a new method of phishing, where all sites can be hidden in a link
 |
| DO YOU SEE SOMETHING SPECIAL IN THE ADDRESS FIELD? Henning Klevjer at the University of Oslo have discovered a new method of phishing in that the phishing page served as a URI. Photo: Private |
Henning Klevjer discovered a new method of phishing, where all sites can be hidden in a link.
Phishing (eng: phishing ) means to try to cheat to sensitive information such as usernames and passwords, credit card numbers, or the like.
Sites for phishing are generally put on separate servers owned by e-crooks themselves or hacked servers.
Now Klevjer Henning, who is studying information security at the Department of Informatics at the University of Oslo, discovered a whole new way of fishing net - by placing the fish side in its own URI ( Uniform Resource Identifier ).
Used in all browsers
URI is an easy way to store content such as text, images, and more in HTML, and is supported by all major browsers since 1998. The technology was first otherwise specified by internet-daddy Tim Berners-Leein 1994.
In short, a URI is a string of characters that identifies resources and displays them in accordance with the rules specified in the software, such as browsers.
The syntax for URI
data: [<mediatype>] [; base64], <data>
|
A simple example of the URI is then
URIs in plain text
|
URI with Base64
|
Profit browser
|
data: text / plain;, hello
|
data: text / plain; base64, aGVsbG8 =
|
hello
|
The technology Klevjer uses the new fishing method is thus well known, as also some of the security challenge in this case.
Typically consisting phishing sides of a copy of a known website, such as Paypal login page. E-villains make only small changes, so that sensitive information intercepted.
The fake web page, then usually on a different server, e-villain checks. Then you send the link to the fishing side of the mail, and wait for someone to bite on.
With this new method, URI, the entire site is stored in a separate text string, and need not even be stored online.
Hot Potato
- Here we have a student in Oslo to have found this eerie, new way to phish for, where you do not have to compromise the server and instead hide the phishing page, says Per Thorsheim, security adviser in Evry.
- Klevjer found a hot potato, he adds.
IMPRESSIVE: Per Thorsheim's security adviser in Evry. He is impressed by the discovery, and surprised that no one has thought to hide malicious code in URIs in this way before.
Thorsheim talked to Klevjer shortly after the discovery, confirming that hide malicious code, such as the phishing pages URIs in this way - it's something he has never seen before.
- There is a very cool trick, and had probably been discovered before or since. It's incredibly easy.Klevjer refers to several RFC documents in his report that explains the specification, and then it is all the more surprising that no one has thought of this before, says Thorsheim.
All the information is in fact freely available and certainly no secret.
Yet Klevjer explorers made the security environment on the bed, and the new fishing method will probably offer enough challenge for security vendors and browser developers.
- A Friend in Mcafee said that the first thing he can think about when I told about the discovery was "Wow, I never thought of. Below is madness many opportunities for bad guys. And how do we block this?" Said Thorsheim.
Impossible to protect themselves
Klevjer think it is very difficult, if not impossible to protect themselves against this new fishing method.
- There is no way to protect themselves, because everything is online. With this method you do not need anything but the link says Klevjer, adding that the method works just as well from a memory stick or your local machine.
You need, in other words do not even have to be online for this to work.
Security researchers: Henning Klevjer, studying computer science at the University of Oslo, and is particularly concerned with IT security. He has discovered a new and very dangerous way to hide malicious code in URIs. Photo: Private
As a proof-of-concept has Klevjer made a URI-phishing package for Wikipedia, check the link, you will see that there is a URI rather URL.
URI contains everything you see on the fake Wikipedia page you see when you follow the link.
As an added kick makes some shortening services used vehement in social media is very easy to abuse this method, since the phishing page can be easily concealed in a shortened URL.
Certainly let Google Chrome browser does not fool immediately, even if the other browsers do, but it is clear that something must be done.
- One possibility would be to impose a maximum limit on URIs. It is something that must be done in browser-side believes Thorsheim.
He adds that although security applications such as Websense checks for malicious links in the URLs, then this function smoothly circumvented by Klevjer new method.
- Content Filter providers must make new features to meet the new challenge, says Thorsheim adding "this new variant will probably take many by surprise."
One thing is for sure - this is something that needs to be addressed as soon as possible.
Random findings
Klevjer studying computer science and is especially interested in IT security.
He says that the discovery was quite accidental, and that he came over fishing method at random.
- I have looked at the data URIs before - they used to link to smaller pictures, these do not need to post on the net [as a separate file]. I discovered that if you type enough in the URI, then for each copy an entire website, tells Klevjer.
In true hackerånd he explored further discovery, after a chat with others in the security community. Fortunately Klevjer is no blackhat.
He has, however, documented the discovery well, and laid out the full information on the web - complete with analysis and examples - to the delight of security researchers (and any e-villains).
Now it's for security researchers and developers to plug the new security hole as fast as th
Comments
Post a Comment