On Mon, Feb 04, 2002 at 12:57:44PM +0800, Jan dela Cruz wrote: > hehehe... what a cool hoax :)
It's not the first of its kind. Here's another example, from Bruce Schneier: A Semantic Attack on URLs This is clever. Last month I received an e-mail that said: Check out breaking news at CNN: <http://www.cnn.com&[EMAIL PROTECTED]/evarady/www/top_story.htm> [link dead as of 2001-04-10] (Unfortunately, the URL no longer works. But stick with me.) At first glance, this looks like a CNN URL. But the URL does not lead to, or does not redirect from, cnn.com. The page is not CNN's. The URL is a clever hack that plays with people's assumptions about what a URL is supposed to look like. Here's how it works. An MIT student created a fake Web page and put it up on his Web site at: http://salticus-peckhamae.mit.edu/evarady/www/top_story.htm> He then sent out the first URL above. If you examine that URL carefully, you can see that the host name is not "www.cnn.com" but "18.69.0.44," which is the same as salticus-peckhamae.mit.edu. (For extra obfuscation, he could have converted that host name to decimal.) That entire bit before the @-sign -- "www.cnn.com&story=breaking_news" -- is a "username," something allowed by the HTTP specification but rarely used in actual URLs. This is a really clever example of a semantic attack: one that targets people and meaning rather than computer syntax. The attacks are obvious: someone could send a fake e-mail from www.whatever.com, telling them to click on this URL for a free gift. The URL would look like it came from the Whatever company, but would instead go to a look-alike site that harvests the usernames and passwords. Most Internet users have no idea what a URL is supposed to look like, let alone how to parse one. In a world where there is no real way to validate anything, the URL has become the means that people use to determine the source of a Web page. (Does anyone EVER examine a public-key certificate?) But if URLs can play with our expectations of what they should look like, what can we do? Semantic Attacks: <http://www.counterpane.com/crypto-gram-0010.html#1> -- Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311 Programmer, Inter.Net Philippines +63(917) 4458925 http://dido.ph.inter.net/ OpenPGP Key ID: 0x5CDA17D8 Heute die Welt und Morgen das Sonnensystem! _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
