MaximumPC 2004 03

Consumer Advocate

Got a bone to pick with a vendor? Been spiked by

a fly-by-night operation? Sic The Dog on them by

writing [email protected]. The Dog

promises to get to as many letters as possible, but

only has four paws to work with.

MARCH 2004 MAXIMUMPC 

Copyleft.net >CodeUnderground >Scummy Scammers

”

AT THIS TIME, THE BEST ADVICE MAY BE TO

MANUALLY TYPE THE URL YOU DESIRE TO VISIT INSTEAD

OF TRUSTING A LINK, AND GET MOZILLA FIREBIRD WHILE

YOU’RE AT IT.

Incidentally, the Dog wonders how Jim was

even able to purchase his adapter. If, as he says,

the site never existed, he couldn’t have procured

the adapter or downloaded the software from

CodeUnderground. Is it possible he received one

of the adapters from the competing company? That

might explain why his experience with the device

was so different from our own. Arf.

Scummy Scammers

Part Deux

DEAR DOG: In January’s Watchdog reply to

“Scummy Scammers,” users are advised to

“make sure they are indeed at the web page

they think they’re at by enabling the Status

Bar on Internet Explorer.”

That used to be excellent advice, until now.

Due to the latest Microsoft Internet Explorer

exploit called “URL-spoofing,” would-be

thieves can make any URL appear in IE’s title

bar, status bar, and address bar. For example,

it may appear that you’re at http://www.paypal.com,

when in fact you’re on a scammer’s server. To

view this flaw in MS Internet Explorer first hand,

visit http://www.secunia.com/internet_explorer_address_

bar_spoofing_test/ click Perform Test, then

observe the spoofed URL in the address bar

and status bar.

Another site claims Microsoft is fully

aware of the flaw in its software, but has yet

to offer a solution. Mozilla’s Firebird browser

is also susceptible via the status bar, but

interestingly, the address bar does hint at the

real address, at least enough to alert you that

something’s fishy.

At this time, the best advice may be to

manually type the URL you desire to visit, such

as http://www.paypal.com, instead of trusting a link,

and get Mozilla Firebird while you're at it.

—MARK SIMMONS

THE DOG RESPONDS: Excellent advice, Mark.

Obviously, everybody should exercise extreme cau-

tion when accessing any sensitive web site, such

as eBay, PayPal, or financial sites, which are prime

targets of scammers. And until this spoof is cor-

rected by Microsoft, it would be better to open a new

browser window and type in the URL when you want

to visit a web site.

Mark also provided this list of sites, which fur-

ther explain the problem:

- http://www.dfwfrag.com/modules.php?op=modload&na
**me=News&file=article&sid=

• http://www.terrorist.net/webdocs/urlspoofing.html


• http://www.niagaracu.com/spf.htm


• http://www.frame4.com/php/modules.php?name=
  News&file=printpdf&sid=**

Hard Drives Not

So Silly After All

DEAR DOG: In your December 2003 column,

you commented that the lawsuit about hard

drive sizes is “pretty silly.” While I’ll acknowl-

edge that there may be better uses of time, as

hard drive sizes get larger, it would be nice if

hard drives were labeled in a clear, unambigu-

ous way that does not force the consumer to

calculate the true size of the hard drive.

Also, I recall that it was a lawsuit by the

Merced County District Attorney in California

that finally forced monitor manufacturers and

sellers to label all advertisements and litera-

ture with a monitor’s true viewable size.

If the group from Los Angeles wins,

I’m certainly not going to complain. More

power to them!

— JOSHUA KUGLER

COUNTERFEIT ALERT

Counterfeit Alert

Nikon has issued a warning to consumers to

be on guard against Nikon-branded counterfeit

batteries that could overheat and burst. Nikon

said the counterfeit batteries don’t seem to

feature a thermal safety that’s built into Nikon

digicam batteries as well as those from other

major battery distributors. Nikon doesn’t say

whether the counterfeiting is limited to specific

battery lineups, but the only way to be sure is to

purchase batteries from reputable dealers and

exercise common sense: If the battery seems

too cheap to be true, then it probably is.

Real Fake

At first glance, you might think you’re at Microsoft.com, but you’re really not,

thanks to a new spoof that’s already being used to trick consumers into giving

up PayPal and eBay account information.

”

