stargeek
THai's Shoutbox XSS (Spoofing URL) BUGTHai's Shoutbox XSS (Spoofing URL) BUGTHai's Shoutbox XSS (Spoofing URL) BUG 03/29/2005 03:00 PM CorryL (Mar 27 2005) This is a GrokNews Entry: (what is grok?)THai's Shoutbox XSS (Spoofing URL) BUGGrok Headline matches for THai's Shoutbox XSS (Spoofing URL) BUGWebfroot ShoutboxWebfroot Shoutbox 03/19/2005 02:38 AM Summary of past year, and what's being done Shoutbox KecilShoutbox Kecil 03/29/2005 07:07 AM Shoutbox kecil v0.2 New Spoofing Vulnerability in IENew Spoofing Vulnerability in IE 12/17/2004 06:27 PM Visual SpoofingVisual Spoofing 02/11/2004 09:35 AM While Microsoft recently patched a URL-based spoofing vulnerability, I just realized that a whole new class of spoofing exists for browsers: Visual Spoofing. I have not yet seen any evidence of this type of spoofing actually being done, but I was able to create a demo within a few minutes. Here is the demo of visual spoofing for IE6 I put together. Note that the vulnerability is not unique to IE. The problem with visual spoofing is that it is difficult to fix with a simple patch. Yes there are ways to fix the problem partially but not completely because one can still create a page that looks like part of desktop by having images of overlapping windows to distract the clueless user who tend to keep many windows open. I sure hope I don't get blamed for destroying e-commerce single-handedly with this post. After all, the vulnerability was there in plain sight for everyone to see all this time. Microsoft looks into Web-spoofing bugMicrosoft looks into Web-spoofing bug 12/15/2003 12:57 PM Microsoft says it is investigating reports of a potential problem in its ubiquitous Web browser software that could allow hackers to create convincing spoofs of Web sites. The bug was reported by Secunia, a security company, and could allow hackers to display a false Web address on a fake site, making it easier for hackers to take advantage of fake "Web fronts" that purport to be a major commerce-driven site like eBay or PayPal, but actually are designed by the hacker to capture user names, passwords and financial information. P2P Spoofing Patent?P2P Spoofing Patent? 05/09/2004 03:26 AM Some years ago, a collegue of mine asked me how I would stop music pirating. I haven't thought about the problem before but it took me only a minute to decide P2P spoofing was the best intermediate answer. It was obvious that traditional DRM wouldn't work and spoofing attacked the problem at reasonable cost, could be deployed fast, and adapt to changes in real time. My collegue nodded and that was that. According to Wired, someone had the exact same idea and filed a paten t in 2000. Now I am scratching my head. Is this a silly patent or not? Should I be filing patents on similar ideas? Heck, I can pump out enough ideas like that everyday to keep an army of patent lawyers busy if someone would just keep throwing problems at me and file my answers as patents. I even have ideas on how to efficiently generate new patents. Maybe I'll even best IBM at the game. If you are an idle patent lawyer, come to me and I'll keep you busy. How does 50-50 sound? Filing cost? No problem. Let private investors place 'bets' on the patent applications they like out of daily streams of patent applications. Together we'll worsen the patent problem ten-fold within a year and force the Congress to come up with a better solution. Now that's a silver-spoon full of patriotism for ya. :-) IP Spoofing: Understanding the basicsIP Spoofing: Understanding the basics 05/12/2004 02:27 PM Academics Patent P2P SpoofingAcademics Patent P2P Spoofing 05/08/2004 05:06 AM Two computer scientists get a patent on a technique that floods peer-to-peer networks with spoofed files. They hope to sell it to content owners. Could companies that already spoof files be in violation of the patent? By Katie Dean. Caller ID Spoofing ServiceCaller ID Spoofing Service 08/31/2004 05:56 AM My wife and I made a decision nearly 2 years ago to no longer pay for Caller ID. I was initially against it but in the long run I have not missed it. All of the important calls come in on the cell anyway. For those of you that have Caller ID a new spoofing service is out their. I would imagine for stalkers and prank callers this service will be valuable but I just don't understand why you would want to legitimately spoof your caller ID. [ZDNet] Another IE Spoofing Hole FoundAnother IE Spoofing Hole Found 01/29/2004 03:49 AM The latest vulnerability could let an attacker hide the file extension of a malicious file download. Users can avoid the threat by saving files first. Accessibility, jihad, spoofingAccessibility, jihad, spoofing 04/20/2004 08:39 AM Letters: Lexicon of discontent Keep clear of spoofing at hotspotsKeep clear of spoofing at hotspots 03/23/2005 08:02 AM TechWorld Mar 23 2005 10:09AM GMT Other News: CallerID SpoofingOther News: CallerID Spoofing 08/31/2004 06:12 AM This nasty technology threatens to render CallerID useless, or worse.... Automated Caller ID / ANI SpoofingAutomated Caller ID / ANI Spoofing 07/09/2004 03:36 AM Caller ID Spoofing... For BusinessesCaller ID Spoofing... For Businesses 08/27/2004 07:01 PM Forget spoofed email headers, a new company has been set up to help companies spoof the caller ID. The product is focused at collections agencies and private investigators, who can call a deadbeat up pretending to be someone they know to get them to answer the phone. The company insists they just want to target those types of customers, but I imagine some telemarketers would enjoy using such a tool. Meanwhile, there are some questions on legality. One person notes that it doesn't appear to break any laws -- but someone else points out that there are rules against collections agencies misrepresenting themselves. And, of course, as soon as this becomes popular, someone will pass a law banning caller ID spoofing. Spoofing XP SP2 Security CenterSpoofing XP SP2 Security Center 08/27/2004 01:52 PM PC Magazine has dug up some evidence that the Security Center that is installed with XP Service Pack Two has a huge hole in it. If the hole is exploited it could give users a false sense of security or worse. [PC Magazine] Microsoft investigates spoofing bugMicrosoft investigates spoofing bug 12/11/2003 06:14 AM Silicon.com Dec 11 2003 4:46AM ET Mozilla UI Spoofing VulnerabilityMozilla UI Spoofing Vulnerability 07/31/2004 05:32 AM ddress Bar Spoofing Vulnerabilityddress Bar Spoofing Vulnerability 08/19/2004 01:03 PM Direct and Related Links for 'ddress Bar Spoofing Vulnerability' “Software: Microsoft Internet Explorer 5.01, Microsoft Internet Explorer 5.5, Microsoft Internet Explorer 6. Liu Die Yu has discovered a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct phishing attacks against a user…. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6 running on Microsoft Windows 2000 SP4 / Microsoft Windows XP SP1. Previous versions of Internet Explorer may also be affected. Secunia has developed…Secunia Advisory: URL SpoofingSecunia Advisory: URL Spoofing 12/12/2003 12:46 PM http-equiv_at_excite.com (Dec 12 2003) NullyFake - Site Spoofing in MSIENullyFake - Site Spoofing in MSIE 08/16/2004 02:20 PM Liu Die Yu (Aug 15 2004) Caller ID spoofing service for saleCaller ID spoofing service for sale 09/06/2004 07:28 AM Can't stand the heat, please buy my kitchen MS XP SP2 Windows Security Center allows
|
Also check out: |