Phishing Education Test Blocked For Phishing 113
An anonymous reader writes "It appears a website called ismycreditcardstolen.com, designed to 'educate users about the dangers of phishing,' has itself been flagged by Firefox as a reported web forgery. The site, which asks visitors to enter their credit card details to 'see if they've been stolen,' takes the hapless visitor to a page warning them about the perils of phishing, giving them advice on how to avoid similar scams and also provides a link to the Anti-Phishing Working Group's website. Or at least it did, until various browsers started blocking it. As the Sunbelt blog post notes, the project was likely doomed to failure, both because of the domain name itself and also because it uses anonymous Whois data, which isn't exactly going to make security people look at it in a positive light. Does anyone out there think this was a good idea? Or will malicious individuals start playing copycat on a public now trained to think sites like this are just 'harmless education?'"
Re:Hmmm... (Score:5, Informative)
The site is clearly not malicious. The form tag on the page doesn't include the card number and other identifying input elements, so that data isn't gathered or even transmitted over the network from what I can tell. The page just sends you to their 'you have failed page' any time you submit it.
Re:Firefox could still be correct... (Score:5, Informative)
RFTSC (source code):
<!-- Start form here so credit card details aren't submitted. -->
<form action="check.html">
<input type="submit" value="Check if my credit card is stolen">
</form>
The browser never submits any of the entered information to the server.
Re:Hmmm... (Score:3, Informative)
Re:Whois shows (Score:3, Informative)
Re:Whois shows (Score:3, Informative)
Except if you read its source code, you'd see it doesn't actually send the data to the server.
By the way, in Firefox you can click "ignore this warning" in the lower right corner.
Re:something worse (Score:3, Informative)
I don't get what you are saying...
www.google.com is a DNS CNAME record, a record which does not point to an IP address, but to another name. Windows tracert (and ping) utilities report the IP and the name returned by the server. CNAME records are useful if you want to have multiple (sub)domains that all point to a single IP address. You can, for example, create DNS A record that points realserver.google.com to the actual IP(s) of the server(s) and a bunch of other domains that point to realserver.google.com. Now, if the IP of the server changes, you only need to update one record.
Tracert and Linux traceroute also do reverse DNS lookup, they ask the server for a name for that IP address. This depends primarily on the ISP, without their assistance I cannot change my reverse lookup entry, for example. While multiple domain names can point to a single IP, the IP only points to one domain name.
So, with google it's like this:
www.google.com is a CNAME record that points to www.l.google.com
www.l.google.com is a A record that points to 74.125.77.147, 74.125.77.104 and 74.125.77.99
74.125.77.147 points to ew-in-f147.1e100.net
74.125.77.104 pints to ew-in-f104.1e100.net
1e100.net is probably the ISP of that server. It looks like the reverse record is made using the last octet of the IP, what does ew-in-f mean you woud have to ask that IPS.
In any case, that's why tracert reports: ...
Tracing route to www.l.google.com [74.125.77.104]
over a maximum of 30 hops:
11 80 ms 80 ms 79 ms ew-in-f104.1e100.net [74.125.77.104]
Re:Whois shows (Score:4, Informative)
Oddly enough that doesn't work in "view source" mode. I had to use Firebug to check the source code instead.
Re:Hmmm... (Score:2, Informative)
You can inspect the source and verify that it doesn't actually submit the data.
That doesn't say anything about what other people see, but if there is a problem and enough people investigate, someone should eventually notice it.
Re:Firefox is broken (Score:3, Informative)
Apparently, it's a bug in Firefox. Running 3.6.3 on Windows does the same thing: if you click the "Ignore this warning" in the window with the page's source, nothing happens.