CNN.com doesn't go to CNN.com.. how does this work?!

[Kenji4861]

CNN.com

How does this work?!

 

[BillLeeLee]

It's a URL spoof exploit in Internet Explorer that allows you to mask a URL's location with a fake URL.

It's described in this MS Knowledge Base article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;833786

 

[lessthanjakejohn]

www.yahoo.com@www.cnn.com

.... thats basically what it is, There must be another exploit that allows the last part of the URL to be masked


edit (I see goatse has been banned heheh

 

[archevilangel]

heh, that url spoofing is fun to play around, all my friends caught on eventually though :X even mozilla is vunerable to an extent

 

[BillLeeLee]

Firebird actually was spoofed by that one. Curses!!

 

[Punkrulz]

Isn't it caused by just generally editing the hosts file and changing the IP addresses to what sites go to where, therefore you can send someone to any other site besides google? I know that some spyware made it's way onto my friend's computer, and it partly changed the hosts file so that google wasn't accessable.

 

[NleahciM]

does this work in AIM profiles as well?

 

[BillLeeLee]

Yeah, just tried it out on myself.

 

[cobragsr]

yea i get these alot... its VERY VERY annoying.... i hate people who put those link in their profile and naming it to something else...

 

[nova_rock]

Originally posted by BillLeeLee
Firebird actually was spoofed by that one. Curses!!

opera gave me a security warning

 

[ZenOps]

It can be a spoof. But it can also be your DNS server that you point to has been corrupted or taken over by a malicious hacker.

If you type in Ipconfig /all you will find out what DNS servers your ISP uses (usually two or three) Tell them immediately that you think the DNS records may have been tampered with.

Honestly though, anbody who knows how to setup a DNS server and the proper authorization can point any .com address to anyplace on the internet if you are unfortunate enough to use it as your primary DNS server.

A very scary thought.

 

[Brink]

It's not his DNS server, look at the source.

man if every idiot started complaining his DNS server got hijacked....ugh, what a nightmare. Use a different DNS server before you call anyone, don't be an idiot =(

 

[NetJunkie]

Now for the real answer.

This isn't a spoof or an exploit. It's how HTTP handles usernames and passwords. The syntax is: http://user:[email protected]. If a site isn't password protected then it just ignores that part. So you can put anything first.

http://www.cnn.com:[email protected]

 

[TrueBuckeye]

Like the link above says, it deals with the addition of a %01 before the @ address. IE won't see anything after the %01, yet goes to that site.

It is called phishing. Read this: http://www.theregister.co.uk/content/55/34863.html

 

[ZenOps]

No man, I know for sure the DNS admins want to know when their DNS server has been hijacked.

Everything else doesn't really matter, I mean noone really cares if the internet is down for a few minutes, or the email servers not working.

Having your DNS spoofed so that you think you are going to www.usbank.com or something, and then thinking you are deposting a billion dollars into the right place, but instead to the wrong place is a big freaking deal (just an example)

But yeah that is not the case this time, this is just URL misdirection hack.

 

[Methodical]

Theres much much worse. Ive seen urls that dont contain any of the obvious spoof symbols, but go to a completely unrelated site that isnt even in the url. Thankfully, those only work in IE. thats a BIG security hole IMO.

i love safari.

 

[FLECOM]

Originally posted by nova_rock
opera gave me a security warning

ya but its not becuase opera thinks your getting pished or w/e

its becuase it thinks your trying to pass a username/password to the http server

either way opera isnt affected by any of this sillyness... which is why its still my fav browser