Tag Archive | url

URL Scanning For Safety

A few months ago, we looked at how you can check a site for safety and malware history with the Google Safe Browsing Diagnostic Tool. To do that, you needed to manually tweak a URL. The tool also only checked Google’s database. For an easier method that not only checks with Google, but two other sources, check out ScanURL.net.

Enter a URL into its search box, and ScanURL pulls data from Google’s API, as well as PhishTank and Web of Trust. It also includes direct links to the Google Safe Browsing Diagnostic Tool for any domain/website, and provides links to other online reporting and scanning services. ScanURL really does a nice job of being a one-stop destination.

If you know of any other site scanning tools, let us know in the comments.

ScanURL.net

March 25, 2012

in apple, iPad, iPhone

Large iOS Security Threat

An article from MSNBC.

iOS

You’re browsing the Internet on your iPhone or iPad when you’re suddenly prompted for some personal information. But you’re no dummy: Before you enter it, you check the URL bar to confirm that you really are on a trusted site. When you’re sure, you type in the information. Careful as you were, you still may have handed sensitive data to a bad guy.

How is that possible when you’re absolutely certain that you’re on a trustworthy website? Because right now you can’t trust the URL bar on your iOS device’s mobile Safari browser, thanks to a security exploit.

The exploit was first discovered by David Vieira-Kurz of MajorSecurity. It affects the mobile Safari browser on iOS 5.1 and has been tested on the iPhone 4, iPhone 4S, second-generation iPad and third-generation iPad. According to Vieira-Kurz, the exploit is possible thanks to an error in how new windows are opened using a javascript method:

This can be exploited to potentially trick users into supplying sensitive information to a malicious website, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they’re visiting another website than the displayed website.

MajorSecurity has created a demonstration of the exploit. You can check it out by following this link on a device which is running iOS 5.1. After pressing the “demo” button on that website, you will see Safari open a new window which displays “http://www.apple.com” in the URL bar, even though the website you’re viewing is actually hosted on “http://www.majorsecurity.net.”

There’s no fix for the issue right now, but it shouldn’t take long for Apple to patch the exploit. In the meantime, you should be careful about which links you follow.

Twitter Feed

Apple lists 8 Samsung Products they want banned due to law suit. tinyurl.com/9mz4bubNext tweet: 8 months ago
Twitter sets max user caps for 3rd party clients, tightens API rules to direct users to official apps tnw.to/g3XS via @TNWtwitNext tweet: 9 months ago
Indiana AT&T Technicians File Class Action Lawsuit Citing Grim Break Conditions huff.to/PVZ32X via @HuffPostBizNext tweet: 9 months ago
@Jessewelle Sandwhich name: The steakinatorNext tweet: 10 months ago
RT @SwaggSec: Exploit release from one of our members! 1337day.com/exploits/18842 (Notice his kind shoutout.)Next tweet: 10 months ago
RT @ForHumanPeoples: The rumors are true! We're doing another 4/20 sale for the next 24 hours! - forhumanpeoples.com/collections/th…Next tweet: 11 months ago
RT @wired: Two brothers use Kickstarter for feedback, not funding, to launch their product the 2nd time around. bit.ly/LCckyvNext tweet: 11 months ago

geekytechguy

URL Scanning For Safety

Large iOS Security Threat

GeekyTechGuy RSS Feed

Twitter Feed

Recent Posts

Email Subscription

Follow “geekytechguy”