Microsoft wants you to stop using Internet Explorer 6

In a rare move by a software company, Microsoft has started a campaign to get users to stop using one of its products – IE 6.

Internet Explorer 6 is now 10 years old, and with growing compatability and security issues, Microsoft has started a website campaign entitled “The Internet Explorer 6 Countdown” to get users off the old browser. Current IE6 world wide usage sits at 12% according to the Microsoft site, and they want it to drop to less than 1%.

 Below is a break down of IE6 usage worldwide:

For more information check out the IE6 Countdown web page.

Advertisements

Hacker Free Holiday Shopping

Oh, the joy of the Holidays. You may, like many, decide to buy some (or all) of your gifts online this year. And why not? Why go out in the cold, snow and slush, fight traffic, and have to walk a mile from the only available parking spot? Why push through aisles of crabby people only to find out that the person in front of you just bought the last Nerf N-Strike Stampede?

When you could have just stayed home in your jammies and fuzzy slippers and ordered it online…

Shopping online is fantastic. But unfortunately there are some modern day Grinches out there that try to ruin it for everyone. That latest e-mail you received from a “name brand” store that has the super Nerf Vulcan Automatic Heavy Blaster for half price just may not be legit. It could be a fake e-mail that leads you to a spoofed site.

Spoofed sites are a common technique that hackers use to collect personal & financial information from unsuspecting victims. A spoofed site is a site that is run by hackers, and is camouflaged to look like the website of a real store. Many times it is very hard to tell the difference between a spoofed site and a real one. Here are some browser screenshots comparing legit websites with sample spoofed sites.

See if you can tell them apart (Click images for larger view):

 

Wow, pretty much identical. The one on the top is the original site. The one on the bottom is fake. The only discernable difference is the address bar. If you look closely, the real site says “http://www.sears.com” while the fake site says “http://192.168.96.128”.

The address 192.168.96.128 is not a valid routable internet address, but a real spoofed site would be using a live IP address. Internet explorer 8 ties to help you out against these types of attacks by highlighting the website (domain) name in the browser. If you look at the address bar on the top, sears.com is in bold.

Here is another example:

 

Okay, these ones aren’t quite identical, but this shows that spoofed sites can look and behave just like the real ones. The advertisements have dynamically updated on the spoofed site just as they would on the real one. So advertisements beside, the only real difference is the address bar.

If you look closely, the real site has “amazon.com highlighted and again the fake site just lists an IP address. One other difference is the icon in the address bar. The real site has the Amazon icon and the fake one has the generic internet explorer icon. But this is not always the case.

Using the IP address is just one tactic hackers use. For additional ways site names are spoofed check out my article, “Spoofing a Website Address: How to Obscure a URL”.

Please be careful this Holiday Season as you shop for your loved ones. Be leery of using links in e-mails, especially in unsolicited mail. You can always manually surf to the website yourself and find any deals that are legit.

Have a happy and safe Holidays!

 

Gathering Passwords with Web 2.0 Sites

I was watching a security seminar the other day and for about the third time this month, I heard the dangers of entering passwords with “Web 2.0” sites.

Here is the problem, in the olden days, when you entered a password into the password field, it was not sent until you clicked the send button.

Now, with the newer web applications, everything you type in the field is captured as you type it. This just makes hackers giddy.

When they make a fake site, say it is a bogus store, many people will put in a credit card number for the sale, then have second thoughts and back out of it. Well, it doesn’t matter, they have the number, as it was transferred as it was typed.

Another reason hackers love this live data transfer is with social engineering sites. How many passwords do you have? How many times have you entered a password for another site, realized what you did, deleted it and put in the right password for the site? Well, now the hackers have two of your passwords. Or more, depending on how many you type in while your brain is in melt down mode.

Be careful out there, cyber crime is big business now and they are doing everything they can to try to get information out of you.

Spoofing a Website Address: How to Obscure a URL

I have been asked recently about the dangers of clicking on unknown links in e-mails. This lead to a discussion on how hackers disguise website addresses or URLs. There are actually several tactics that spammers and hackers will use to disguise a website address. Today, I wanted to take a quick look at some of them.

Microsoft released a good article on how to recognize spoofed sites. Spammers will try to register website names that are close to the website they are trying to spoof. For example, misspelled words like Micosoft, or Mircosoft would be options for someone trying to spoof Microsoft. Another common tactic is to use the number “0” in place of the letter “O”. Or adding extra words in the website name works as well, like security-microsoft.com. Internet Explorer 8 tries to help you recognize these tactics by always highlighting the domain name in bold so you can verify the spelling.

Also, spammers will use very long names in links to disguise the actual site that they are trying to send you too. A website address (also called Fully Qualified Domain Name) can be up to 255 characters long. So when displayed in the address bar, it wraps so you cannot see the whole address. They will add some official looking directories in the name to make it look more legit. For example:

http://www.malwarebadsite.com/up_to_no_good/exploited_machines/…lots_of_random_junk…/Official/Microsoft/Security/Updates/. When displayed, you will only see the “/Official/Microsoft/Security/Updates/” part of the address.

Okay these ones you could catch if you scrutinize the address closely enough. But there are other ways to write a domain name. For example, you can use the IP address instead of the name. If you open a command prompt and type “ping google.com” you will see “pinging Google.com [72.14.204.103]”. You can take that number and place it into the Internet Explorer address bar and you will end up at Google.com. That one is well known, but how else can you write the address? Here are some other less known ways to write an internet address:

  1. DoubleWord (dword): Google.com in dword is 1208929383
  2. Hexadecimal: Google.com in Hex is 0X480ecc67 (convert the IP to hex and then add “0x” in the front so IE known that it is a Hex number.)
  3. Octal: Google.com in Octal is 0110.016.0314.0147 (Convert the IP address to Octal, and then add a “0” in front of each number so IE knows that it is octal.)

Go ahead, copy and paste any of the numbers above in your IE browser and you will end up at Google.com. Or you can “ping 1208929383” from a command prompt and you will get a response from 72.14.204.103. Firefox seems much better than IE at parsing these out, placing these numbers in Firefox did not seem to work, I got a DNS error or BAD ADDRESS error message. Hackers will use the numbered IP addresses instead of a domain name to further mask the malware site.

If you want to know more, an excellent article for converting IP addresses to other forms and full instructions on how to do so can be found at PCHelp.com. Two sites that are helpful in converting the IP address are IPAddressLocation and IPAddressConverter.

One last point to keep in mind. Website spoofing is not just used by vicious hackers. Sometimes your users may be using this tactic also. When you set up your firewall filter and block sites that you don’t want your users on, some routers will allow users to bypass the filter by using the spoofing tactics listed above. So if you want to keep people off youtube.com, you may need to also block the actual IP address and possibly the other variants listed above as well. I have seen SOHO setups where specific sites were blocked by name, allowing no access to the domain name, but you could still get to them by putting in the IP address.