| At Large Membership and Civil Society Participation in ICANN |
|
|
|
|
|
This discussion has been archived.
No new comments can be posted.
|
MicroSoft Closes Browser Phishing Hole
|
Log in/Create an Account
| Top
| 7 comments
|
Search Discussion
|
|
The Fine Print:
The following comments are owned by whoever posted them.
We are not responsible for them in any way.
|
|
 |
Oops, the phishing link in the second paragraph should have pointed to anti-phishing.org [anti-phishing.org]. It was a mistake I missed during checking, in that instance there was no intent to deceive. And note that if you have your ICANNWatch prefs set to show the actual root domain name of a link following that link, a la SlashDot, as in: example.com/page.htm [example.com] the code is smart enough to show the actual destination, not the apparent one, that is, the link: http://icann.org@www.icannwatch.org/ [icannwatch.org] should be followed by [icannwatch.org]. Perhaps such a function could be added to email clients to unobfuscate incoming email. Of course MicroSoft's email clients would never have it because it will no longer be seen as necessary, and if they did decide to add such functionality it would probably take a few years. -g
|
|
|
[ Reply to This | Parent
]
|
| |
|
 |
The Mozilla browser actually still supports that syntax, at least in the version I'm using.
|
|
|
[ Reply to This | Parent
]
|
| - Re:Mozilla
by fnord
Tuesday February 03 2004, @08:09AM
|
|
 |
But the syntax
http://user:password@site is allowed in the URI specification RFC (rfc2396).
The problem with IExplorer was that certain character inside the URL (hidden right after the '@' sign) causes that explorer doesn't showed the rest or the url, even in the address bar or the body of a mail message !! So, the crackers could use that character to hide the real server.
Hugo
|
|
|
[ Reply to This | Parent
]
|
| |

Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their
respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com
|