« Surely They Jest | Main | A Vagabond Comes Home? »

Go Phish

In an eye-opening article about "phishing" - the practice of using scam e-mails to lure people to bogus websites and reveal sensitive account information - InfoWorld revealed a method that is truly frightening. Called "rewrite and redirect", the method takes advantage of vulnerabilities in Windows Scripting Hosting essentially to commandeer your computer and take you to fake websites even without clicking on a hyperlink. Merely opening the e-mail is enough. The recommended solution is to disable Scripting Hosting, or I suppose to bag Windows all together. Either way, it makes me think twice about signing up for legitimate e-mail from the different institutions I transact with.

Posted by Jon on January 28, 2005 07:31 PM |

TrackBack

TrackBack URL for this entry:
http://www.houseofplum.com/plumcrazy/lcs-tbck.cgi/1567

Comments

It really is that easy. Part of my job is to sort through and find out illigitmate programs running on computers. Saw a demonstration of this sort of vulnrability. There is no obvious method for determining if the web site you are redirected to is legitimate of faked, all the way down to the site certificate it appeared legitimate.

A couple of semi-helpful hints.

Do not use the preview pane in your e-mail program. The preview pane is nothing more than opening the e-mail in a seperate pane. It is open. Anything requiring you to just open it has that requirement met because it is in the preview pane.

Do not use Internet Explorer. (Outlook and Outlook Express are IE based and should also be avoided like the plague - we call it lookout.) Unfortunatly the decision to use outlook is often made outside your realm, I am the 2nd IT guy in my department, My boss and I absolutly loath outlook, so what did the bigshots with the money do? They forced us off a more secure e-mail server/client system onto an outlook exchange server because it had a calendar.

Keep up to date with the security patches for every program that has them.

Disable Scripting Hosting

Posted by: Justin | January 28, 2005 07:54 PM

How does one disable scripting hosting?

Posted by: hnumpah | January 28, 2005 08:11 PM

I haven't started futzing around to see how to disable Scripting Hosting. If I figure it out, I'll let you know. Justin - is Thunderbird a secure e-mail program? Currently, I do use Outlook, but thanks to Lesley, I've switched from IE to Firefox.

Posted by: Jon | January 28, 2005 08:33 PM

Sophos has instructions on disabling scripting hosting for various OS.

Go to: www.sophos.com/support/wsh.html

Posted by: SS | January 28, 2005 09:06 PM