Determining the Real Location of Sites

Previous page
Table of content
Next page
 < Day Day Up > 

Two options in JavaScript Hide the Status Bar and Change Status Bar Text are important in keeping the bad guys from sending you to where the sun don't shine.

These options deal with the status bar. The status bar contains a text display area that usually displays the URL of the hyperlink over which the mouse is currently hovering. This is useful because you often find that you would like to know where you are going first, before you click. (Yes, even viewing the "wrong" website can cause problems!)

An example of such malicious behavior is shown in the following segment of HTML and JavaScript:

<HTML> <!-- Example of JavaScript writing to the status text output area. --> <HEAD><TITLE>Where do you go with these two links?</TITLE></HEAD> <body> <br> <center><h2> Example of JavaScript writing to the status text output area. </H2></center> <UL> <br><br> <font face="Verdana" size="2"> <LI>   Here is a real URL: <a href="http://www.hipson.net">www.quepublishing.com</a>   that will take you to www.hipson.net. Even if Javascript's Change status bar text   is turned off, you still have the correct display in the status bar.<br>&nbsp;</li> </LI> <br>   <a href="http://www.hipson.net"     onMouseOver="window.status='http://www.quepublishing.com';return true;"     onMouseOut="window.status=' '; return true;">     www.quepublishing.com</a> <BR><BR><br> <LI>   But, this url won't give us what you expect. With Change status bar text turned   off, you see nothing in the status bar. (Try this one with Internet Explorer, too) <br><br>   Next turn on Change status bar text in Firefox, and again hover over the URL   and see what the status bar says. With Change status bar text on, you think you see   a hyperlink to our publisher's page. Regardless, what really happens is that this   link will take you <b>to my home page www.hipson.net</b> </body> </HTML>

If you type this short piece of code into a text file, naming it JavaScript.html, and then load it into your browser, you will see nothing for the URL in the status bar. That is, the status bar will not change as it would over a hyperlink. Too lazy to type? Go to http://www.hipson.net/javascript.html. After the page loads, select View, Page Source in Firefox's menu.

Many attempts to hide the true URL are phishing attacks. Phishing is the improper gathering of information including account numbers, passwords, usernames, credit card numbers, and so on. These attacks are becoming more and more sophisticated as time goes on. The bad guys try something, and the good guys find a way to stop or reveal them. It then becomes a vicious circle of good versus evil. Thunderbird's anti-phishing feature is described in the Thunderbird sections dealing with privacy.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Firefox and Thunderbird. Beyond Browsing and Email
    Firefox and Thunderbird Garage
    ISBN: 0131870041
    EAN: 2147483647
    Year: 2003
    Pages: 245
    Authors: Chris Hofmann, Marcia Knous, John Hedtke
    BUY ON AMAZON
    Data Structures and Algorithms in Java
    Introducing Microsoft ASP.NET AJAX (Pro - Developer)
    Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
    Quantitative Methods in Project Management
    GDI+ Programming with C#
    Python Standard Library (Nutshell Handbooks) with
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy