By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,375 Members | 1,111 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,375 IT Pros & Developers. It's quick & easy.

pretty good sppof I think

P: n/a
How do they do it?

http://home.nycap.rr.com/foryorisonly/spoof.htm

It doesn't matter where the browser is when opened. But if the browser is minimazed then it jumps to (0,0) of the screen.

--
George Hester
__________________________________
Jul 23 '05 #1
Share this Question
Share on Google+
39 Replies


P: n/a
George Hester wrote:
How do they do it?
Who is "they" and what is "it"?
http://home.nycap.rr.com/foryorisonly/spoof.htm
All I see is an image file.
It doesn't matter where the browser is when opened.
But if the browser is minimazed then it jumps to (0,0) of the screen.


Maybe yours does but mine doesn't. Not IE, not Mozilla, not Opera. None
of them "jumps" anywhere except where I put them.

When I go to the URL in that image, I get an error page telling me that
I didn't put the correct data in.

What did I miss here?

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq
Jul 23 '05 #2

P: n/a
"Randy Webb" <Hi************@aol.com> wrote in message
news:v7********************@comcast.com...
George Hester wrote:
How do they do it?


Who is "they" and what is "it"?
http://home.nycap.rr.com/foryorisonly/spoof.htm


All I see is an image file.
It doesn't matter where the browser is when opened.
> But if the browser is minimazed then it jumps to (0,0) of the screen.


Maybe yours does but mine doesn't. Not IE, not Mozilla, not Opera. None
of them "jumps" anywhere except where I put them.

When I go to the URL in that image, I get an error page telling me that
I didn't put the correct data in.

What did I miss here?

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq

What's the big deal?

<html>
<head>
<title>Site</title>
</head>
<body>
<table width="100%">
<tr align="center"><td>
<img src="spoof.gif" width="791" height="77"></td>
</tr>
<tr>

</table>
</body>
</html>
Jul 23 '05 #3

P: n/a

"McKirahan" <Ne**@McKirahan.com> wrote in message news:mxXcd.493278$8_6.137308@attbi_s04...
"Randy Webb" <Hi************@aol.com> wrote in message
news:v7********************@comcast.com...
George Hester wrote:
How do they do it?


Who is "they" and what is "it"?
http://home.nycap.rr.com/foryorisonly/spoof.htm


All I see is an image file.
It doesn't matter where the browser is when opened.
> But if the browser is minimazed then it jumps to (0,0) of the screen.


Maybe yours does but mine doesn't. Not IE, not Mozilla, not Opera. None
of them "jumps" anywhere except where I put them.

When I go to the URL in that image, I get an error page telling me that
I didn't put the correct data in.

What did I miss here?

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq



What's the big deal?

<html>
<head>
<title>Site</title>
</head>
<body>
<table width="100%">
<tr align="center"><td>
<img src="spoof.gif" width="791" height="77"></td>
</tr>
<tr>

</table>
</body>
</html>



No no you guys aren't seeing it. That's what makes it a pretty good spoof. Had me too at first. Look closely again and tell me if you don't recognize the spoof. If you still don't see it I'll let you know. It's actually clear as day. You'll kick yourself when I point it out.
--
George Hester
__________________________________
Jul 23 '05 #4

P: n/a
George Hester wrote:
George Hester wrote:

How do they do it?

Who is "they" and what is "it"?

http://home.nycap.rr.com/foryorisonly/spoof.htm


No no you guys aren't seeing it. That's what makes it a pretty good
spoof. Had me too at first. Look closely again and tell me if you
don't recognize the spoof. If you still don't see it I'll let you
know. It's actually clear as day. You'll kick yourself when I point
it out.


<breakfast onCornflakes="crack" />
Jul 23 '05 #5

P: n/a
"Randy Webb" <Hi************@aol.com> wrote in message news:v7********************@comcast.com...
George Hester wrote:
How do they do it?
Who is "they" and what is "it"?
http://home.nycap.rr.com/foryorisonly/spoof.htm


All I see is an image file.
It doesn't matter where the browser is when opened.
> But if the browser is minimazed then it jumps to (0,0) of the screen.


it, the spoof does.

What did I miss here?

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq


OK I see a hint is in order Randy. That URL you see there that you tried - that is not really the URL that is in the browser. Look closely not at the URL but at the address box. That is the spoof.

--
George Hester
__________________________________
Jul 23 '05 #6

P: n/a
George Hester wrote:
It doesn't matter where the browser is when opened.
> But if the browser is minimazed then it jumps to (0,0) of the

screen.


it, the spoof does.


You were being too oblique for me. I get it, now. If you had have said
"the spoof" instead of "it" in the first place it would have been obvious.
Jul 23 '05 #7

P: n/a
"Nik Coughin" <nr***********@woosh.co.nz> wrote in message news:Pp*****************@news.xtra.co.nz...
George Hester wrote:

It doesn't matter where the browser is when opened.
> But if the browser is minimazed then it jumps to (0,0) of the
screen.


it, the spoof does.


You were being too oblique for me. I get it, now. If you had have said
"the spoof" instead of "it" in the first place it would have been obvious.



So how do they do it?

--
George Hester
__________________________________
Jul 23 '05 #8

P: n/a
George Hester wrote:
[snip]

So how do they do it?


I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?

The address bar area of the image looks tampered with and it is clearly
within my browser. On my spoof-ometer, this rates about 0.01.
Jul 23 '05 #9

P: n/a
"RobG" <rg***@iinet.net.auau> wrote in message news:mG*****************@news.optus.net.au...
George Hester wrote:
[snip]

So how do they do it?

I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?


I really don't see the significance of this. So what your browser? I use IE and since the vast majority of human beings use IE the spoofer could care less about the 15% that don't use IE. He\She is concerned about the 85% who do. Because they are trying to get confidential info and are addressing the largest audience.

The address bar area of the image looks tampered with and it is clearly
within my browser. <snip>.


what does that mean? "The address bar of the image looks tampered with." Are you implying I made this up? I assure you I did not make it up.

This is done with JavaScript. It loads this image over the address bar wherever the browser appears on the desktop. It then will jump to Screen (0,0) if the browser is minimaized. In fact it will jump out of the viewable area if you are using more than 800x600 pixel depth.

How do they do it? If you are unclear how it is done don't fret. I actually saved the source. I am thinking the image is on their server and they just load it and position it with scripting. But how they are able to adjust for the user preferences so that it at least makes a valiant attempt to cover the address bar is what I was asking how do they do it? Don't know OK OK OK Ok.

--
George Hester
__________________________________
Jul 23 '05 #10

P: n/a
George Hester wrote:
"RobG" <rg***@iinet.net.auau> wrote in message news:mG*****************@news.optus.net.au...
George Hester wrote:
[snip]
So how do they do it?

I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?


I really don't see the significance of this.


You think loading a Windows classic address bar will fool people
running XP? Or even those using Win 2k with the default interface?
So what your browser?
You have no idea what my browser is, I didn't tell you. I didn't say I
*wasn't* using IE either. In fact I tried it in Firefox and IE.
I use IE and since the vast majority of human beings use IE the spoofer
could care less about the 15% that don't use IE. He\She is concerned
about the 85% who do.
They may fool those running a Windows classic interface, maybe those
running Windows 95-98-ME and NT, provided they haven't loaded one of
the many skins available off the web or applied a theme and are still
using the Windows classic interface without even modifying the standard
colours.
Because they are trying to get confidential info and are addressing the largest audience.
How? By presuming I have an eBay account? That I'd be silly enough to
give that information to eBay? I presume some type of form would be
loaded below the image at some point?
The address bar area of the image looks tampered with and it is clearly
within my browser. <snip>.

what does that mean? "The address bar of the image looks tampered with."


Exactly that. The image has obviously been modified.
Are you implying I made this up? I assure you I did not make it up.
Why would I think that? Why do you think I would think that? I
certainly didn't say it - heaven forbid!

This is done with JavaScript. It loads this image over the address bar
wherever the browser appears on the desktop. It then will jump to
Screen (0,0) if the browser is minimaized. In fact it will jump out of
the viewable area if you are using more than 800x600 pixel depth.
Now that you've explained what I couldn't see (even in IE), I can
confirm that none of the described behaviour occurred.

How do they do it? If you are unclear how it is done don't fret.
I actually saved the source. I am thinking the image is on
their server and they just load it and position it with scripting.
But how they are able to adjust for the user preferences so
They don't.
that it at least makes a valiant attempt to cover the address bar
It doesn't.
is what I was asking how do they do it? Don't know OK OK OK Ok.


Don't know, don't care - Regards, Rob.
Jul 23 '05 #11

P: n/a
George Hester wrote:
How do they do it?
http://home.nycap.rr.com/foryorisonly/spoof.htm


I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!

Apparently, some site somewhere is loading a graphic image with no borders
or anything and placing over the top of the address bar in visitors'
browsers. This is indeed tricky, but without seeing the actual _source_ page
which accomplishes this, there is no way for us to know for sure how it is
done!

--
Matt Kruse
http://www.JavascriptToolbox.com
Jul 23 '05 #12

P: n/a

"RobG" <rg***@iinet.net.auau> wrote in message news:JE*****************@news.optus.net.au...
George Hester wrote:
"RobG" <rg***@iinet.net.auau> wrote in message news:mG*****************@news.optus.net.au...
George Hester wrote:
[snip]

So how do they do it?
I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?
I really don't see the significance of this.


You think loading a Windows classic address bar will fool people
running XP? Or even those using Win 2k with the default interface?


Yes I do.
So what your browser?
You have no idea what my browser is, I didn't tell you. I didn't say I
*wasn't* using IE either. In fact I tried it in Firefox and IE.


Tried what? You don't have the source. Come on man give me a break.
I use IE and since the vast majority of human beings use IE the spoofer
> could care less about the 15% that don't use IE. He\She is concerned
> about the 85% who do.
They may fool those running a Windows classic interface, maybe those
running Windows 95-98-ME and NT, provided they haven't loaded one of
the many skins available off the web or applied a theme and are still
using the Windows classic interface without even modifying the standard
colours.


I am running Windows 2000 Web View. It makes no difference. The skins do NOT effect the inner space
of the address section.
Because they are trying to get confidential info and are addressing the largest audience.


How? By presuming I have an eBay account? That I'd be silly enough to
give that information to eBay? I presume some type of form would be
loaded below the image at some point?


Yes a eBay login that looks exactly like an eBay login. They just hot link eBay's links in the page.
The address bar area of the image looks tampered with and it is clearly
within my browser. <snip>.



what does that mean? "The address bar of the image looks tampered with."


Exactly that. The image has obviously been modified.


You are Wrong. But I can't tell you that you are all-knowing.
> Are you implying I made this up? I assure you I did not make it up.


Why would I think that? Why do you think I would think that? I
certainly didn't say it - heaven forbid!


You implied it there and here.

This is done with JavaScript. It loads this image over the address bar
> wherever the browser appears on the desktop. It then will jump to
> Screen (0,0) if the browser is minimaized. In fact it will jump out of
> the viewable area if you are using more than 800x600 pixel depth.


Now that you've explained what I couldn't see (even in IE), I can
confirm that none of the described behaviour occurred.


You are unable to confirm anything since you do not have the source.

How do they do it? If you are unclear how it is done don't fret.
> I actually saved the source. I am thinking the image is on
> their server and they just load it and position it with scripting.
> But how they are able to adjust for the user preferences so


They don't.


They do. You want the link? OK here it is:

http://halfebay.us/aw-cgi/eBayISAPI....ct=&bshowgif=0
that it at least makes a valiant attempt to cover the address bar


It doesn't.
is what I was asking how do they do it? Don't know OK OK OK Ok.


Don't know, don't care - Regards, Rob.


Jul 23 '05 #13

P: n/a

"Matt Kruse" <ne********@mattkruse.com> wrote in message news:cl********@news3.newsguy.com...
George Hester wrote:
How do they do it?
http://home.nycap.rr.com/foryorisonly/spoof.htm


I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!

Apparently, some site somewhere is loading a graphic image with no borders
or anything and placing over the top of the address bar in visitors'
browsers. This is indeed tricky, but without seeing the actual _source_ page
which accomplishes this, there is no way for us to know for sure how it is
done!

--
Matt Kruse
http://www.JavascriptToolbox.com



Yes Matt I have responded to someone who thinks I made it up. The link is in there. RobG I responded to him.
I just thought maybe you excellent scripters could devise how it was done on your own. I'm sure it is possible to
do it other then how they have done it.

--
George Hester
__________________________________

Jul 23 '05 #14

P: n/a
"George Hester" <he********@hotmail.com> wrote in message news:rh*******************@twister.nyroc.rr.com...

"RobG" <rg***@iinet.net.auau> wrote in message news:JE*****************@news.optus.net.au...
George Hester wrote:
"RobG" <rg***@iinet.net.auau> wrote in message news:mG*****************@news.optus.net.au...
George Hester wrote:
[snip]

http://halfebay.us/aw-cgi/eBayISAPI....ct=&bshowgif=0
Don't know, don't care - Regards, Rob.


It won't last long eBay got it. I sent it to them and they shut these things down pretty quick.

--
George Hester
__________________________________

Jul 23 '05 #15

P: n/a

"Matt Kruse" <ne********@mattkruse.com> wrote in message news:cl********@news3.newsguy.com...
George Hester wrote:
How do they do it?
http://home.nycap.rr.com/foryorisonly/spoof.htm


I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!

Apparently, some site somewhere is loading a graphic image with no borders
or anything and placing over the top of the address bar in visitors'
browsers. This is indeed tricky, but without seeing the actual _source_ page
which accomplishes this, there is no way for us to know for sure how it is
done!

--
Matt Kruse
http://www.JavascriptToolbox.com



Also Matt the reason why I did not explicitly say what the spoof was is because I wanted to see if it was
recognized. It wasn't so I guress they did a pretty good job.

It fooled a number of us including me. I tried to get the domain when I first saw it and couldn't figure out why my
address bar didn't highlight the address when I clicked inside it. The address bar was just dead. Goes to show
you they aren't that dumb who came up with this.

I think it's pretty ingenious.

George Hester
__________________________________
Jul 23 '05 #16

P: n/a
George Hester wrote:
[snip]

http://halfebay.us/aw-cgi/eBayISAPI....ct=&bshowgif=0
[snip] It won't last long eBay got it. I sent it to them and they shut these things down pretty quick.


Ah, I get it. Your link was to an image of *your* browser showing the
dodgy URL. You wanted us to enter the URL displayed in the image, not
the link you provided.

Have a good look at the image you provided, the address is not aligned
with the address bar, hence the image looks doctored.

What you wanted to know was how they got the image to display over the
browser address field.

Maybe I'm thick... RG
Jul 23 '05 #17

P: n/a
On Tue, 19 Oct 2004 05:06:31 GMT, George Hester <he********@hotmail.com>
wrote:

[snip]
They do. You want the link? OK here it is:

[link]


It still doesn't look good.

In Opera:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/op-spoof.png>

That is, nothing at all (there were no script errors).

In IE:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/ie-spoof.png>

That, combined with no certificate, makes it a very poor spoof.

By the way, it's a good idea to wrap URLs, especially long ones, with
<URL:...> (as I've done above). This has a better chance of them being
interpreted in full, rather than breaking when the client forces a new
line.

Mike
Those images will be deleted by the end of this week.

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #18

P: n/a
George Hester wrote:
"Matt Kruse" <ne********@mattkruse.com> wrote in message news:cl********@news3.newsguy.com...
George Hester wrote:
How do they do it?
http://home.nycap.rr.com/foryorisonly/spoof.htm
I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!

Apparently, some site somewhere is loading a graphic image with no borders
or anything and placing over the top of the address bar in visitors'
browsers. This is indeed tricky, but without seeing the actual _source_ page
which accomplishes this, there is no way for us to know for sure how it is
done!

--
Matt Kruse
http://www.JavascriptToolbox.com

Also Matt the reason why I did not explicitly say what the spoof was
is because I wanted to see if it was recognized. It wasn't so I guess
they did a pretty good job.


The reason I missed it was because I wasn't sure what I was supposed to
be looking for. All I saw was an image of a toolbar. Also, when I go to
the URL you gave, it didn't work as supposed because I used Mozilla. It
uses the window.createPopup() method to create that effect.

When viewing it in Mozilla, it obviously doesn't "work". But its written
to expose a security flaw (I can't call it anything else) in IE.
It fooled a number of us including me. I tried to get the domain when
I first saw it and couldn't figure out why my address bar didn't highlight
the address when I clicked inside it. The address bar was just dead.
Goes to show you they aren't that dumb who came up with this.
That is true, they are not dumb. Most spammers/thieves aren't though.
I think it's pretty ingenious.


Yup. I saved the function for future tinkering :-)

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq
Jul 23 '05 #19

P: n/a

"RobG" <rg***@iinet.net.auau> wrote in message
news:JE*****************@news.optus.net.au...
George Hester wrote:
"RobG" <rg***@iinet.net.auau> wrote in message news:mG*****************@news.optus.net.au...
George Hester wrote:
[snip]

So how do they do it?
I'll reiterate: how do "they" do what?

An image of an IE address bar is loaded into my browser - it looks
nothing at all like my address bar - do you know what browser I'm
using? or what theme/skin I'm using? or even what OS I'm running?
I really don't see the significance of this.


You think loading a Windows classic address bar will fool people
running XP? Or even those using Win 2k with the default interface?


In my IE on XP Pro, it doesn't exhibit any of the behavior described. I just
get the graphic of the "proposed" address bar about 3/4" down from the IE
address bar. A fizzle for the spoof.
So what your browser?


You have no idea what my browser is, I didn't tell you. I didn't say I
*wasn't* using IE either. In fact I tried it in Firefox and IE.
I use IE and since the vast majority of human beings use IE the spoofer
> could care less about the 15% that don't use IE. He\She is concerned
> about the 85% who do.


They may fool those running a Windows classic interface, maybe those
running Windows 95-98-ME and NT, provided they haven't loaded one of
the many skins available off the web or applied a theme and are still
using the Windows classic interface without even modifying the standard
colours.
Because they are trying to get confidential info and are addressing the

largest audience.
How? By presuming I have an eBay account? That I'd be silly enough to
give that information to eBay? I presume some type of form would be
loaded below the image at some point?
The address bar area of the image looks tampered with and it is clearly
within my browser. <snip>.

what does that mean? "The address bar of the image looks tampered with."


Exactly that. The image has obviously been modified.
> Are you implying I made this up? I assure you I did not make it up.


Why would I think that? Why do you think I would think that? I
certainly didn't say it - heaven forbid!

This is done with JavaScript. It loads this image over the address bar
> wherever the browser appears on the desktop. It then will jump to
> Screen (0,0) if the browser is minimaized. In fact it will jump out of
> the viewable area if you are using more than 800x600 pixel depth.


Now that you've explained what I couldn't see (even in IE), I can
confirm that none of the described behaviour occurred.

How do they do it? If you are unclear how it is done don't fret.
> I actually saved the source. I am thinking the image is on
> their server and they just load it and position it with scripting.
> But how they are able to adjust for the user preferences so


They don't.
that it at least makes a valiant attempt to cover the address bar


It doesn't.
is what I was asking how do they do it? Don't know OK OK OK Ok.


Don't know, don't care - Regards, Rob.

Jul 23 '05 #20

P: n/a

"Matt Kruse" <ne********@mattkruse.com> wrote in message
news:cl********@news3.newsguy.com...
George Hester wrote:
How do they do it?
http://home.nycap.rr.com/foryorisonly/spoof.htm
I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!


Yes. I get it now.
Apparently, some site somewhere is loading a graphic image with no borders
or anything and placing over the top of the address bar in visitors'
browsers. This is indeed tricky, but without seeing the actual _source_ page
which accomplishes this, there is no way for us to know for sure how it is
done!

--
Matt Kruse
http://www.JavascriptToolbox.com

Jul 23 '05 #21

P: n/a
On Tue, 19 Oct 2004 09:32:10 -0500, MikeB <m.byerleyATVerizonDottieNettie>
wrote:
"RobG" <rg***@iinet.net.auau> wrote in message
news:JE*****************@news.optus.net.au...


[snip]
You think loading a Windows classic address bar will fool people
running XP? Or even those using Win 2k with the default
interface?


In my IE on XP Pro, it doesn't exhibit any of the behavior described. I
just get the graphic of the "proposed" address bar about 3/4" down from
the IE address bar. A fizzle for the spoof.


Did you really have to quote 4KBs of text to add that? What I've left was
all that's needed.

You write your comments in conversation order. Good! Now please learn to
trim irrelevant text.

[snip]

Thanks,
Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #22

P: n/a
"George Hester" <he********@hotmail.com> wrote in message news:<HD*********************@twister.nyroc.rr.com >...
It fooled a number of us including me. I tried to get the domain when I
first saw it and couldn't figure out why my
address bar didn't highlight the address when I clicked inside it. The
address bar was just dead. Goes to show
you they aren't that dumb who came up with this.

I think it's pretty ingenious.


They are using window.createPopup - a microsoftism to create a
chrome-less always focussed window - and then a 25 microsecond
interval to continuously reposition this popup over where they assume
your address bar to be.

The fact that all the variables and functions are prefixed with "vuln"
shows their intentions are clear :)
Jul 23 '05 #23

P: n/a
Lee
George Hester said:


"RobG" <rg***@iinet.net.auau> wrote in message =

>> The address bar area of the image looks tampered with and it is =clearly >> within my browser. <snip>.
>=20
>=20
> what does that mean? "The address bar of the image looks tampered =with."
=20
Exactly that. The image has obviously been modified.
=20


You are Wrong. But I can't tell you that you are all-knowing.
> Are you implying I made this up? I assure you I did not make it =

up.
=20
Why would I think that? Why do you think I would think that? I
certainly didn't say it - heaven forbid!
=20


You implied it there and here.


I don't know why I bother, particularly since you insist on posting
quoted-printable, but what RobG is pointing out is that the address
bar has very obviously had the URL pasted in place very badly.
He didn't say or imply that you had done this.

Jul 23 '05 #24

P: n/a
In article <Gf********************@comcast.com>, "MikeB"
<m.byerleyATVerizonDottieNettie> enlightened us with...
> >>
> An image of an IE address bar is loaded into my browser - it looks
> nothing at all like my address bar - do you know what browser I'm
> using? or what theme/skin I'm using? or even what OS I'm running?

I really don't see the significance of this.


You think loading a Windows classic address bar will fool people
running XP? Or even those using Win 2k with the default interface?


In my IE on XP Pro, it doesn't exhibit any of the behavior described. I just
get the graphic of the "proposed" address bar about 3/4" down from the IE
address bar. A fizzle for the spoof.


In my IE6 on Win 2K Pro, I get an image that looks nothing like my IE about
an inch down the page, surrounded by whitespace (much like you say). I do not
have any IE skins, but I do use Windows themes, so the colors are all off.
The paste job on the URL is laughable.

If this is a spoof, I don't think it would even fool my mother.

--
--
~kaeli~
If that phone was up your a$$, maybe you could drive a
little better!
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

Jul 23 '05 #25

P: n/a
Fools wrote:
I don't see anything but an image!
It doesn't work on my browser!


It boggles my mind that in a group of such intelligent individuals, so many
people were confused by this post.

Sure, the OP wasn't clear at all in pointing out that the URL he posted was
a screenshot of the "vulnerability" in action on his machine, not an example
of the vulnerability itself.

But if your intent is to view the site and understand what he is saying,
rather than looking for people to stomp on and yell at and insult, you'd
quickly realize what it was an respond accordingly.

Y'all need to take some ritalin and chill out a bit. Before you start
jumping down peoples' throats, make sure you understand what they are trying
to say, first! It's sad that so many technical groups are filled with people
so eager to beat down people rather than try to understand them.

--
Matt Kruse
http://www.JavascriptToolbox.com
Jul 23 '05 #26

P: n/a
"Matt Kruse" <ne********@mattkruse.com> wrote in message
news:cl*********@news3.newsguy.com...
Fools wrote: [snip]
Before you start jumping down peoples' throats, make sure you understand what they are trying to say, first!

[snip]
--
Matt Kruse
http://www.JavascriptToolbox.com


So you've never seen a post that was unclear?
Jul 23 '05 #27

P: n/a
McKirahan wrote:
So you've never seen a post that was unclear?


Of course I have. The original post in this thread was very unclear.

But when I see posts that are unclear, I either ignore them or ask questions
to clarify.
I certainly wouldn't start insulting the poster - that doesn't help anyone!

--
Matt Kruse
http://www.JavascriptToolbox.com
Jul 23 '05 #28

P: n/a

"Randy Webb" <Hi************@aol.com> wrote in message news:IK********************@comcast.com...
George Hester wrote:
"Matt Kruse" <ne********@mattkruse.com> wrote in message news:cl********@news3.newsguy.com...
George Hester wrote:

How do they do it?
http://home.nycap.rr.com/foryorisonly/spoof.htm

I'm assuming the image on this page is a screen capture of your browser,
showing the spoof?

A simple explanation saying this would have helped other posters in this
thread understand just what the hell you were talking about!

Apparently, some site somewhere is loading a graphic image with no borders
or anything and placing over the top of the address bar in visitors'
browsers. This is indeed tricky, but without seeing the actual _source_ page
which accomplishes this, there is no way for us to know for sure how it is
done!

--
Matt Kruse
http://www.JavascriptToolbox.com



Also Matt the reason why I did not explicitly say what the spoof was
is because I wanted to see if it was recognized. It wasn't so I guess
they did a pretty good job.


The reason I missed it was because I wasn't sure what I was supposed to
be looking for. All I saw was an image of a toolbar. Also, when I go to
the URL you gave, it didn't work as supposed because I used Mozilla. It
uses the window.createPopup() method to create that effect.

When viewing it in Mozilla, it obviously doesn't "work". But its written
to expose a security flaw (I can't call it anything else) in IE.
It fooled a number of us including me. I tried to get the domain when
I first saw it and couldn't figure out why my address bar didn't highlight
the address when I clicked inside it. The address bar was just dead.
Goes to show you they aren't that dumb who came up with this.


That is true, they are not dumb. Most spammers/thieves aren't though.
I think it's pretty ingenious.


Yup. I saved the function for future tinkering :-)

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq


Hey thanks Randy for looking at it. Yes an IE security flaw and probably one that I have made
sure I am still susceptible to. I actually keep my browser on the brink of most security flaws as I have other ways to protect myself. At least I think I do.

What they are doing is really not something I waant to do myself I just like the crazy things IE can do without our knowledge. It's an adventure.
--
George Hester
__________________________________
Jul 23 '05 #29

P: n/a

"MikeT" <ne**@chthonic.f9.co.uk> wrote in message news:af**************************@posting.google.c om...
"George Hester" <he********@hotmail.com> wrote in message news:<HD*********************@twister.nyroc.rr.com >...
They are using window.createPopup - a microsoftism to create a
chrome-less always focussed window - and then a 25 microsecond
interval to continuously reposition this popup over where they assume
your address bar to be.
I thought it would appear over the address bar wherever the browser is positioned. Am I wrong about that?
If not how do they do that? Is the address bar location accessible in scripting?

The fact that all the variables and functions are prefixed with "vuln"
shows their intentions are clear :)


Thanks

George Hester
__________________________________
Jul 23 '05 #30

P: n/a

"Michael Winter" <M.******@blueyonder.co.invalid> wrote in message news:opsf33axjtx13kvk@atlantis...
On Tue, 19 Oct 2004 05:06:31 GMT, George Hester <he********@hotmail.com>
wrote:

[snip]
They do. You want the link? OK here it is:

[link]


It still doesn't look good.

In Opera:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/op-spoof.png>

That is, nothing at all (there were no script errors).

In IE:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/ie-spoof.png>

That, combined with no certificate, makes it a very poor spoof.

By the way, it's a good idea to wrap URLs, especially long ones, with
<URL:...> (as I've done above). This has a better chance of them being
interpreted in full, rather than breaking when the client forces a new
line.

Mike


Those images will be deleted by the end of this week.

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.


Your right yours doesn't look good. Mine was a little better. Yours would not have fooled me but mine did.
But yours was neater. Thanks for that. By the way the link eBay killed it. I'm sure I'll get another one in a few days. I'll see if they have made it any better.

George Hester
__________________________________
Jul 23 '05 #31

P: n/a
On Tue, 19 Oct 2004 23:26:41 GMT, George Hester <he********@hotmail.com>
wrote:
"Michael Winter" <M.******@blueyonder.co.invalid> wrote in message
news:opsf33axjtx13kvk@atlantis...
[snip]
In IE:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/ie-spoof.png>


[snip]
Your right yours doesn't look good. Mine was a little better. Yours
would not have fooled me but mine did.


Also notice the frame border below the Address bar in the IE image. Notice
that the white background doesn't extend to the end? It would certainly be
odd to see:

...=h:h:sin:US &UpdateCreditCard...

[snip]

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #32

P: n/a
On Tue, 19 Oct 2004 22:23:04 GMT, "George Hester"
<he********@hotmail.com> wrote:
I thought it would appear over the address bar wherever the browser is
positioned. Am I wrong about that?
If not how do they do that? Is the address bar location accessible in
scripting?


It's guesswork, createPopup lets you position a popup relative to the
top left of the browser area, if that's negative in the "top"
direction, then it will appear over the top of the search bar. If
you're running with them in default location, then they can position
it accurately, if you're not, then it could be anywhere.

phishing is a big problem, and not enough sites take it seriously -
there is no site you can trust - never follow a link to a site, or
use a form on one site to go to another (don't use those google
search this site forms for example)

Cheers,

Jim.
Jul 23 '05 #33

P: n/a

"Michael Winter" <M.******@blueyonder.co.invalid> wrote in message news:opsf45frgsx13kvk@atlantis...
On Tue, 19 Oct 2004 23:26:41 GMT, George Hester <he********@hotmail.com>
wrote:
"Michael Winter" <M.******@blueyonder.co.invalid> wrote in message
news:opsf33axjtx13kvk@atlantis...
[snip]
In IE:

<URL:http://www.mlwinter.pwp.blueyonder.co.uk/ie-spoof.png>

<snip> Also notice the frame border below the Address bar in the IE image. Notice
that the white background doesn't extend to the end? It would certainly be
odd to see:

...=h:h:sin:US &UpdateCreditCard...

[snip]

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.


Yes I saw that. They don't know how to generate the length of it based on the user preference for the
length of the address bar. They will probably work on that. They need to get it flush. Do you think they can do
that with JavaScripting alone?

What's really cool is to change to 1024x768 and then minimize the browser. The image then goes out of the
viewable area of the screen. 800x600 it only goes to screen dim 0x0 and hugs up there. Can't test it anymore
though. I really should not have sent it off to eBay so fast. dumb dumb dumb.

--
George Hester
__________________________________
Jul 23 '05 #34

P: n/a
"Matt Kruse" <ne********@mattkruse.com> wrote in message news:cl*********@news3.newsguy.com...
McKirahan wrote:
So you've never seen a post that was unclear?


Of course I have. The original post in this thread was very unclear.

But when I see posts that are unclear, I either ignore them or ask questions
to clarify.
I certainly wouldn't start insulting the poster - that doesn't help anyone!

--
Matt Kruse
http://www.JavascriptToolbox.com



Matt I believe it was only unclear because the spoof was pretty good. If someone posted a "pretty good spoof"
and had a picture of what they were referring to, my first reaction would be "where's the spoof?"
I'd look at the picture and say, "I'm confused what are you talking about." Actually I got much more derision
than that. I am sorry if I did not point out the spoof and be more clear that what we were looking at was
the spoof. But I believe that would have lessened its impact.

Thanks for giving me the benefit of the doubt here Matt. You and Randy dealt with this post (sorry again)
admirably

George Hester
__________________________________
Jul 23 '05 #35

P: n/a
Matt Kruse wrote:
<snip>
But if your intent is to view the site and understand what
he is saying, rather than looking for people to stomp on
and yell at and insult, you'd quickly realize what it was
an respond accordingly.

<snip>

You are assuming that there would be any intention to understand. If you
look at George Hester's record on posting to c.l.js (through
groups.google.com) you will find that he has put a lot of effort into
earning the reaction he solicits here, and if it is less than polite
sometimes he has earned that too:-

<URL:
http://www.google.com/groups?threadm...0twister.nyroc.
rr.com>

Richard.
Jul 23 '05 #36

P: n/a

"Richard Cornford" <Ri*****@litotes.demon.co.uk> wrote in message news:cl*******************@news.demon.co.uk...

<URL:
http://www.google.com/groups?threadm...0twister.nyroc..
rr.com>

Richard.



Lovely

--
George Hester
__________________________________
Jul 23 '05 #37

P: n/a

"George Hester" <he********@hotmail.com> wrote in message news:H1*********************@twister.nyroc.rr.com. ..

"Richard Cornford" <Ri*****@litotes.demon.co.uk> wrote in message news:cl*******************@news.demon.co.uk...

<URL:
http://www.google.com/groups?threadm...0twister.nyroc..
rr.com>

Richard.



You know Richard you been carrying this link around for years. Haven't you reformatted yet and lost it?
What is your problem? If that comment was directed to you you deserved it. And if it wasn't you still deserve it. Now why don't you just put me in your <plonk!> and be done with me? Why do you hound me like a long lost insect? Lay off me twirp!

--
George Hester
__________________________________
Jul 23 '05 #38

P: n/a
On Tue, 19 Oct 2004 23:54:04 GMT, George Hester <he********@hotmail.com>
wrote:
"Michael Winter" <M.******@blueyonder.co.invalid> wrote in message
news:opsf45frgsx13kvk@atlantis...
[snip]
Notice that the white background doesn't extend to the end?


[snip]
Yes I saw that. They don't know how to generate the length of it based
on the user preference for the length of the address bar. They will
probably work on that. They need to get it flush. Do you think they
can do that with JavaScripting alone?


Probably not. The position and size of the Address bar varies according to
user preference, not just browser size. They could choose a formula based
on the default layout, but I doubt they could adapt it for all users.

[snip]

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #39

P: n/a
In article <fl*********************@twister.nyroc.rr.com>,
he********@hotmail.com enlightened us with...

"George Hester" <he********@hotmail.com> wrote in message news:H1*********************@twister.nyroc.rr.com. ..

"Richard Cornford" <Ri*****@litotes.demon.co.uk> wrote in message news:cl*******************@news.demon.co.uk...

<URL:
http://www.google.com/groups?threadm...0twister.nyroc.
rr.com>

Richard.


You know Richard you been carrying this link around for years. Haven't you reformatted yet and lost it?
What is your problem? If that comment was directed to you you deserved it. And if it wasn't you still deserve it. Now why don't you just put me in your <plonk!> and be done with me? Why do you hound me like a long lost insect? Lay off me twirp!


The comment was actually directed towards Mike, who has been the one most
helping you here.
The comment was bascially to fuck off ("fu"), for those who don't want to
load the thread. Nice.

You are regularly argumentative, you don't post clearly and then get pissed
when people misunderstand you, and you get pissed whenever anyone tries to
offer you advice as to how you could improve your code. I killfiled you long
ago because I got tired of the longwinded argument about posting styles, but
I am still subjected to the responses of people trying to talk to you -
people who have helped me so much, I'd never killfile them.
You get what you give.

--
--
~kaeli~
If it's tourist season, why can't we shoot them?
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

Jul 23 '05 #40

This discussion thread is closed

Replies have been disabled for this discussion.