Author Topic: Netcraft toolbar was the only tool to warn me here...  (Read 7050 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Netcraft toolbar was the only tool to warn me here...
« on: March 29, 2008, 11:15:35 PM »
Hi malware fighters,

Take the test with FF or Flock. When you have the Netcraft toolbar installed it prevents you from going to the spoofed URL: http://secunia.com/internet_explorer_address_bar_spoofing_test

link: http://toolbar.netcraft.com/
The Netcraft toolbar may not run on FF 3.0b2.
In about:config create a new boolean extensions.checkUpdateSecurity and set its value to false
Nota Bene: You need to be aware that this bypasses a security measure, potentially someone could replace an add-on update with some malware. See:
https://bugzilla.mozilla.org/show_bug.cgi?id=378216
Downloadlink for Netcraft toolbar add-on:
http://toolbar.netcraft.com/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #1 on: March 30, 2008, 12:58:57 AM »
Well I don't have the Netcraft toolbar just FF 2.0.0.13 and I got a warning, see image. I don't know if this has anything to do with NoScript, possibly XSS protection.

I even clicked Yes just to see if the test would work, but even doing this I didn't seem to have the vulnerability as I ended back at the same page and not displaying microsoft.com in my address bar.

Since this is supposed to be an IE test what is the reason for suggesting we try it using FF or flock ?

Quote
Also, notice that your status bar (lower left corner of IE) only displays "http://www.microsoft.com" when holding the mouse cursor over the link.

This too fails as my status bar shows the full munged URL.
Code: [Select]
http://www%2Emicrosoft%2Ecom%01%00@secunia.com/internet_explorer_address_bar_spoofing_test/
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gdiloren

  • Guest
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #2 on: March 30, 2008, 03:50:33 AM »
I tried to install the extension on Vista and FF 3b4. It tells you the extension is not updated enough (for Vista) and the installation fails! :o

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #3 on: March 30, 2008, 02:22:35 PM »
You may not need the netcraft toolbar, just try the test first without it. I don't have it and my standard version of FF didn't fall for the vulnerability, read my post again.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rdmaloyjr

  • Guest
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #4 on: March 30, 2008, 02:30:34 PM »
Opera didn't fall for the vulnerability either.

gdiloren

  • Guest
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #5 on: March 30, 2008, 05:11:15 PM »
You may not need the netcraft toolbar, just try the test first without it. I don't have it and my standard version of FF didn't fall for the vulnerability, read my post again.
In FF3b4 without netcraft (impossible to install anyway) the link looks like normal, no phishing at all. We need an urgent update from Netcraft here!!! ::)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #6 on: March 30, 2008, 05:35:32 PM »
So FF3b4 is less secure than FF2.0.0.13, I would be very surprised if that is the case.

Do you have noscript installed ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Sesame

  • Guest
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #7 on: March 30, 2008, 05:48:13 PM »
You may not need the netcraft toolbar, just try the test first without it. I don't have it and my standard version of FF didn't fall for the vulnerability, read my post again.
In FF3b4 without netcraft (impossible to install anyway) the link looks like normal, no phishing at all. We need an urgent update from Netcraft here!!! ::)
???  When I put the pointer on the link to the test site, the status bar of my Firefox 3 beta 4 without the Netcraft add-on shows
Quote
http://www%2Emicrosoft%2Ecom%01%00@secunia.com/internet_explorer_address_bar_spoofing_test/

And when I try to proceed, there comes a warning with yes/no buttons.
Quote
You are about to log in to the site "secunia.com" with the username "www%2Emicrosoft%2Ecom%01%00", but the website does not require authentication. This may be an attempt to trick you.

Is "secunia.com" the site you want to visit?

So FF3b4 is less secure than FF2.0.0.13, I would be very surprised if that is the case.
It's beta, so in some cases, it could be possible but I wonder if this is the case.

Do you have noscript installed ?
Even when I temporally permit the secunia site, I still see the same thing.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #8 on: March 30, 2008, 05:53:21 PM »
I.E.7 passed the test.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #9 on: March 30, 2008, 06:03:28 PM »
@ Rumpelstiltskin
From your reply #5 it looks like you failed the test rather than passed as you mentioned the link looks normal, normal would have been only seeing microsoft.com and not secunia.

In FF3b4 without netcraft (impossible to install anyway) the link looks like normal, no phishing at all. We need an urgent update from Netcraft here!!! ::)

You are also getting an alert about possible trick, so again you are passing the test. So a0 you don't need the netcraft toolbar and they theoretically don't need to update it to work with the beta as the beta passes the test.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Sesame

  • Guest
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #10 on: March 30, 2008, 06:14:52 PM »
@ Rumpelstiltskin
From your reply #5 it looks like you failed the test rather than passed as you mentioned the link looks normal, normal would have been only seeing microsoft.com and not secunia.
I wonder if there is a strange bug in your Firefox.  ;D  I may have quoted gdiloren's post at reply #5 but didn't write it by myself:  You appear to have mistaken me for gdiloren.

gdiloren

  • Guest
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #11 on: March 30, 2008, 06:17:18 PM »
I'm sorry to repeat, I have FF 3 b4 and NoScript (last version on) but NOTHING, NOTHING, tells me anything wrong about that site. :o

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #12 on: March 30, 2008, 06:20:13 PM »
@ Rumpelstiltskin
From your reply #5 it looks like you failed the test rather than passed as you mentioned the link looks normal, normal would have been only seeing microsoft.com and not secunia.
I wonder if there is a strange bug in your Firefox.  ;D  I may have quoted gdiloren's post at reply #5 but didn't write it by myself:  You appear to have mistaken me for gdiloren.

Oops ;D your right, I was looking at your quotes and saw gdiloren at the top so assumed incorrectly that was who it was from.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #13 on: March 30, 2008, 07:29:10 PM »
Okay, I clicked the link and ended up with page can not be displayed and in the address bar

Code: [Select]
http://www.microsoft.com%00@secunia.com/internet_explorer_address_bar_spoofing_test/


on the staus bar when hovering over the "Click Here To Preform Test" link

Code: [Select]
http://www.microsoft.com%00@secunia.com/internet_explorer_address_bar_spoofing_test/
Did I do this right?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89346
  • No support PMs thanks
Re: Netcraft toolbar was the only tool to warn me here...
« Reply #14 on: March 30, 2008, 08:14:22 PM »
Clicking the link should really have given a Confirmation window, Yes, No with the text that it might be trying to trick you. Like the image that I posted.

However, at least the status bar displays that the link is somewhat strange and that it doesn't display and shows clearly in the address bar. So I would say that was a 'qualified' success.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security