lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Wed Jan  4 12:22:06 2006
From: romain.vergniol at cegedim.fr (Romain Vergniol)
Subject: Outlook Express 6.0 : link destination obfuscation

Hello FD readers,

did anyone already noticed that on Outlook Express 6.0, when a link is
longer than 512 bytes, the destination is not displayed at all in the
status bar ?

Tested on Outlook Express 6.0 on WinXP Pro SP2 FR, does not work on Outlook
2003 Win XP SP2 FR.

Ex :
<a href="http://www.exemple.com/+(500 random chars)">www.bank.com</a>

It could be used in phishing attacks for exemple to hide real link 
destination.
Could it be considered as a security issue ?

Kind regards,
Romain Vergniol

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux