lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jan 4 12:44:17 2006 From: tewner at jct.ac.il (Michael Tewner) Subject: Outlook Express 6.0 : link destination obfuscation or http://www.myBank.com+aWholeLottaJunk@...site.com Romain Vergniol wrote: > Hello FD readers, > > did anyone already noticed that on Outlook Express 6.0, when a link is > longer than 512 bytes, the destination is not displayed at all in the > status bar ? > > Tested on Outlook Express 6.0 on WinXP Pro SP2 FR, does not work on Outlook > 2003 Win XP SP2 FR. > > Ex : > <a href="http://www.exemple.com/+(500 random chars)">www.bank.com</a> > > It could be used in phishing attacks for exemple to hide real link > destination. > Could it be considered as a security issue ? > > Kind regards, > Romain Vergniol > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists