lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jan 4 16:17:13 2006 From: romain.vergniol at cegedim.fr (Romain Vergniol) Subject: Outlook Express 6.0 : link destination obfuscation >or http://www.myBank.com+aWholeLottaJunk@...site.com This example does not work anymore due to the recent desactivation of this syntax by Microsoft (for http:// only, it still works for ftp://). Romain >Romain Vergniol wrote: > Hello FD readers, > > did anyone already noticed that on Outlook Express 6.0, when a link is > longer than 512 bytes, the destination is not displayed at all in the > status bar ? > > Tested on Outlook Express 6.0 on WinXP Pro SP2 FR, does not work on > Outlook > 2003 Win XP SP2 FR. > > Ex : > <a href="http://www.exemple.com/+(500 random chars)">www.bank.com</a> > > It could be used in phishing attacks for exemple to hide real link > destination. > Could it be considered as a security issue ? > > Kind regards, > Romain Vergniol >
Powered by blists - more mailing lists