JREF Homepage Swift Blog Events Calendar $1 Million Paranormal Challenge The Amaz!ng Meeting Useful Links Support Us
James Randi Educational Foundation JREF Forum
Forum Index Register Members List Events Mark Forums Read Help

Go Back   JREF Forum » General Topics » Computers and the Internet
Click Here To Donate

Notices


Welcome to the JREF Forum, where we discuss skepticism, critical thinking, the paranormal and science in a friendly but lively way. You are currently viewing the forum as a guest, which means you are missing out on discussing matters that are of interest to you. Please consider registering so you can gain full use of the forum features and interact with other Members. Registration is simple, fast and free! Click here to register today.

Reply
Old 29th January 2013, 05:35 PM   #41
RayG
Master Poster
 
RayG's Avatar
 
Join Date: Oct 2001
Location: Somewhere in Ontario, Canada
Posts: 2,576
Originally Posted by TheL8Elvis View Post
I generally click on any link, and I don't get malware or viruses either.
Has that always been the case?

Do you click on links in emails that claim to originate from your banking institution? Why not?

RayG
__________________
Tell ya what. I'll hold my tongue as long as you stick to facts.
--------------------
Scrutatio Et Quaestio
RayG is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 29th January 2013, 06:01 PM   #42
OnlyTellsTruths
 
OnlyTellsTruths's Avatar
 
Join Date: Sep 2007
Posts: 7,220
Originally Posted by arthwollipot View Post
You can see the actual url of a link you're hovering over in the status bar. Normal html doesn't let you change that.
Are you saying "normal" html as an out?

Because, yes, html does let you change what someone sees when they hover over the link.

As I just said in the post above, I have seen it done. I've seen it changed to completely empty, to www.google.com, to anything you can think of. And, no, I am not talking a redirect.

I'm not sure if it works for every single browser, but as far as I remember it did. It has been a few years so perhaps there has been a fix for it...

But, like you said, it's not safe to trust what it says when you hover for other reasons anyway.
__________________
________________________
OnlyTellsTruths is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 29th January 2013, 06:06 PM   #43
TheL8Elvis
Illuminator
 
TheL8Elvis's Avatar
 
Join Date: May 2011
Posts: 4,352
Originally Posted by RayG View Post
Has that always been the case?

Do you click on links in emails that claim to originate from your banking institution? Why not?

RayG
Originally Posted by TheL8Elvis View Post
I don't think I have find any links that I could identify from the url that would crash my browser.

I understand there is usually some context around the url/ip - but I think we can probably all agree that unsolicited links in email are generally bad to follow. We can probably even empirically prove that they are more likely to try to do something bad empirically.

If an IP address was returned in a search result, would that make it less suspicious ?
I tried to cover the email links as a more specific case, above.

But yes, I sometimes follow them if I am curious to see what the current scam is. It's usually just a phishing page trying to get my credentials.
TheL8Elvis is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 29th January 2013, 06:08 PM   #44
TheL8Elvis
Illuminator
 
TheL8Elvis's Avatar
 
Join Date: May 2011
Posts: 4,352
Originally Posted by arthwollipot View Post
No, of course not. You can do all sorts of things after someone has clicked, for example - redirects and stuff. And I'm not talking about popups and tooltips. You can see the actual url of a link you're hovering over in the status bar. Normal html doesn't let you change that. Combined with a reasonable amount of common sense, it's a reasonable rule of thumb.

Bottom line - anything you do on the internet can potentially be risky. It all depends how much effort someone wants to expend on it.
'Normal' JavaScript can change what is shown in the status bar, if allowed by the browser.
TheL8Elvis is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 29th January 2013, 06:15 PM   #45
OnlyTellsTruths
 
OnlyTellsTruths's Avatar
 
Join Date: Sep 2007
Posts: 7,220
Originally Posted by arthwollipot View Post
You can see the actual url of a link you're hovering over in the status bar. Normal html doesn't let you change that.

I just asked someone who should know (for various reasons ) and they said it was an XP Service Pack 2 exploit that only worked for a few months. It worked for all browsers.

So I stand corrected, there is no way to do that now AFAIK.

Yet, again as arthwollipot pointed out, because of redirects it is not really safe to trust the hover.
__________________
________________________
OnlyTellsTruths is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 29th January 2013, 08:09 PM   #46
arthwollipot
Observer of Phenomena
 
arthwollipot's Avatar
 
Join Date: Feb 2005
Location: Some other planet
Posts: 45,768
Originally Posted by OnlyTellsTruths View Post
Are you saying "normal" html as an out?
Yep!

I'm quite familiar with basic HTML, but unstudied on the advanced applications.
__________________
Jadey (in RvB game thread): I just want to take a moment to commend Arth on his role as Parasitic Alien Tumor. I think he really connected with the character and there were times when I forgot that he was just acting. That's the kind of talent that you can't teach.
arthwollipot is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 29th January 2013, 08:12 PM   #47
arthwollipot
Observer of Phenomena
 
arthwollipot's Avatar
 
Join Date: Feb 2005
Location: Some other planet
Posts: 45,768
Originally Posted by TheL8Elvis View Post
'Normal' JavaScript can change what is shown in the status bar, if allowed by the browser.
Yeah, but you can usually tell when JavaScript is pulling some shenanigans.

ETA: Sorry. I should have said I can tell. I wouldn't expect the average non-technical user to be able to do so. Which is why you should be extra careful.
__________________
Jadey (in RvB game thread): I just want to take a moment to commend Arth on his role as Parasitic Alien Tumor. I think he really connected with the character and there were times when I forgot that he was just acting. That's the kind of talent that you can't teach.
arthwollipot is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 30th January 2013, 06:59 AM   #48
TheL8Elvis
Illuminator
 
TheL8Elvis's Avatar
 
Join Date: May 2011
Posts: 4,352
Originally Posted by OnlyTellsTruths View Post
I just asked someone who should know (for various reasons ) and they said it was an XP Service Pack 2 exploit that only worked for a few months. It worked for all browsers.
Do you have a CVE link ? Because that doesn't make any sense that it would affect all browsers on windows.

And XP SP2 is how many years ago ? You are worried now about things that were going on 7 years and a few OS's ago ?

Originally Posted by OnlyTellsTruths View Post
So I stand corrected, there is no way to do that now AFAIK.
Except there is. I don't think any browser allows it by default, but JavaScript can do it.

Originally Posted by OnlyTellsTruths View Post
Yet, again as arthwollipot pointed out, because of redirects it is not really safe to trust the hover.
ANY page can redirect you. So how do you determine what links you think are safe to follow and which are not ?
TheL8Elvis is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 30th January 2013, 07:00 AM   #49
TheL8Elvis
Illuminator
 
TheL8Elvis's Avatar
 
Join Date: May 2011
Posts: 4,352
Originally Posted by arthwollipot View Post
Yeah, but you can usually tell when JavaScript is pulling some shenanigans.

ETA: Sorry. I should have said I can tell. I wouldn't expect the average non-technical user to be able to do so. Which is why you should be extra careful.
How can you tell this ?

And does being extra-careful mean you thin knon-technical people should just never follow links ? If you do that, how do you manage to search for anything on the Internet and find results ?
TheL8Elvis is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 30th January 2013, 03:29 PM   #50
RayG
Master Poster
 
RayG's Avatar
 
Join Date: Oct 2001
Location: Somewhere in Ontario, Canada
Posts: 2,576
If you live in any major city in North America, how do you determine which areas are generally safe, and which aren't?

Do you never utilize the system of streets? If not, how do you manage to get anywhere in the city?

RayG
__________________
Tell ya what. I'll hold my tongue as long as you stick to facts.
--------------------
Scrutatio Et Quaestio
RayG is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 30th January 2013, 05:23 PM   #51
TheL8Elvis
Illuminator
 
TheL8Elvis's Avatar
 
Join Date: May 2011
Posts: 4,352
Originally Posted by RayG View Post
If you live in any major city in North America, how do you determine which areas are generally safe, and which aren't?

Do you never utilize the system of streets? If not, how do you manage to get anywhere in the city?

RayG
If some on a skeptic forum asked if a certain street was safe, and the answers ranged from "no, it starts with the letter W" to "There was once a crime there 8 years ago" , what would you conclude ?

I would conclude they were using woo to determine if the street were safe, which would be kind of ironic on a 'skeptic' forum, wouldn't you say ?
TheL8Elvis is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 30th January 2013, 09:22 PM   #52
OnlyTellsTruths
 
OnlyTellsTruths's Avatar
 
Join Date: Sep 2007
Posts: 7,220
Well, there's a difference between not clicking because of a "woo" reason and not clicking because of "better safe than sorry". Or just call it "lazy" if you want.

Or perhaps "I'm not going to be a beta-tester (or a beta-clicker ) for your link". (This is in reference to the people who always read a few posts ahead to make sure someone else already clicked on the link first.)
__________________
________________________
OnlyTellsTruths is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 31st January 2013, 04:27 PM   #53
arthwollipot
Observer of Phenomena
 
arthwollipot's Avatar
 
Join Date: Feb 2005
Location: Some other planet
Posts: 45,768
Originally Posted by TheL8Elvis View Post
How can you tell this ?

And does being extra-careful mean you thin knon-technical people should just never follow links ? If you do that, how do you manage to search for anything on the Internet and find results ?
There are a few tell-tale signs that a site is using scripts to do something. For a start, there's usually some delay as the script executes. If you're being redirected, you'll usually see the original url in the address bar get replaced with a different url.

Really, it's simply a case of experience, observation, common sense, and a couple of general rules of thumb. There's no 100% reliable System that will infallibly tell you what to click on and what not to, but by stopping to think a little bit before clicking, you can avoid most of the common pitfalls.
__________________
Jadey (in RvB game thread): I just want to take a moment to commend Arth on his role as Parasitic Alien Tumor. I think he really connected with the character and there were times when I forgot that he was just acting. That's the kind of talent that you can't teach.
arthwollipot is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 31st January 2013, 04:30 PM   #54
arthwollipot
Observer of Phenomena
 
arthwollipot's Avatar
 
Join Date: Feb 2005
Location: Some other planet
Posts: 45,768
Oh, and definitely install Web Of Trust.
__________________
Jadey (in RvB game thread): I just want to take a moment to commend Arth on his role as Parasitic Alien Tumor. I think he really connected with the character and there were times when I forgot that he was just acting. That's the kind of talent that you can't teach.
arthwollipot is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 31st January 2013, 05:34 PM   #55
TheL8Elvis
Illuminator
 
TheL8Elvis's Avatar
 
Join Date: May 2011
Posts: 4,352
Originally Posted by arthwollipot View Post
There are a few tell-tale signs that a site is using scripts to do something. For a start, there's usually some delay as the script executes. If you're being redirected, you'll usually see the original url in the address bar get replaced with a different url.
Scripts to do something, or to do something bad ? Unless you examine the source of every web page you visit, you aren't going to know if the JS running is benign or not.

Originally Posted by arthwollipot View Post
Really, it's simply a case of experience, observation, common sense, and a couple of general rules of thumb. There's no 100% reliable System that will infallibly tell you what to click on and what not to, but by stopping to think a little bit before clicking, you can avoid most of the common pitfalls.
I guess I am questioning how accurate or beneficial that so called 'common sense' is. If someone opposed to using vaccines claimed it was all just 'common sense' - would that be an acceptable answer around here ? Obviously not.

It seems like it should be eminently demonstrable whether or not avoiding links consisting of ip addresses versus a domain name is going to actually keep you any safer, or not. Or whether running noscript keeps you safer than simply keeping your software up to date.

IOW - I haven't seen the proof that 'better safe than sorry' is actually true.
TheL8Elvis is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 31st January 2013, 08:21 PM   #56
arthwollipot
Observer of Phenomena
 
arthwollipot's Avatar
 
Join Date: Feb 2005
Location: Some other planet
Posts: 45,768
Originally Posted by TheL8Elvis View Post
Scripts to do something, or to do something bad ? Unless you examine the source of every web page you visit, you aren't going to know if the JS running is benign or not.
Which is why many people use a browser plugin to just block all scripts.

Originally Posted by TheL8Elvis View Post
I guess I am questioning how accurate or beneficial that so called 'common sense' is. If someone opposed to using vaccines claimed it was all just 'common sense' - would that be an acceptable answer around here ? Obviously not.
Bogus comparison.

Originally Posted by TheL8Elvis View Post
It seems like it should be eminently demonstrable whether or not avoiding links consisting of ip addresses versus a domain name is going to actually keep you any safer, or not. Or whether running noscript keeps you safer than simply keeping your software up to date.

IOW - I haven't seen the proof that 'better safe than sorry' is actually true.
Okay then. Try this.
__________________
Jadey (in RvB game thread): I just want to take a moment to commend Arth on his role as Parasitic Alien Tumor. I think he really connected with the character and there were times when I forgot that he was just acting. That's the kind of talent that you can't teach.
arthwollipot is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 31st January 2013, 11:01 PM   #57
Wowbagger
The Infinitely Prolonged
 
Wowbagger's Avatar
 
Join Date: Feb 2006
Location: Westchester County, NY (when not in space)
Posts: 14,400
I have a junk computer I keep around just for going to suspect links.

I am often morbidly curious to see where some of them go, even if I KNOW they are malicious.
__________________
WARNING: Phrases in this post may sound meaner than they were intended to be.

SkeptiCamp NYC: http://www.skepticampnyc.org/
An open conference on science and skepticism, where you could be a presenter!

By the way, my first name is NOT Bowerick!!!!

Last edited by Wowbagger; 31st January 2013 at 11:03 PM.
Wowbagger is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 1st February 2013, 06:01 AM   #58
TheL8Elvis
Illuminator
 
TheL8Elvis's Avatar
 
Join Date: May 2011
Posts: 4,352
Originally Posted by arthwollipot View Post
Which is why many people use a browser plugin to just block all scripts.
Yes, and I question if there is evidence that is really beneficial for the average user.

Originally Posted by arthwollipot View Post
Bogus comparison.
It wasn't the worlds best analogy, admittedly. But do you not see anything analogous ? Nobody in this thread has provided a shred of evidence about which links are actually dangerous to follow, just lots of common sense and things they know. Backing up claims like that isn't really accepted in any other discussions on JREF, why is it acceptable here ?

Seriously, I have seen many posters around here clamoring about how they would never follow this link or that because it would be potentially unsafe (not just because there was no explanation or summary or something like that.)

Originally Posted by arthwollipot View Post
Okay then. Try this.
No, a generic google search didn't help.
TheL8Elvis is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 1st February 2013, 06:04 AM   #59
TheL8Elvis
Illuminator
 
TheL8Elvis's Avatar
 
Join Date: May 2011
Posts: 4,352
Originally Posted by Wowbagger View Post
I have a junk computer I keep around just for going to suspect links.

I am often morbidly curious to see where some of them go, even if I KNOW they are malicious.
A VMware (parallels/qemu/...) image is perfect for that sort of thing. Then just revert to the last snapshot if there is a problem.
TheL8Elvis is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 1st February 2013, 06:50 AM   #60
Oliver
~The Rascal~
 
Oliver's Avatar
 
Join Date: Aug 2006
Location: Cologne
Posts: 17,373
Originally Posted by TheL8Elvis View Post
Once upon a time, in different thread, a poster posted a link and there was some controversy about whether or not to follow the link.

There were some claims made about people not following links they weren't familiar with and that perhaps it wasn't safe to follow some links.

I would like to ask all those link-following-averse people what sort of methodology they use to determine if they should follow a link, and how they know it's safe ?

Below are some example urls , they don't lead anywhere bad or to anything NSFW...Additionally, I intentionally broke them all by adding a space, so if you want to follow them, you really have to try.


http://www.exploit-db.com/exploits/23077/

67.228.115.45/

tinyurl.com/mo4ff6

1.usa.gov/OYCBM7

forums.randi.org/forumindex.php

http://tiny url.com/create.php?sourc...yURL%21&alias=

Easy one!

If I'm not sure about the safety of a link, I simply start a "Linux Live CD" via VirtualBox and open the link within the included Linux browser ... This way it's absolutely safe to open the link since the site isn't running on a installed system anyway.

__________________

Oliver is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 1st February 2013, 07:51 AM   #61
Dan O.
Penultimate Amazing
 
Dan O.'s Avatar
 
Join Date: Feb 2007
Posts: 11,213
Originally Posted by arthwollipot View Post
Url shorteners, are used by people who don't want you to know what you're going to. Here's a harmless example:

http://tinyurl.com/2fcpre6

Except for twitter, URL shorteners have no usefull purpose. I reject them just because I don't like the idea of a third party being able to track the users of the link. I will also trim the tracking tags off most links that I post.


Quote:
Now, the only way you can find out what that links to is by clicking on it. If I wanted to send you to a site that would automatically download something to your computer without your knowledge, this would be a good way of doing it. It's a way of tricking you into visiting what I want you to visit.
With tinyurl and most similar sites, there is a way get a preview before following the link: http://tinyurl.com/preview.php you can even set a cookie so this will be the default.
__________________
A text message was found to have been sent at 8:35PM of November 1st by KNOX's number to that of her co-defendant Patrick, in which she wrote "Ci vediamo dopo" ["See you later" or lit: "We'll see each other after"] thus confirming that in the following hours KNOX would find herself with Patrick in the apartment where the victim was. -- Prosecutor Giuliano Mignini (Order for arrests)
Dan O. is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 1st February 2013, 12:30 PM   #62
TheL8Elvis
Illuminator
 
TheL8Elvis's Avatar
 
Join Date: May 2011
Posts: 4,352
Originally Posted by Dan O. View Post
Except for twitter, URL shorteners have no usefull purpose. I reject them just because I don't like the idea of a third party being able to track the users of the link. I will also trim the tracking tags off most links that I post.
You say URL shorteners have no useful purpose, but then immediately talk about one. Tracking. It may not be useful to you, but that does not mean it is not useful.

Also, why not a short URL for text messages, if you admit it is useful for twitter ?

Originally Posted by Dan O. View Post
With tinyurl and most similar sites, there is a way get a preview before following the link: http://tinyurl.com/preview.php you can even set a cookie so this will be the default.
More info on how to see the complete URL
TheL8Elvis is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 1st February 2013, 12:41 PM   #63
LandR
Graduate Poster
 
LandR's Avatar
 
Join Date: Sep 2009
Posts: 1,240
On my home linux machine I'll click on most links without worrying.

On my work windows machine I might be concerned about clicking links if I'm not entirely sure where they are going. Not for security reasons, on the work laptop my browser is sand boxed but just in case it has NSFW content on it!

I'd happily click an IP address. I'm not going to be afraid of a link because it's shown as an IP address and not a nice readable name, not all bad sites are called thissiteisevilandwillrapeyouifyouclickonthislink.c om

Last edited by LandR; 1st February 2013 at 12:42 PM.
LandR is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 3rd February 2013, 04:25 PM   #64
arthwollipot
Observer of Phenomena
 
arthwollipot's Avatar
 
Join Date: Feb 2005
Location: Some other planet
Posts: 45,768
Originally Posted by TheL8Elvis View Post
No, a generic google search didn't help.
*sigh*

That was intended to give you some links to safe browsing guides written by internet security professionals, which is something that I am not. If you really want answers to your questions, internet security professionals will have them. After all, it's their job.

Originally Posted by Dan O. View Post
Except for twitter, URL shorteners have no usefull purpose.
Twitter auto-shortens links without obscuring them. URL shorteners are even more pointless on Twitter than they are elsewhere.

Originally Posted by Dan O. View Post
I will also trim the tracking tags off most links that I post.
Tracking tags actually serve a useful purpose. If I click a link that I receive on a newsletter, for example, it's useful to the publisher of the newsletter to know that my web page hit came from that newsletter. However, if I then want to put that link on my blog, I shouldn't include the tracking code, because that will then report to the publisher that all the clicks on my blog were actually clicks on their newsletter, which is false.

Anyway, tracking code is big and scary and a lot of people don't understand where they begin, and what part of a URL is the important part. (Hint: it's usually the bit that precedes the question mark. But not always.)
__________________
Jadey (in RvB game thread): I just want to take a moment to commend Arth on his role as Parasitic Alien Tumor. I think he really connected with the character and there were times when I forgot that he was just acting. That's the kind of talent that you can't teach.
arthwollipot is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Reply

JREF Forum » General Topics » Computers and the Internet

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 03:41 PM.
Powered by vBulletin. Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
2001-2013, James Randi Educational Foundation. All Rights Reserved.

Disclaimer: Messages posted in the Forum are solely the opinion of their authors.