him of 2 more of my favorites:
Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the vote. – Also Franklin
And
Sacrificing privacy for security is like taking the walls off your house to build a fence around it. – no clue who said this.
1-31-07 is just one more reminder of the sad path that this country is heading down.
January 31st, 2008
