URL Spoofing

Pardon the post title. This falls in to the category of technically obscure, but I ran across a handy tool and wanted to make you all aware of it.

First of all some background. Internet Explorer is the browser most of us use to browse the internet. I’m not a big fan of the browser but the reality is that many web sites are designed to work exclusively with it. OperaMozilla and Netscape can’t display some web pages. Unfortunately, because IE is so prevalent, hackers and online con artists have found ways of deceiving web surfers by disguising web sites. There is a hole in IE’s security which allows individuals to set up web page links that look innocent but that take you to their own sites. Once there they attempt to deceive you in to disclosing personal information or worse, sending them money.

Microsoft has published an alert on the topic attempting to heighten awareness. They should fix the browser but until then they have some weak and feeble advice. The best of the bunch is to copy the following script in to the address bar of IE and then hit enter.

Highlight the following, copy the text, paste it in to the address field and hit enter:

javascript:alert(“The actual URL is:\t\t” + location.protocol + “//” + location.hostname + “/” + “\nThe address URL is:\t\t” + location.href + “\n” + “\nIf the server names do not match, this may be a spoof.”);

Update: Microsoft has issued a secuity patch which renders this script only interesting – but not necessary.