You are in a maze of twisty menu configuration languages, all alike
-- The xscreensaver manual
JaBbA's Hut

Today's Tao (Chapter 50):

Men flow into life, and ebb into death.

Some are filled with life;
Some are empty with death;
Some hold fast to life, and thereby perish,
For life is an abstraction.

Those who are filled with life
Need not fear tigers and rhinos in the wilds,
Nor wear armour and shields in battle;
The rhinoceros finds no place in them for its horn,
The tiger no place for its claw,
The soldier no place for a weapon,
For death finds no place in them.
Friends and Family Login
Username

Password

Remember Me
NEW It Works!!!!

Friend or Family?
To see the stuff
hidden from the wider world,
Click Here

Contact Me

Email Me at http://xri.net/=Justin.B.Alcorn

Subscribe

Subscribe to JaBbA's Hut! Have new entries emailed to you!
Your email address:

Quicksearch

About Me

  • PGP Key Fingerprint A36D D691 C5B0 BE15 5A2A AF49 AA1C 372C. Get my Key for "Justin Bradford Alcorn" from http://pgpkeys.mit.edu .

Calendar

Back May '12
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Archives

May 2012
April 2012
March 2012
Recent...
Older...

Syndicate This Blog

Blog Administration

Open login screen

Categories



All categories

Powered by

Serendipity PHP Weblog

Creative Commons License

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

JaBbA's Hut

White Hat Liberal Geek Dad

Monday, September 27. 2004

Gotcha!

Phishing
When my alarms went off this morning I was able to catch a phishing site in action. Note that I had to jump through some very serious hoops to actually get this to display - Firefox just completely refused to show the frameless popup, and I had to edit it's preferences to go to port 87 anyway. Even IE 6 had the right defaults to make this difficult, but I turned off it's popup blocker and got the display.

The webpage pointed to by the phishing email is reproduced is the extended entry in defanged form. Note that it's almost completely javascript - it checks what kind of browser you have, sets up the popup, then opens the real Citibank site in the background. Trying to bring the citibank site to the foreground doesn't work, the javascript in the popup keeps in floating in front.

If your bank uses this kind of popup for login (Quicken/Citibank credit card is one I know of) complain LOUDLY to customer service that they are making it easier for con artists to rip off their customers.

The code is getting more and more sophisticated, and people are still falling for it.

<html>
<head>
<title>Personal loans from CitiFinancial, CitiFinancial offers affordable loans to meet your financial needs. Our Online Personal Loan Application is fast and easy.</title>

<thisusedtobescript LANGUAGE="Javathisusedtobescript">

// Browser Detection
isMac = (navigator.appVersion.indexOf("Mac")!=-1) ? true : false;
NS4 = (document.layers) ? true : false;
IEmac = ((document.all)&&(isMac)) ? true : false;
IE4plus = (document.all) ? true : false;
IE4 = ((document.all)&&(navigator.appVersion.indexOf("MSIE 4.")!=-1)) ? true : false;
IE5 = ((document.all)&&(navigator.appVersion.indexOf("MSIE 5.")!=-1)) ? true : false;

IE6 = ((document.all)&&(navigator.appVersion.indexOf("MSIE 6.")!=-1)) ? true : false;
ver4 = (NS4 || IE4plus) ? true : false;
NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;

IE5plus = IE5 || IE6;
IEMajor = 0;

if (IE4plus)
{
var start = navigator.appVersion.indexOf("MSIE");
var end = navigator.appVersion.indexOf(".",start);
IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
IE5plus = (IEMajor>=5) ? true : false;
}

// Body onload utility (supports multiple onload functions)
var gSafeOnload = new Array();
function SafeAddOnload(f)
{
if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
{
window.onload = SafeOnload;
gSafeOnload[gSafeOnload.length] = f;
}
else if (window.onload)
{
if (window.onload != SafeOnload)
{
gSafeOnload[0] = window.onload;
window.onload = SafeOnload;
}
gSafeOnload[gSafeOnload.length] = f;
}
else
window.onload = f;
}
function SafeOnload()
{
for (var i=0;i<gSafeOnload.length;i++)
gSafeOnload[i]();
}

function isInt(numIn)
{
var checknum = parseInt(numIn);
return !isNaN(checknum);
}

function PUW_Init()
{
if (gPopupWindow.CheckFrequency())
{
setTimeout("gPopupWindow.Show()",gPopupWindow.showDelay);
}
}

function PUW_Show()
{
var settings = "width="+this.width+",height="+this.height+",top="+this.top+",left="+this.left+",";
settings += "scrollbars=" + ((this.scrollbars) ? "yes," : "no,");
settings += "toolbar=" + ((this.toolbar) ? "yes," : "no,");
settings += "location=" + ((this.locationbar) ? "yes," : "no,");
settings += "menubar=" + ((this.menubar) ? "yes," : "no,");
settings += "status=" + ((this.statusbar) ? "yes," : "no,");
settings += "resizable=" + ((this.resizable) ? "yes" : "no");

var newWin = window.open(this.url,this.name,settings);

if (! this.ontop)
window.focus();
}

function PUW_CheckFrequency()
{
var shouldShow = this.frequency != 0;
if (this.frequency > 0)
{
var allCookies = document.cookie;
var start = allCookies.indexOf("PUWCount=");
if (start >= 0)
{
var end = allCookies.indexOf(";",start);
if (end < 0)
end = allCookies.length;
var freqStr = allCookies.substring(start+9,end);
if (isInt(freqStr))
this.frequency = parseInt(freqStr);
}

if (this.frequency>0)
this.frequency--;
else
shouldShow = false;

var exp = new Date();
exp.setTime(exp.getTime()+this.renew*60*60000);
document.cookie = "PUWCount="+this.frequency+ "; expires=" + exp.toGMTString();
}

return shouldShow;
}


function PopupWindow(url,width,height)
{
this.width = 487;
this.height = 415;
this.top = 20
this.left = 77
this.name = "mypopupwin";
this.url = url;
this.showDelay = 2;
this.frequency = 200; // how many times show per renewal time period
this.renew = 1; // renew showing every x hours
this.scrollbars= false;
this.toolbar= false;
this.statusbar= false;
this.resizable = false;
this.locationbar = false;
this.menubar = false;
this.ontop = false;



this.Init = PUW_Init;
this.Show = PUW_Show;
this.CheckFrequency = PUW_CheckFrequency;
}

function PUWStart()
{
gPopupWindow.Init();
}

SafeAddOnload(PUWStart);

gPopupWindow = new PopupWindow("confirm.htm", 350, 150);
gPopupWindow.toolbar = false;
gPopupWindow.statusbar = false;
gPopupWindow.resizable = false;
gPopupWindow.ontop = true;

</thisusedtobescript>
</head>

<body bgcolor="#FFFFFF" text="#000000">

<META HTTP-EQUIV="Refresh" CONTENT="0; url=http://www.citifinancial.com"><div align="center">
<p> </p>
</div>

</body>
</html>
Posted by JaBbA in Phishing at 10:32 | Comments (0) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.
 
Please send a whole bunch of email to johnny@jalcorn.net