Comments on: govbenefits.gov used to cover phisher’s hacking http://nozell.com/blog/2005/11/27/govbenefitsgov-used-to-cover-phishers-hacking/ Marc Nozell's random stuff -- mostly GNU/Linux, technology, genealogy, family Sat, 17 Mar 2012 01:14:30 -0700 hourly 1 http://wordpress.org/?v=3.1.4 By: Phil http://nozell.com/blog/2005/11/27/govbenefitsgov-used-to-cover-phishers-hacking/comment-page-1/#comment-14231 Phil Sun, 04 Dec 2005 17:13:59 +0000 http://nozell.com/blog/?p=536#comment-14231 Even though the error is with the govbenefits.gov web site many articles state the error lies with the IRS web site. The IRS gets enough bad press without the help from the broadcasting of inaccruate information. Unfortunately, the error still exists as that is how I was bounced to this site. Even though the error is with the govbenefits.gov web site many articles state the error lies with the IRS web site. The IRS gets enough bad press without the help from the broadcasting of inaccruate information.

Unfortunately, the error still exists as that is how I was bounced to this site.

]]> By: Scott http://nozell.com/blog/2005/11/27/govbenefitsgov-used-to-cover-phishers-hacking/comment-page-1/#comment-13867 Scott Mon, 28 Nov 2005 02:35:39 +0000 http://nozell.com/blog/?p=536#comment-13867 That <em>is</em> a pretty tricky thing to do. Find an poorly written re-direct page and use that to mask the target. As I recall, in your earlier Bloxsom days, you had a link counter that worked by redirecting to the URL supplied as a parameter. I'd imagine that there are lot of those types of things hanging around because of web manager's desires to track the links to outgoing sites that people use. Find one at an official site and suddenly your phishing expedition looks a lot more legitimate, especially if you do a little extra encoding on the URL as the above did. These guys find any hole that they can exploit... That is a pretty tricky thing to do. Find an poorly written re-direct page and use that to mask the target. As I recall, in your earlier Bloxsom days, you had a link counter that worked by redirecting to the URL supplied as a parameter. I’d imagine that there are lot of those types of things hanging around because of web manager’s desires to track the links to outgoing sites that people use. Find one at an official site and suddenly your phishing expedition looks a lot more legitimate, especially if you do a little extra encoding on the URL as the above did.

These guys find any hole that they can exploit…

]]>