Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


eBay Redirect Becomes Phishing Tool



 By: David Worthington
2005-03-03
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A flaw in eBay's server configuration paves the way for spoofing attacks when a specially crafted URL is used to redirect users to a malicious Web site.

Online auctioneer eBay, a prime target for phishing schemes, has been used as an unwitting accomplice. A flaw in eBays server configuration paves the way for spoofing attacks when a specially crafted URL, which is a valid eBay link, is used to redirect users to a malicious Web site.

eBay was made aware of the issue several days ago, but has not yet corrected the problem, which can be used to exploit the trust relationship between eBay and its users.

Resource Library:
Phishing is the designation given to a class of socially engineered attacks—generally carried out via e-mail—that steal consumers passwords, credit card numbers and other personally identifiable information.

According to examples viewed by BetaNews, the eBay redirect has been used by phishers to make fake Web pages including login forms, defacements, false press releases and other sham Web sites.

"It certainly adds some credibility to phishing e-mails. But scammers have used other types of URL redirection for a long time," said Brian McWilliams, author of "Spam Kings."

"At the moment, I guess it would be wise to tell the user to look at the URL before and after they click. Just to be extra sure," said Internet security expert Jeremiah Grossman.

"The problem is the redirect landed the user on an IP addressed page. Is the average user really expected to make a good decision here? I believe phishing is a problem that needs a solution well beyond people looking at URLs. Its obviously not working."

Read the full story on BetaNews: eBay Redirect Becomes Phishing Tool

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: eBay Redirect Becomes Phishing Tool
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By David Worthington
 


x}ksȒvf`i9mӳwR IGeofUC?zNw؆zdUfefeeUe!ogDmU71IIvjj.3轗%y歯!I=Wevu3Jh4=GRQu=تg4j4u;#|c9o;| `OS;S uɄ_/41\:}nnl bh[:GXC#: rWݸ#?7i=#@I.R(CM.sD~P٦HPޤȶ|3P=(2}ߞĩ }!y>"Jk4ދш䣎e3ʀY㻝F z\]~ j 1v 45mb'(cO^2hbŠ ~=a ٷ]^-GJ=s9 ' ٪b'*Dp/0ڦQ#@f S.H͌ԩaBwTP}⩖QzmyKu3|($g4.vߟDE%$7 .nq/0/<}ix~jr  + VV7R1W`JLTʗbmg" SmbAG,{/B oVo[P+djMs (2,rri[򳹥}o__]wzmo_wڧ>1fW*CpP^1 zUisiڟ:'g{:R]ڟ,Ok*Cp='^=:$=LMrG]ji6ixT|2IUL|usB2,Odo_ZB5e}!s;ceQc5sgX@7'S2ML9oY@/@ש!QWt"xxf-M_#dW V?g]=s a4z@LT&:h)5?&>gMab&DJH;} $}(嗋mRq>]R8{3Bqɝ`g@QE !\J!=! gLe~}7pzWM}zlNTVʒ0Wb{g(! .}׶ƍv"e.ڽ^}8^$g 5F0 ,heݴ%!8W%MB|GAvüR-b(7ZDgL-,5,;LtL?zû?x`h;uJթS)Սٴ>T-+>:D"ɠ*ڴb{\gj4!>&MЀ/4حRg&v/>Щ1SD4 i-DAwu0Iձe{ef"S qGs νdrgoM^(gEnPX^0 vj5sHpyY?C]׶}3B3<`LkwaCq>(%Ϸ2J ] #RRT$]]HPw9J B!L0oV0( aKq+TbD0JnOu$c{/JhF3a ab -d[b|l e&vZL< #n"0%X Y ϴ6jԍe̓V(Fބhdh,a戡 uy=N-㓖 & # K8Yfصq=7CC<ݲ%st08.fXfZ1kwBaò@s2QiESÂ&$tTDh.L˄|&=6=gU4#UUK\w;Ķ`漇d*Nk'`l7?>{@O \n\0ħ4<3_O#ku J% jJ=Us A|5 i!SL&Ze ]>>[_>`rf.O磘YTE4hQ*ua5) j>=ゆ|Oƅ/m%s;w9p/ms>u Z\ϗ+]61&@0m"}Q4'Z>pd`/R3:¿wUgҵRXO%}8i/#Y X&T6M>0}UkN(MAVD. k lirpj ZDJ < đNTUbYaT(h]p#HE~H2~2js8x_8圉jC7Pz;gn-&WꜹqGשeXTXe17 axJq3 #T_v%*|Yp\6_N]CN! MlW6 Oy[C(a+ʅC81'?Ń Ӱ%Jt( ֹB\U %ÏRU#tT# CWt0,(O<_(bYtbT~\Ygdg\a+o?`Mɧb_=,UXc փ0 JǸ}j3Gnb*r_?J=[L4GxbZ`;7==%(4OQ `dm ea bȈC|fSjL$>3OR-4ss>nz*%\.YJQd {2TٷCdu;mԏ'Xg> }Ay蘒Rf̚Q*~%UHU<+S?YTAteU,cEZ[g'ZAY_MkђXkhs)-ܝ`@O|K!O]084eD3_<r[rn)tyņ5QSh-Bwyr `3W?f48NcVpDM"?Rh)03?0RB0/\WJb(ϢpӁ9tOl~N@( EGuRDR_{{khzk8>?o0TwgT}̇'S$̆RP8^*Lȅ#uL>9(W}^79Sj6_}AFJN^vp{o9F߀>O1Ok_4~ P=8XъqkVb~2)}AmN9˞xF Í7"HdSOkԛ#21tZ!&rښSqv=O?鞟`rȴP9=ǛP6'in&.;ցGS橩-蔃N xұy0Р#%tBfy|\fjF4Aꒀ~4⧤DbbVHޜ-Hy9Yi ylXýMی3BJ$j;ΖˬD̗4.נy0V#"| -&GX!*V f[YUO~F!qbwyO0GW刜򇹃aEbݩe3D5uwb;2Q <dzP'_YL.t0o X9]CΓdtW:'cv-Q&}9,u DK쐃6;&vcˑ;^\BzswOɍ23XƵc unW(y" JjXbiueO5i^~&m_ |1$ߓD-@Nu wjh wT意F Y1V}ͩ3rs+nigue'3 MunoœO)+ev{k}E37tRT{d;q6ӱ$BBЭyE̅S.{ ~Gw#^q;- atH_/lǵ4/ Z4f;YGv5U[=إ nv ^ x9!ǚT׫g4]f+wuB>]B6KgYnIU\ⲋD Ɗd/)G9ϣʢFY:'%:mDgiv?cg[#D: ʷcvU1#S ORC@/Mvxw3*7 C~"+Q1j73$9g2#@*yh\]w71%pRx656y(h4Rrwg7 lf4HW ~@k=ì§!qZ$vzP,x量B4g5Qx F@E-C)- NN^>fO" P4 ?"dZfA2ߟP<zǓmpsYDNX~{G,NGDa-2{tq :؄oH\t]u--(JERRދ_aؖƯwmOUP-U][52 6)d45͞IHQH'"7=_Mz&|_̐`pyvYn:إ?M7B|(L`JǪ᧌KĜO?WӤ A3pMa X;Aa Q [ئ.& zmGX81.[Pu=cqF5\3h^VĪӼoFod|Hp _烜3Nx'(>D u `F٫e _5T f8^cg:H;wߎo?'Vܐ/C<*5mpYM@QJ=S+V`Px7nB5Űo&8gs-ISm^}\@/4d2^D4t1-@ U#!?ycC7ŵi?۟W[ܸ]]?buu!*uMo7 _S Č,\:ēDzݦW+=#}C飅+tG51 @+  0MrlC_.W|/g GMm^BDo@4t1A&Wa+뚊:eqˆqS#؛ظ*uGNpQ~Ibv7+AvC;wf|K9NS>b|&Xۛ79DZIC0L]#g@fqgGtS:E3$$ Ÿ)/BMnlZk/Cjs>1Js_|Ū})Ctؤڅ|pA2v̇3E^԰oPJ#uc φ_=#SBOmwlG5?%D%R|#_<4-ķzf55)nap6}P  lw~ǛvګІK39}PشB!WV4 [ذ8pX}՛gWQ{Wu@Vv!6bsԾKArYVZ^uŖqyc~|P2{' ʬkI2ƱH>S&y)LSp2R > -'. zit?me'ycplCU j^~^_61W- '"`5Ms[hO>%>%/l1DKb\Gj sT5\(yj(xu,7U5f[n;*kxx]=Dᾲ_+ n~-4ƒCTܭJ8 LBRu{UDpƻ^P3 M?^27COX l Ip\?_`n2wݶ1VC22?~јWϪ׾ 5'SaR :'V籹 "" DpYz;aN 2Y,w;UబhAwǶ ^WG˸v0V}!Ӊ[,ţLKp}@UcP>Ga,.so;ذBe vDv+"~=IPV4 ccWF%1z J 0 ,qȞl"Iv;v홥GQuEbI|~a@j>>2v\A8AXJo"Ev9ak`DYbI2=^TR6`T5Pm.MEfQȢa.]sI ;*Tj~z[ZbIEc 2>uTGHkĘW8vlNa\PF50<>HU) &50Z<ha5pq䳚bfģ Rkah;XyZcRk,u3kI<6߅7cXzZ#Ժ3\B+1?n9&0؞ʒOi ͬͱ-lva|Duv7H tNT CeR}P$hx/HH y9ʇf㍸=w^!TPN71嘔6JrN[Ļ^YH<2 \T"ЍAUdwߠeЅ5T?n#nݫŶr"#d-Ã|U:J 0YtL`> XPpą(|x[T˕|{8jNd>hTӑu .;A=dHLR xI-B 5dt߰,VIm{$7i-ēF윓M﷯{aE32>ӰCߑ;Ub:'죃B8Ap~Ş9$l0W)>Agz:̱3!hкdo6zSοpբCHS]~w7/{ʡRķ6ԝ8 `8.gj(@K+2&Bs8?_{=&nń[%œ 5"<$c{("`"1/aX9c3bwto?zoW_jit?O>u;WLQ_j*!b3wȥ#A}9gTϗؑ_$RK30NM (bUd 7TYPXP؟beԋM)Awa/{xv ̱=`\xhp`%;N_̏NNTG#At,9ۡnlxzEQp#ߛS?!?I&us Đ0\28<>&1.ycq XxhW,evtj9 1ºޙ'#}'t3{8^BOcz%2!#v)C>T2oh>T0 =b3brOTvcѼ:LNפINmx;\l.m[0j?sm}>^}>\;} Lf&cR0,g?ehE)3C9ULj6C\rxIx(ah,.6!.Uk$;G(%lFyї bXթuؼW?Fzy u+S+*t?+gw:^9֣&|A^^[+!PT8iz47alnqhO!u{It/ۙF`RZl<%HMɿ'MfJ~)-A'O>)y!NqYieVJ>?t.Sez)!sfE\)_4@ߋ^}.Rs_yŸ)2z'g)_@EJ>e^\%euݔwAtSOK7E\\ԿJ s?=_e}G௏) ?~RBȿIIh&࿛u2A~3EΚWpz~;s_4ST}VKӔCOgeSVڍn a{Br192Я"eoenldڹ: aq+<7iKBjk ǨJuv^_BBU$X2TkW4<1A bye?VTbw;]}ܤ\մ] &o-cENj9.~QBɜ8G\%ea)Ns"X4k{H9/.=( }^6|.7f;t{|MtKn lx2%>CG0nsOk|>"[~t_<\Y몮,5VlNAm PVswegC:/ ΄Y$-J C/s H;1o󠗕rG܌:X';,w`/烫6Kfz}2չ_ϳ_9(a$x FZg9Cq`F]SStOW}5o7\h D⻝mTfxN2l( |~˕R}#\#a4wN9J]L-A`"( D:QȀFuo*K0rz!r1 =4aԭxKQ7p E ұOZzP=1͛YLIU7/{_ۑ 2S7;8spI=m<z5<(3o`xތzL&\ʠaC ؒ9Nij[? | gY?8M8[b,߁z<Yh {xq~1,JN x-3|:UAs:PB΄[4ɣG<ǃHYqe*sM U! f-Nؒ1dKInUydHrY {gpFL#q{Ċ4xQxlu|;rb tq n#aR Zߍ Kk䂴3 O:vҸ6B#g/1^606n>QuL'jݫ65[kw cNP ^ ^M6"fGٷ]y ůD|݆NL{gZg>P;xXTgK\۞@ĚWuu;LВ?y/R^!N6WHx453->ٝ+ҳ͙o27 6L J :Aϐ\ȿK9#0~)(HY{N6 )4Mϫ΢P$[!W*AȹX6v뚽VA'Y>""ⅰx!`Obx`#(}c,XOGikA/?tI3ۉdĽ%Ս}Y)&] arጔV$i,?E#lXw|7(6؋|%O' Ͻy4N)tFFϨjC Am'{j e. }(ŬB]d<)OwbQ޺%鏸6x}³; +CCk^p멎PU|JA1Z<&[z>SK:!A]9-_c!0p,\f dl}π!XsCQ %7` ]՝T<@/7A{J B ϱU!ng `coDl .\jL.©,6Ał=vLvV("c*Ю^x9Na^q=Ӹ+Aў(Ym0g64 o#]\$c`WH؂{ʐXh[1RpCV)tOK!?AVt %`GYU`+r 8ǩWVmx yVBȟat!L?V1?{c5VQ޶7G mݰ Q`[*&nۊuyDuu\7(Gme#FP1V)?&Il} ratX ^|޹+o=e6/zZ8KqJ epCikRK c4rvlyEJJlH2k`0bGP1,sQfoԝŒ'TxUHF>-h\l};U_٦9LDxZ8.'3gqȏ|"[]R*gw׹W6Ȁ/|[w0H\r#T'a1+=g-hǵx"ۄ!w0ЕDM1O(ͦ,1F Aixv! C`*=F" ţ8Z*bJ#ىZL\Knrmms )60M>r3D@ͽ]^e*!R04xvx}P 89]/>%Ӭoe~vfsOk̋-M@W_ă|C=Nl֠gռ=cDvooJт{5D| ׿˾ŗxb1Zq?vPe^g05{ b8$pe5Tu^T]8::(1Udo3GURcYDo5A΃Yֲ90.4J oF_?p4ߍ@OpgWťwz=K{Tq5 EhzDk%j@ (oL)_/`0N( /2$Nm;+,HCYаd͸C2~%]Gu4_.*A# .T~tgQ5U0%ߑ/xDČvXCo?ŞCEb#wW|mG_$^Uk;\U DY*9p|gǥc/Sf, QjJT@K}:8cSÄ^K@+] V`>7-忓uN:bQ<`V>`߂1*j7xx9v^cf:q}<(Ӣ2&*בZ Ex ZNWLŻ1άK*9Xe4􁬉n;0}h&(z$_|f#3STRr-F`xO7 5 T=.jnB.6VSYk6R7Kx BdҶNK =ѿA {C4G>7/~>VNtg/OM?e|ea 5YP0~N nҗ%7::`Zc1>`(7n(-5H' p:721t H | 5;na;efrqG/{:Ƙwcs0QG8WZи1 6lqI^=5 ڵx!ȦmbVCz1&ǩ:Vvϰ9 V&v?LHcAqnߎ [ςؘݢ労c 'rDwDh!>x]>RQCOEޣEB(踂\p2pZB D'uQBZ(5A!o/a'):G"J&t'[C(77wPG#S .27sr֐D@ u/? L#ևh;wtG#Xޑw+Y)nRG - <ٵϫyӮ+66)ck;!Z# dY2/ﭒ0+r8<Ǜ9)lqzj U*j=&+T{Kxhsu娟ʳlf-IMfOXDs.519mgtxIvl],Dz֎ n6E ش<]/Z#بMg?gI[4qIH RX)Xq`4!wf^ĕWe]x5|]l]C0ր4TɌjkߐJwY.s|xV |Y IR/T+5U?,TB0w 8*W+Ռq u`1a.u!NLۣLö#쐡xq T&ށ\<ʞL`rv>![%|^2>_v/isHSJh^gA\ZT}%X&6WΣvYhEI{}w?7O>~lIAAytNqV^I BVju. +fʬmP3EFG ]'paP.TbDH|j|XgL! p3ɡrP-b܂Bf{kA\G\bz ۔a>7 e Z?PMTʱ(zW+L̬MNv6z& ~ 7/ 26,_{c\3